Using NADI with a login page other than /wp-admin/

Resolved mikeboltonca
(@mikeboltonca)

8 years, 3 months ago

Hi there,

Thanks for the amazing work on this plugin.

Pre-sales question:
I’ve just confirmed through testing and reading these support topics that NADI doesn’t work if the login page has been renamed.

Is there any recourse to this?
It seems strange for an inherently security-related plugin like NADI to be incompatible with a fundamental security strategy like renaming the login page.

Is the information in the API>Authentication documentation applicable to this problem?

This might call for a feature request: Add a field that says:
“If you have renamed your login page, type the name here:”

Let me know if I’m missing something. If we can resolve this, we can look at deploying this at our company and paying for a support contract.

Thanks for your insight!

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter mikeboltonca
(@mikeboltonca)

8 years, 2 months ago

To anyone that runs into the same issue, I was able to partially* resolve it by creating a one-line plugin with the following line:
add_filter('next_ad_int_auth_enable_login_check', '__return_true');
(Note, it will not work in your theme’s functions.php due to order of operations)

In plugins/next-active-directory-integration/classes/Adi/init.php, there is a function that tests whether we’re on the login page or not. The filter forces that function to return true.

*This solution solves the problem it is intended to, but it also causes the “Active Directory Integration” button to disappear from the admin dashboard menu.

It would be great if a NADI representative could chime in on whether this solution is likely to cause any other side effects or compromise security at all.
Thread Starter mikeboltonca
(@mikeboltonca)

8 years, 2 months ago
This updated plugin code allows NADI to work with a renamed wp-login.php and does not prevent the “Active Directory Integration” button from appearing on the admin dashboard.
```
function next_ad_int_auth_enable_on_access() {
	
		$page = $_SERVER['PHP_SELF'];
		$isOnAccess = strpos($page, 'index.php') !== false;
		if ($isOnAccess) {
			$r = true;
		}
		return $r;
}

add_filter('next_ad_int_auth_enable_login_check', 'next_ad_int_auth_enable_on_access');
```
Your site may not be using “index.php”. You can find out the name of the login page by adding echo $page; and reloading the login page. Once you see the name, remove echo $page;.
Thread Starter mikeboltonca
(@mikeboltonca)

8 years, 1 month ago
Updating this thread with a more refined plugin.
The previous version was forcing the “Active Directory Integration” menu item to disappear from the admin dashboard home page. The following code checks if the user is on index.php, makes sure they’re not on /wp-admin/index.php, then proceeds with forcing NADI to allow the login.
```
function next_ad_int_auth_enable_on_renamed_login() {
	
		$page = $_SERVER['PHP_SELF'];							//Find out what page we're on
		$isOnIndex = strpos($page, 'index.php') !== false;		//Find out if that page is index.php
		$isOnAdmin = strpos($page, 'wp-admin') !== false;		//Find out if that page is inside /wp-admin/
		
		if ($isOnIndex) {										//If we're on index.php, we could be on the login page or admin dashboard home page
			if ($isOnAdmin) {										//If we're in the admin dashboard home page, don't take any action
				//Do nothing
			} else {												//If we're on the login page...
				$r = true;											//Force NADI to recognize the page as the valid login page and allow users to log in
			}
		}
		return $r;												//Send the result back to NADI
}
add_filter('next_ad_int_auth_enable_login_check', 'next_ad_int_auth_enable_on_renamed_login');
```

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Using NADI with a login page other than /wp-admin/’ is closed to new replies.

Tags