[Plugin: Sidebar Login] problems using FORCE_SSL_ADMIN and FORCE_SSL_LOGIN

  • Resolved Bryan

    (@bryanmaupin)


    13 years, 2 months ago

    There’s a problem with the latest version of the sidebar login plugin (2.2.14) where if you have either FORCE_SSL_ADMIN or FORCE_SSL_LOGIN (http://codex.wordpress.org/Administration_Over_SSL) set to true, when logging in using the sidebar login plugin you’ll be forced to log in twice.

    Without going into details (unless someone’s interested), here’s a patch that can be applied to the 2.2.14 version of sidebar-login.php to fix the problem:

    *** sidebar-login.php	2010-09-05 17:37:30.000000000 -0500
--- sidebar-login.php.fix	2011-02-23 10:51:06.000000000 -0600
***************
*** 239,254 ****
  					echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";

  			}

  			// login form		

! 			echo '<form method="post" action="'.wp_sidebarlogin_current_url().'">';

  			?>

  			<p><label for="user_login"><?php echo $theusername; ?></label><br/><input name="log" value="<?php if (isset($_POST['log'])) echo esc_attr(stripslashes($_POST['log'])); ?>" class="mid" id="user_login" type="text" /></p>

  			<p><label for="user_pass"><?php echo $thepassword; ?></label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>			

  			<?php

  			// OpenID Plugin (http://wordpress.org/extend/plugins/openid/) Integration

  			if (function_exists('openid_wp_login_form')) {

- 			

- 				echo '<input type="hidden" name="redirect_to" value="'.wp_sidebarlogin_current_url().'" />';

  				//openid_wp_login_form();

  				echo '<hr id="openid_split" />';

--- 239,258 ----
  					echo '<p class="message">' . apply_filters('login_messages', $messages) . "</p>\n";

  			}

  			// login form		

! 			$sidebarlogin_post_url = wp_sidebarlogin_current_url();

! 			if (force_ssl_login() || force_ssl_admin()) {

! 				$sidebarlogin_post_url = str_replace('http://', 'https://', $sidebarlogin_post_url);

! 			}

! 			echo '<form method="post" action="'.$sidebarlogin_post_url.'">';

  			?>

  			<p><label for="user_login"><?php echo $theusername; ?></label><br/><input name="log" value="<?php if (isset($_POST['log'])) echo esc_attr(stripslashes($_POST['log'])); ?>" class="mid" id="user_login" type="text" /></p>

  			<p><label for="user_pass"><?php echo $thepassword; ?></label><br/><input name="pwd" class="mid" id="user_pass" type="password" /></p>			

  			<?php

+ 			echo '<input type="hidden" name="redirect_to" value="'.wp_sidebarlogin_current_url().'" />';

+ 			

  			// OpenID Plugin (http://wordpress.org/extend/plugins/openid/) Integration

  			if (function_exists('openid_wp_login_form')) {

  				//openid_wp_login_form();

  				echo '<hr id="openid_split" />';

***************
*** 370,375 ****
--- 374,380 ----

  		$redir = trim(stripslashes(get_option('sidebarlogin_login_redirect')));

  		if ($redir && !empty($redir)) $redirect_to = $redir;

+ 		elseif (isset($_REQUEST['redirect_to'])) $redirect_to = $_REQUEST['redirect_to'];

  		else $redirect_to = wp_sidebarlogin_current_url('nologout');

  		// If the user wants ssl but the session is not ssl, force a secure cookie.

***************
*** 497,506 ****
  		}	

  	}

- 	if ( force_ssl_login() || force_ssl_admin() ) {

- 	    $pageURL = str_replace( 'http://', 'https://', $pageURL );

- 	}

- 	

  	return $pageURL;

  }

  endif;

--- 502,507 ----

    (created using diff -c sidebar-login.php sidebar-login.php.fix)

  • The topic ‘[Plugin: Sidebar Login] problems using FORCE_SSL_ADMIN and FORCE_SSL_LOGIN’ is closed to new replies.