我创建了一个WordPress插件"密码保护插件"它允许用户对整个WordPress网站进行密码保护,并根据输入的密码将其重定向到特定的URL。然而,我面临的问题是,在用户输入正确的密码后,插件陷入重定向循环,并被重定向到目标页面。该循环似乎是由于插件在用户访问目标页面时反复将用户重定向到目标页面造成的。
我尝试了对代码的一些修改,包括更改重定向逻辑,添加cookie和缓存检查,以及使用不同的钩子,但问题仍然存在。
谁能帮助我确定是什么原因导致重定向循环,并提供指导如何修复它?
<?php
$passwords = array(
'password-a' => 'https://example.com/a',
'password-b' => 'https://example.com/b',
);
function password_protect_init() {
global $passwords;
if (is_admin() || is_user_logged_in()) {
// If the user is logged in to the WordPress dashboard or logged in as a user, don't redirect
return;
}
$current_url = (is_ssl() ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
if (isset($_POST['my_website_password'])) {
$password = $_POST['my_website_password'];
if (array_key_exists($password, $passwords)) {
setcookie('my_website_password', $password, time() + 86400, '/');
wp_safe_redirect($passwords[$password]);
exit;
}
}
if (isset($_COOKIE['my_website_password']) && array_key_exists($_COOKIE['my_website_password'], $passwords)) {
$redirect_url = $passwords[$_COOKIE['my_website_password']];
if ($redirect_url != $current_url && !is_page('password-protect')) {
wp_safe_redirect($redirect_url);
exit;
}
} elseif (!is_page('password-protect')) {
wp_safe_redirect(site_url('password-protect'));
exit;
}
}
add_action('wp', 'password_protect_init', 10);
function password_protect_template_redirect() {
if (is_page('password-protect')) {
// If the user is on the password form page, display the form
?>
<html>
<head>
<title>Password Protected</title>
</head>
<body>
<form method="post">
<label for="my_website_password">Password:</label>
<input type="password" id="my_website_password" name="my_website_password">
<input type="submit" value="Submit">
</form>
</body>
</html>
<?php
exit;
}
}
add_action('template_redirect', 'password_protect_template_redirect');
function password_protect_login_redirect($redirect_to) {
if (!isset($_GET['redirect_to']) || $_GET['redirect_to'] == 'wp-admin/') {
$redirect_to = site_url('password-protect');
}
return $redirect_to;
}
add_filter('login_redirect', 'password_protect_login_redirect');
Thanks in advance:).
问候,诺尔
我可以解决这个问题,如果有人对解决方案感兴趣的话:):
(将钩子从'wp'更改为'parse_request'以处理密码保护)将表单提交处理与密码保护功能分离。在密码保护页面上增加了防止规范重定向的功能
<?php
$passwords = array(
'de' => 'https://lorenzgiordano.ch/de',
'se' => 'https://lorenzgiordano.ch/se',
);
function password_protect_parse_request($wp) {
global $passwords;
if (is_admin() || is_user_logged_in()) {
// If the user is logged in to the WordPress dashboard or logged in as a user, don't redirect
return;
}
$current_url = (is_ssl() ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$current_url_no_slash = rtrim($current_url, '/');
$password_protect_page = site_url('password-protect');
if (isset($_COOKIE['my_website_password']) && array_key_exists($_COOKIE['my_website_password'], $passwords)) {
$redirect_url = $passwords[$_COOKIE['my_website_password']];
if ($redirect_url != $current_url && $current_url != $password_protect_page && $redirect_url != $current_url_no_slash) {
wp_safe_redirect($redirect_url);
exit;
}
} elseif ($current_url != $password_protect_page) {
wp_safe_redirect($password_protect_page);
exit;
}
}
add_action('parse_request', 'password_protect_parse_request', 10);
function password_protect_handle_form_submission() {
global $passwords;
if (isset($_POST['my_website_password'])) {
$password = $_POST['my_website_password'];
if (array_key_exists($password, $passwords)) {
setcookie('my_website_password', $password, time() + 86400, '/');
wp_safe_redirect($passwords[$password]);
exit;
}
}
}
add_action('init', 'password_protect_handle_form_submission', 9);
function password_protect_template_redirect() {
if (is_page('password-protect')) {
// If the user is on the password form page, display the form
?>
<html>
<head>
<title>Password Protected</title>
</head>
<body>
<form method="post">
<label for="my_website_password">Password:</label>
<input type="password" id="my_website_password" name="my_website_password">
<input type="submit" value="Submit">
</form>
</body>
</html>
<?php
exit;
}
}
add_action('template_redirect', 'password_protect_template_redirect');
function password_protect_login_redirect($redirect_to) {
if (!isset($_GET['redirect_to']) || $_GET['redirect_to'] == 'wp-admin/') {
$redirect_to = site_url('password-protect');
}
return $redirect_to;
}
add_filter('login_redirect', 'password_protect_login_redirect');
function password_protect_prevent_canonical_redirect() {
if (is_page('password-protect')) {
remove_action('template_redirect', 'redirect_canonical');
}
}
add_action('template_redirect', 'password_protect_prevent_canonical_redirect', 8);