auth_redirect()

Checks if a user is logged in, if not it redirects them to the login page.

Contents

Description Description

Source Source

File: wp-includes/pluggable.php 

	function auth_redirect() {
		// Checks if a user is logged in, if not redirects them to the login page

		$secure = ( is_ssl() || force_ssl_admin() );

		/**
		 * Filters whether to use a secure authentication redirect.
		 *
		 * @since 3.1.0
		 *
		 * @param bool $secure Whether to use a secure authentication redirect. Default false.
		 */
		$secure = apply_filters( 'secure_auth_redirect', $secure );

		// If https is required and request is http, redirect
		if ( $secure && ! is_ssl() && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
			if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
				wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
				exit();
			} else {
				wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
				exit();
			}
		}

		/**
		 * Filters the authentication redirect scheme.
		 *
		 * @since 2.9.0
		 *
		 * @param string $scheme Authentication redirect scheme. Default empty.
		 */
		$scheme = apply_filters( 'auth_redirect_scheme', '' );

		if ( $user_id = wp_validate_auth_cookie( '', $scheme ) ) {
			/**
			 * Fires before the authentication redirect.
			 *
			 * @since 2.8.0
			 *
			 * @param int $user_id User ID.
			 */
			do_action( 'auth_redirect', $user_id );

			// If the user wants ssl but the session is not ssl, redirect.
			if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
				if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
					wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
					exit();
				} else {
					wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
					exit();
				}
			}

			return;  // The cookie is good so we're done
		}

		// The cookie is no good so force login
		nocache_headers();

		$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );

		$login_url = wp_login_url( $redirect, true );

		wp_redirect( $login_url );
		exit();
	}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
1.5.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/pluggable.php: wp_redirect()

Redirects to another page.
wp-includes/pluggable.php: secure_auth_redirect

Filters whether to use a secure authentication redirect.
wp-includes/pluggable.php: auth_redirect_scheme

Filters the authentication redirect scheme.
wp-includes/pluggable.php: auth_redirect

Fires before the authentication redirect.
wp-includes/pluggable.php: wp_validate_auth_cookie()

Validates authentication cookie.
wp-includes/general-template.php: wp_login_url()

Retrieves the login URL.
wp-includes/load.php: is_ssl()

Determines if SSL is used.
wp-includes/functions.php: force_ssl_admin()

Whether to force SSL used for the Administration Screens.
wp-includes/functions.php: wp_get_referer()

Retrieve referer from ‘_wp_http_referer’ or HTTP referer.
wp-includes/functions.php: nocache_headers()

Set the headers to prevent caching for the different browsers.
wp-includes/link-template.php: set_url_scheme()

Sets the scheme for a URL.
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.
wp-includes/plugin.php: do_action()

Execute functions hooked on a specific action hook.
wp-includes/user.php: get_user_option()

Retrieve user option that can be either per Site or per Network.
Show 9 more uses Hide more uses

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.