Support » Plugin: Theme My Login » admin-post.php

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Jeff Farthing

    (@jfarthing84)

    Are you using our Profiles extension?

    Hi Jeff,
    I purchased the new extensions, but the porting to the new TML plugin will be done in the next months by our staff.
    Currently, we use the 6.4.17 version.
    The problem is that if I restrict a specific role form seeing the admin area the plugins blocks every call to admin-post.php.
    Is there a way of allowing it thus restricting the full admin area to the role?

    Thanks for your time.
    Simone

    Plugin Author Jeff Farthing

    (@jfarthing84)

    It should already allow AJAX calls because it checks the DOING_AJAX constant before redirecting. Which 6.4 version do you have installed?

    Hi,
    the exact version is 6.4.17.
    Yes it allows ajax calls, but it should allow post calls to admin-post.php too as in WP is possible to define calls for logged and not logged users

    eg.

    add_action( 'admin_post_add_foobar', 'prefix_admin_add_foobar' );
    //this next action version allows users not logged in to submit requests
    //if you want to have both logged in and not logged in users submitting, you have to add both actions!
    add_action( 'admin_post_nopriv_add_foobar', 'prefix_admin_add_foobar' );
    Plugin Author Jeff Farthing

    (@jfarthing84)

    Sorry, I was mixing up admin-ajax.php and admin-post.php. You can probably override the restirct_admin option before it’s checked when viewing admin-post.php. This is untested but should probably work:

    
    function allow_access_to_admin_post( $theme_my_login ) {
    	global $pagenow;
    
    	if ( 'admin-post.php' != $pagenow ) {
    		return;
    	}
    
    	if ( class_exists( 'Theme_My_Login_Themed_Profiles' ) ) {
    		$user = wp_get_current_user();
    		$user_role = reset( $user->roles );
    		if ( is_multisite() && empty( $user_role ) ) {
    			$user_role = 'subscriber';
    		}
    		$profiles = Theme_My_Login_Themed_Profiles::get_object();
    		$profiles->set_option( array( $user_role, 'restrict_admin' ), false );
    	}
    }
    add_action( 'tml_modules_loaded', 'allow_access_to_admin_post' );
    
    smadonnatore

    (@smadonnatore)

    Hi Jeff,
    I’m afraid this doesn’t work.
    Even the action is not fired while visiting an admin page.
    I checked the code and it seems that the section where the user is redirected is this one:

    public function init() {
    		global $current_user, $pagenow;
    
            if ( is_user_logged_in() && is_admin() ) {
    			$redirect_to = Theme_My_Login::get_page_link( 'profile' );
    
    			$user_role = reset( $current_user->roles );
    			if ( is_multisite() && empty( $user_role ) )
    				$user_role = 'subscriber';
    
    			if ( 'profile.php' == $pagenow && ! isset( $_REQUEST['page'] ) ) {
    				if ( $this->get_option( array( $user_role, 'theme_profile' ) ) ) {
    					if ( ! empty( $_GET ) )
    						$redirect_to = add_query_arg( (array) $_GET, $redirect_to );
    					wp_redirect( $redirect_to );
    					exit;
    				}
    			} else {
    				if ( $this->get_option( array( $user_role, 'restrict_admin' ) ) ) {
    					if ( ! defined( 'DOING_AJAX' ) ) {
    						wp_redirect( $redirect_to );
    						exit;
    					}
    				}
    			}
            }
    	}

    Maybe this happens before triggering the tml_modules_loaded action ?
    Jeff,
    I think you should push an update for this as this is actually a bug, because WP allows calls to admin-post.php for not logged users.

    Plugin Author Jeff Farthing

    (@jfarthing84)

    Be sure that you used the updated code, I did change it a few times. And no, the tml_modules_loaded action is fired on plugins_loaded, which happens before init.

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.