auth_redirect()

Checks if a user is logged in, if not it redirects them to the login page.

Contents

Description Description

When this code is called from a page, it checks to see if the user viewing the page is logged in. If the user is not logged in, they are redirected to the login page. The user is redirected in such a way that, upon logging in, they will be sent directly to the page they were originally trying to access.

Source Source

File: wp-includes/pluggable.php 

	function auth_redirect() {
		// Checks if a user is logged in, if not redirects them to the login page

		$secure = ( is_ssl() || force_ssl_admin() );

		/**
		 * Filters whether to use a secure authentication redirect.
		 *
		 * @since 3.1.0
		 *
		 * @param bool $secure Whether to use a secure authentication redirect. Default false.
		 */
		$secure = apply_filters( 'secure_auth_redirect', $secure );

		// If https is required and request is http, redirect
		if ( $secure && ! is_ssl() && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
			if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
				wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
				exit();
			} else {
				wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
				exit();
			}
		}

		/**
		 * Filters the authentication redirect scheme.
		 *
		 * @since 2.9.0
		 *
		 * @param string $scheme Authentication redirect scheme. Default empty.
		 */
		$scheme = apply_filters( 'auth_redirect_scheme', '' );

		$user_id = wp_validate_auth_cookie( '', $scheme );
		if ( $user_id ) {
			/**
			 * Fires before the authentication redirect.
			 *
			 * @since 2.8.0
			 *
			 * @param int $user_id User ID.
			 */
			do_action( 'auth_redirect', $user_id );

			// If the user wants ssl but the session is not ssl, redirect.
			if ( ! $secure && get_user_option( 'use_ssl', $user_id ) && false !== strpos( $_SERVER['REQUEST_URI'], 'wp-admin' ) ) {
				if ( 0 === strpos( $_SERVER['REQUEST_URI'], 'http' ) ) {
					wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
					exit();
				} else {
					wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
					exit();
				}
			}

			return;  // The cookie is good so we're done
		}

		// The cookie is no good so force login
		nocache_headers();

		$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );

		$login_url = wp_login_url( $redirect, true );

		wp_redirect( $login_url );
		exit();
	}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
1.5.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/pluggable.php: wp_redirect()

Redirects to another page.
wp-includes/pluggable.php: secure_auth_redirect

Filters whether to use a secure authentication redirect.
wp-includes/pluggable.php: auth_redirect_scheme

Filters the authentication redirect scheme.
wp-includes/pluggable.php: auth_redirect

Fires before the authentication redirect.
wp-includes/pluggable.php: wp_validate_auth_cookie()

Validates authentication cookie.
wp-includes/general-template.php: wp_login_url()

Retrieves the login URL.
wp-includes/load.php: is_ssl()

Determines if SSL is used.
wp-includes/functions.php: force_ssl_admin()

Whether to force SSL used for the Administration Screens.
wp-includes/functions.php: wp_get_referer()

Retrieve referer from ‘_wp_http_referer’ or HTTP referer.
wp-includes/functions.php: nocache_headers()

Set the headers to prevent caching for the different browsers.
wp-includes/link-template.php: set_url_scheme()

Sets the scheme for a URL.
wp-includes/plugin.php: apply_filters()

Calls the callback functions that have been added to a filter hook.
wp-includes/plugin.php: do_action()

Execute functions hooked on a specific action hook.
wp-includes/user.php: get_user_option()

Retrieve user option that can be either per Site or per Network.
Show 9 more uses Hide more uses

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.