BuddyDev

Search

[Resolved] Restrict Site Access

Tagged: 

  • Participant
    Level: Enlightened
    Posts: 38
    Javier on #4155

    Hello,

    I was wondering what would be the best and safest way to create a wordpress/buddypress intranet. What I have done so far is checking if user is not logged and then redirect (to wp login url or to a custom login page:

    ‘if ( is_user_logged_in() ) {
    return false;
    }

    //refirect to wp-login or custom login page’

    I guess most restricted wordpress sites rely on something similar, but I don’t now if this is the best and safest way.
    Also, the above doesn’t stop anyone accessing an image url, for example.

    I would love to know your thoughts.

    Regards
    Javier

  • Keymaster
    (BuddyDev Team)
    Posts: 24706
    Brajesh Singh on #4156

    Hi Javier,
    You are doing it correctly if you are using the conditional redirect to redirect users. That is the standard way in WordPress community.

    About the individual media url, though you can restrict it using .htaccess etc, It is not recommended. It is not scalable solution and even facebook does not restrict it. Try copying a private media url and then opening it directly in another browser from facebook. So, that is standard industry practice at the moment.

    Hope that helps.

    Regards
    Brajesh

  • Participant
    Level: Enlightened
    Posts: 38
    Javier on #4160

    Thank you, Brajesh.

    I remember doing that Facebook check while ago: I should have had that in mind.

    One weird thing is happening now: if I set BuddyPress site-wide activity page as the frontpage, it bypasses the restriction and anyone can see… This works except for activity archives:

    function restrict_site() {

    if ( is_user_logged_in() ) {
    return false;
    }

    if ( function_exists( ‘bp_is_active’ ) ) {
    if ( bp_is_activation_page() || bp_is_register_page() ) {
    return false;
    }
    }

    $redirect_page = wp_login_url();

    //Custom redirect page
    $custom_redirect_page = get_page_by_title( ‘Login’ );

    if ( !empty( $custom_redirect_page ) ) {

    if (get_permalink( $custom_redirect_page )) {

    $redirect_page = get_permalink($custom_redirect_page);

    // If we are actually on the redirect page – abandon
    if ( is_page( $custom_redirect_page ) ) {
    return false;
    }
    }
    }

    wp_redirect( $redirect_page );
    exit;

    }
    add_action( ‘template_redirect’, ‘restrict_site’ );

    I think I’m missing something

  • Keymaster
    Level: Yogi
    (BuddyDev Team)
    Posts: 3115
    Ravi on #4161

    Hi Javier,

    Brajesh Sir is away so I am posting here. I have tried your code in bp-custom.php as well as current theme functions.php file and it is working for me. I have checked for SiteWide Activity case also. Try with some high priority

    replace the line

    
    
    add_action( ‘template_redirect’, ‘restrict_site’ );
    
    

    with

    
    
    add_action( ‘template_redirect’, ‘restrict_site’, 0 );
    
    

    and let me know if it works or not.

    Thank You
    Ravi

    • This reply was modified 8 years, 6 months ago by Ravi.
  • Participant
    Level: Enlightened
    Posts: 38
    Javier on #4163

    That’s it! Thanks, Ravi.

    I put the code in a plugin, so site is restricted no matter what theme is active.
    I also have my BuddyPress hooks in that plugin, but I guess it would be better to place those in bp-custom.php.

    Regards
    Javier

  • Keymaster
    Level: Yogi
    (BuddyDev Team)
    Posts: 3115
    Ravi on #4164

    Hi Javier,

    Thank You the acknowledgement. Yes, it will could to have it in bp-custom.php file then We do not need to worry which theme is active.

    Thank You,
    Ravi

You must be logged in to reply to this topic.

This topic is: resolved