Support » Plugin: iThemes Security (formerly Better WP Security) » 302 Redirect loop for locked users (with solution code)

  • When a user is locked out, i get a 302 redirect loop to the frontpage.

    I have isolated the problem to be in class-itsec-lockout.php in the execute_lock method.

    This code assumes that the wp_get_current_user function does not return an object for a logged out user. But it does! It is just an empty user-object with ID = 0

    $current_user = wp_get_current_user();
    
    if ( is_object( $current_user ) && isset( $current_user->ID )) {
    	wp_logout();
    }

    Proposed solution (The code is almost directly taken from the example on wp_get_current_user documentation page:

    $current_user = wp_get_current_user();
    
    if ( $current_user->ID !== 0) {
    	wp_logout();
    }
    • This topic was modified 1 year, 9 months ago by  dalgaard.
    • This topic was modified 1 year, 9 months ago by  dalgaard.
Viewing 2 replies - 1 through 2 (of 2 total)
  • @dalgaard

    Yup. Though the codex wp_get_current_user() page includes the following note:

    IMPORTANT NOTE: This is for demonstration purposes ONLY. The correct way to determine whether a user is logged in is to use the function is_user_logged_in().

    So simply use:

    if ( is_user_logged_in() )
    	wp_logout();

    Where the original code of the is_user_logged_in() function is:

    $user = wp_get_current_user();
     
    return $user->exists();

    Do note is_user_logged_in() is a pluggable function.

    Any chance that the developers will include this fix?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘302 Redirect loop for locked users (with solution code)’ is closed to new replies.