Support » Plugin: Force Login » Bypass dynamic activation URL

  • Resolved vasuthakur

    (@vasuthakur)


    Hello I am using force login and User Verification plugin on my wordpress installation.

    Verification plugin is used to send verification link on email to website user, I am not able to bypass dynamic activation URL

    My activation URL is https://yourdomain.com/register/?activation_key=06876edad013e0b9035b87c0d3938176&user_verification_action=email_verification&_wpnonce=e3cc58a986

    Below is the bypass code i am using, now every time user click on the activation link it redirect them to login page kindly help me with the existing bypass code.

    /**
     * Bypass Force Login to allow for exceptions.
     *
     * @param bool $bypass Whether to disable Force Login. Default false.
     * @param string $visited_url The visited URL.
     * @return bool
     */
    function my_forcelogin_bypass( $bypass, $visited_url ) {
      // Allow all single posts
      if ( is_single() ) {
        $bypass = true;
      }
    
      // Allow these absolute URLs
      $allowed = array(
        home_url( '/register/' ),
        home_url( '/register/?activation_key=' ),
        home_url( '/lostpassword/' ),
      );
     
      
      if ( ! $bypass ) {
        $bypass = in_array( $visited_url, $allowed );
      }
    
      return $bypass;
    }
    add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass', 10, 2 );
    /****remove wordpress bar for user****/
    add_action('after_setup_theme', 'remove_admin_bar');
    function remove_admin_bar() {
    if (!current_user_can('administrator') && !is_admin()) {
      show_admin_bar(false);
    }
    }
Viewing 1 replies (of 1 total)
  • Plugin Author Kevin Vess

    (@kevinvess)

    Hi, thanks for using Force Login!

    I recommend you hire a web developer to help you customize this for your site.

    Also, I don’t recommend you copy the FAQ example code verbatim, unless you want to allow all single posts to be publicly accessible.

    This URL: home_url( '/register/?activation_key=' ) is absolute – meaning, Force Login will only bypass visits to that exact URL with the empty query string on the end.

    Checkout the Force Login Wiki on GitHub for additional examples of some different methods for allowing dynamic URLs.

    Lastly, if your custom register or lost-password pages are WordPress Pages – you could also try this (untested) code:

    /**
     * Bypass Force Login to allow for exceptions.
     *
     * @param bool $bypass Whether to disable Force Login. Default false.
     * @return bool
     */
    function my_forcelogin_bypass( $bypass ) {
      // Allow custom login screens
      if ( is_page('register') || is_page('lostpassword') ) {
        $bypass = true;
      }
      return $bypass;
    }
    add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass' );

    Good luck!

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.