我的WordPress插件中的重定向循环问题-我如何修复它?

dgtucam1  于 2023-04-05  发布在  WordPress
关注(0)|答案(1)|浏览(161)

我已经创建了一个名为“密码保护插件”的WordPress插件,使用户能够对整个WordPress网站进行密码保护,并根据输入的密码将其重定向到特定的URL.然而我正面临着一个问题,即插件在用户输入正确的密码并被重定向到目标页面后陷入重定向循环。该循环似乎是由插件在目标页面上重复将用户重定向到目标页面引起的。
我已经尝试了对代码的几个修改,包括更改重定向逻辑,添加cookie和缓存检查,以及使用不同的钩子,但问题仍然存在。
谁能帮我找出导致重定向循环的原因,并提供有关如何修复它的指导?

<?php

$passwords = array(
    'password-a' => 'https://example.com/a',
    'password-b' => 'https://example.com/b',
);

function password_protect_init() {
    global $passwords;

    if (is_admin() || is_user_logged_in()) {
        // If the user is logged in to the WordPress dashboard or logged in as a user, don't redirect
        return;
    }

    $current_url = (is_ssl() ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

    if (isset($_POST['my_website_password'])) {
        $password = $_POST['my_website_password'];
        if (array_key_exists($password, $passwords)) {
            setcookie('my_website_password', $password, time() + 86400, '/');
            wp_safe_redirect($passwords[$password]);
            exit;
        }
    }

    if (isset($_COOKIE['my_website_password']) && array_key_exists($_COOKIE['my_website_password'], $passwords)) {
        $redirect_url = $passwords[$_COOKIE['my_website_password']];

        if ($redirect_url != $current_url && !is_page('password-protect')) {
            wp_safe_redirect($redirect_url);
            exit;
        }
    } elseif (!is_page('password-protect')) {
        wp_safe_redirect(site_url('password-protect'));
        exit;
    }
}
add_action('wp', 'password_protect_init', 10);

function password_protect_template_redirect() {
    if (is_page('password-protect')) {
        // If the user is on the password form page, display the form
        ?>
        <html>
        <head>
            <title>Password Protected</title>
        </head>
        <body>
            <form method="post">
                <label for="my_website_password">Password:</label>
                <input type="password" id="my_website_password" name="my_website_password">
                <input type="submit" value="Submit">
            </form>
        </body>
        </html>
        <?php
        exit;
    }
}
add_action('template_redirect', 'password_protect_template_redirect');

function password_protect_login_redirect($redirect_to) {
    if (!isset($_GET['redirect_to']) || $_GET['redirect_to'] == 'wp-admin/') {
        $redirect_to = site_url('password-protect');
    }
    return $redirect_to;
}
add_filter('login_redirect', 'password_protect_login_redirect');

提前感谢:)。
问候你,诺埃尔

jyztefdp

jyztefdp1#

我可以解决这个问题,如果有人有兴趣的解决方案:):
(将处理密码保护的钩子从'wp'更改为'parse_request'。将表单提交处理与密码保护功能分离。添加了一个功能,以防止密码保护页面上的规范重定向。)

<?php
    
    $passwords = array(
        'de' => 'https://lorenzgiordano.ch/de',
        'se' => 'https://lorenzgiordano.ch/se',
    );
    
    function password_protect_parse_request($wp) {
        global $passwords;
    
        if (is_admin() || is_user_logged_in()) {
            // If the user is logged in to the WordPress dashboard or logged in as a user, don't redirect
            return;
        }
    
        $current_url = (is_ssl() ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
        $current_url_no_slash = rtrim($current_url, '/');
        $password_protect_page = site_url('password-protect');
    
        if (isset($_COOKIE['my_website_password']) && array_key_exists($_COOKIE['my_website_password'], $passwords)) {
            $redirect_url = $passwords[$_COOKIE['my_website_password']];
    
            if ($redirect_url != $current_url && $current_url != $password_protect_page && $redirect_url != $current_url_no_slash) {
                wp_safe_redirect($redirect_url);
                exit;
            }
        } elseif ($current_url != $password_protect_page) {
            wp_safe_redirect($password_protect_page);
            exit;
        }
    }
    add_action('parse_request', 'password_protect_parse_request', 10);
    
    function password_protect_handle_form_submission() {
        global $passwords;
    
        if (isset($_POST['my_website_password'])) {
            $password = $_POST['my_website_password'];
            if (array_key_exists($password, $passwords)) {
                setcookie('my_website_password', $password, time() + 86400, '/');
                wp_safe_redirect($passwords[$password]);
                exit;
            }
        }
    }
    add_action('init', 'password_protect_handle_form_submission', 9);
    
    function password_protect_template_redirect() {
        if (is_page('password-protect')) {
            // If the user is on the password form page, display the form
            ?>
            <html>
            <head>
                <title>Password Protected</title>
            </head>
            <body>
                <form method="post">
                    <label for="my_website_password">Password:</label>
                    <input type="password" id="my_website_password" name="my_website_password">
                    <input type="submit" value="Submit">
                </form>
            </body>
            </html>
            <?php
            exit;
        }
    }
    add_action('template_redirect', 'password_protect_template_redirect');
    
    function password_protect_login_redirect($redirect_to) {
        if (!isset($_GET['redirect_to']) || $_GET['redirect_to'] == 'wp-admin/') {
            $redirect_to = site_url('password-protect');
        }
        return $redirect_to;
    }
    add_filter('login_redirect', 'password_protect_login_redirect');
    
    function password_protect_prevent_canonical_redirect() {
        if (is_page('password-protect')) {
            remove_action('template_redirect', 'redirect_canonical');
        }
    }
    add_action('template_redirect', 'password_protect_prevent_canonical_redirect', 8);

相关问题