Support » Plugin: Force Login » Whitelist Password reset Link

  • Resolved bacherprepress

    (@bacherprepress)


    Hi

    I’m struggling to whitelist all URLs that are needed for Password reset

    I’ve put the code below in the function php of my child theme. It works but I guess i would need some kind of Wildcard to also cover links with autogenerated hashes for the Password reset. Like this one:

    https://bacher-trauerportal.bacher-digital.ch/mein-konto/passwort-vergessen/?key=zYkuIkvknn6uGqzge2Qm&id=2

    How can i set this up?

    /**
    * Filter Force Login to allow exceptions for specific URLs.
    *
    * @param array $whitelist An array of URLs. Must be absolute.
    * @return array
    */
    function my_forcelogin_whitelist( $whitelist ) {
    $whitelist[] = home_url( ‘/wp-admin/’ );
    $whitelist[] = home_url( ‘/mein-konto/passwort-vergessen/’ );
    return $whitelist;
    }
    add_filter( ‘v_forcelogin_whitelist’, ‘my_forcelogin_whitelist’ );

    kind regards
    Christoph

Viewing 5 replies - 1 through 5 (of 5 total)
  • I am having this same problem. I used the code in your FAQ but it’s not working.
    I think maybe it’s something with the redirect function?

    When you click on the forgot password link on my site it shows this in the URL bar:
    https://team.evermark-lnl.com/login/?redirect_to=https%3A%2F%2Fteam.evermark-lnl.com%2Flostpassword%2F

    BUT whitelisting /lostpassword/ does not work…

    Plugin Author Kevin Vess

    (@kevinvess)

    Hi– thanks for using Force Login!

    I recommend you use the v_forcelogin_bypass filter instead. For example:

    /**
     * Bypass Force Login to allow for exceptions.
     *
     * @param bool $bypass Whether to disable Force Login. Default false.
     * @return bool
     */
    function my_forcelogin_bypass( $bypass ) {
      if ( is_page('passwort-vergessen') ) {
        $bypass = true;
      }
      return $bypass;
    }
    add_filter( 'v_forcelogin_bypass', 'my_forcelogin_bypass' );

    Additional References
    https://developer.wordpress.org/reference/functions/is_page/

    Hi Kevin

    Thank you for your suggestion.

    I have tested your code snippet with the «bypass»-filter. I’m afraid it didn’t work for me. The «whitelist»-filter atleast allowed me to get to the password-reset page. But with your new code i’m still getting redirected to the login page so it seems to fail.

    Also how would this different Approach help with my initial problem? I need to Whitelist URLs where part of the URL is dynamic. Was your Code supposed to let all URLs containing «passwort-vergessen» through?

    kind Regards
    Christoph

    OK i noticed the link to your github entrys in the FAQ about this and one of the examples there worked for me!

    https://github.com/kevinvess/wp-force-login/wiki/Whitelist-Dynamic-URLs

    sorry to bother you.

    Plugin Author Kevin Vess

    (@kevinvess)

    @bacherprepress

    Great, I’m glad you got it working!

    To answer your earlier question: the bypass example I sent should have allowed the page with a slug of 'passwort-vergessen' to be publicly accessible (regardless of query string). Maybe I had the slug wrong? You could also pass the page ID instead. For example: is_page(1234).

    Be sure to rate and review my plugin to let others know how you like it.

    Thanks for using Force Login!

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.