Title: admin-post.php Last modified: March 4, 2019 --- # admin-post.php * Resolved [smadonnatore](https://wordpress.org/support/users/smadonnatore/) * (@smadonnatore) * [7 years, 1 month ago](https://wordpress.org/support/topic/admin-post-php-2/) * Hi, is there a way of restricting wp-admin BUT allowing requests to /wp-admin/ admin-post.php? * Thanks Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/) * (@jfarthing84) * [7 years, 1 month ago](https://wordpress.org/support/topic/admin-post-php-2/#post-11290628) * Are you using our Profiles extension? * Thread Starter [smadonnatore](https://wordpress.org/support/users/smadonnatore/) * (@smadonnatore) * [7 years ago](https://wordpress.org/support/topic/admin-post-php-2/#post-11298153) * Hi Jeff, I purchased the new extensions, but the porting to the new TML plugin will be done in the next months by our staff. Currently, we use the 6.4.17 version. The problem is that if I restrict a specific role form seeing the admin area the plugins blocks every call to admin-post.php. Is there a way of allowing it thus restricting the full admin area to the role? * Thanks for your time. Simone * Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/) * (@jfarthing84) * [7 years ago](https://wordpress.org/support/topic/admin-post-php-2/#post-11303947) * It should already allow AJAX calls because it checks the `DOING_AJAX` constant before redirecting. Which 6.4 version do you have installed? * Thread Starter [smadonnatore](https://wordpress.org/support/users/smadonnatore/) * (@smadonnatore) * [7 years ago](https://wordpress.org/support/topic/admin-post-php-2/#post-11307433) * Hi, the exact version is 6.4.17. Yes it allows ajax calls, but it should allow post calls to admin-post.php too as in WP is possible to define calls for logged and not logged users * eg. * ``` add_action( 'admin_post_add_foobar', 'prefix_admin_add_foobar' ); //this next action version allows users not logged in to submit requests //if you want to have both logged in and not logged in users submitting, you have to add both actions! add_action( 'admin_post_nopriv_add_foobar', 'prefix_admin_add_foobar' ); ``` * Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/) * (@jfarthing84) * [7 years ago](https://wordpress.org/support/topic/admin-post-php-2/#post-11310133) * Sorry, I was mixing up `admin-ajax.php` and `admin-post.php`. You can probably override the `restirct_admin` option before it’s checked when viewing `admin- post.php`. This is untested but should probably work: * ``` function allow_access_to_admin_post( $theme_my_login ) { global $pagenow; if ( 'admin-post.php' != $pagenow ) { return; } if ( class_exists( 'Theme_My_Login_Themed_Profiles' ) ) { $user = wp_get_current_user(); $user_role = reset( $user->roles ); if ( is_multisite() && empty( $user_role ) ) { $user_role = 'subscriber'; } $profiles = Theme_My_Login_Themed_Profiles::get_object(); $profiles->set_option( array( $user_role, 'restrict_admin' ), false ); } } add_action( 'tml_modules_loaded', 'allow_access_to_admin_post' ); ``` - This reply was modified 7 years ago by [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/). * Thread Starter [smadonnatore](https://wordpress.org/support/users/smadonnatore/) * (@smadonnatore) * [7 years ago](https://wordpress.org/support/topic/admin-post-php-2/#post-11317674) * Hi Jeff, I’m afraid this doesn’t work. Even the action is not fired while visiting an admin page. I checked the code and it seems that the section where the user is redirected is this one: * ``` public function init() { global $current_user, $pagenow; if ( is_user_logged_in() && is_admin() ) { $redirect_to = Theme_My_Login::get_page_link( 'profile' ); $user_role = reset( $current_user->roles ); if ( is_multisite() && empty( $user_role ) ) $user_role = 'subscriber'; if ( 'profile.php' == $pagenow && ! isset( $_REQUEST['page'] ) ) { if ( $this->get_option( array( $user_role, 'theme_profile' ) ) ) { if ( ! empty( $_GET ) ) $redirect_to = add_query_arg( (array) $_GET, $redirect_to ); wp_redirect( $redirect_to ); exit; } } else { if ( $this->get_option( array( $user_role, 'restrict_admin' ) ) ) { if ( ! defined( 'DOING_AJAX' ) ) { wp_redirect( $redirect_to ); exit; } } } } } ``` * Maybe this happens before triggering the `tml_modules_loaded` action ? Jeff, I think you should push an update for this as this is actually a bug, because WP allows calls to admin-post.php for not logged users. * Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/) * (@jfarthing84) * [7 years ago](https://wordpress.org/support/topic/admin-post-php-2/#post-11326038) * Be sure that you used the updated code, I did change it a few times. And no, the `tml_modules_loaded` action is fired on `plugins_loaded`, which happens before` init`. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘admin-post.php’ is closed to new replies. * ![](https://ps.w.org/theme-my-login/assets/icon-256x256.png?rev=1891232) * [Theme My Login](https://wordpress.org/plugins/theme-my-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/theme-my-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/theme-my-login/) * [Active Topics](https://wordpress.org/support/plugin/theme-my-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/theme-my-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/theme-my-login/reviews/) * 7 replies * 2 participants * Last reply from: [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/) * Last activity: [7 years ago](https://wordpress.org/support/topic/admin-post-php-2/#post-11326038) * Status: resolved