<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[BuddyPress][4465] trunk: Reintroduces bp_core_catch_no_access() and introduces bp_core_no_access(), to provide proper login and redirect support for non-logged-in users attempting to visit protected BP pages.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd>4465</dd>
<dt>Author</dt> <dd>boonebgorges</dd>
<dt>Date</dt> <dd>2011-06-06 20:38:34 +0000 (Mon, 06 Jun 2011)</dd>
</dl>
<h3>Log Message</h3>
<pre>Reintroduces bp_core_catch_no_access() and introduces bp_core_no_access(), to provide proper login and redirect support for non-logged-in users attempting to visit protected BP pages. Adds template_notices hook to bp-default index.php so that non-logged-in message is properly displayed. Fixes #3246. Huge props r-a-y</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkbpcorebpcorecatchuriphp">trunk/bp-core/bp-core-catchuri.php</a></li>
<li><a href="#trunkbpthemesbpdefaultfunctionsphp">trunk/bp-themes/bp-default/functions.php</a></li>
<li><a href="#trunkbpthemesbpdefaultindexphp">trunk/bp-themes/bp-default/index.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkbpcorebpcorecatchuriphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-core/bp-core-catchuri.php (4464 => 4465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-core/bp-core-catchuri.php        2011-06-06 18:36:36 UTC (rev 4464)
+++ trunk/bp-core/bp-core-catchuri.php        2011-06-06 20:38:34 UTC (rev 4465)
</span><span class="lines">@@ -344,4 +344,125 @@
</span><span class="cx">                 bp_core_load_template( apply_filters( 'bp_core_template_display_profile', 'members/single/home' ) );
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+/**
+ * Catches invalid access to BuddyPress pages and redirects them accordingly.
+ *
+ * @package BuddyPress Core
+ * @since 1.3
+ */
+function bp_core_catch_no_access() {
+        global $bp, $wp_query, $bp_unfiltered_uri, $bp_no_status_set;
+
+        // If bp_core_redirect() and $bp_no_status_set is true,
+        // we are redirecting to an accessible page, so skip this check.
+        if ( $bp_no_status_set )
+                return false;
+
+        // If the displayed user was marked as a spammer and the logged-in user is not a super admin, redirect
+        if ( isset( $bp->displayed_user->id ) && bp_core_is_user_spammer( $bp->displayed_user->id ) ) {
+                if ( !is_super_admin() )
+                        bp_core_redirect( $bp->root_domain );
+                else
+                        bp_core_add_message( __( 'This user has been marked as a spammer. Only site admins can view this profile.', 'buddypress' ), 'error' );
+        }
+
+        // If BP_ENABLE_ROOT_PROFILES is not defined and the displayed user does not exist, redirect
+        if ( !$bp->displayed_user->id && isset( $bp_unfiltered_uri[0] ) && $bp_unfiltered_uri[0] == $bp->members->slug && isset( $bp_unfiltered_uri[1] ) )
+                bp_core_redirect( $bp->root_domain );
+
+        // Access control!
+        if ( !isset( $wp_query->queried_object ) && !bp_is_blog_page() ) {
+                if ( is_user_logged_in() ) {
+                        bp_core_no_access( array( 'redirect' => false, 'message' => __( 'You do not have access to that page', 'buddypress' ) ) );
+                } else {
+                        bp_core_no_access();
+                }
+        }
+}
+add_action( 'wp', 'bp_core_catch_no_access' );
+
+/**
+ * Redirects a user to login for BP pages that require access control and adds an error message (if
+ * one is provided).
+ * If authenticated, redirects user back to requested content by default.
+ *
+ * @package BuddyPress Core
+ * @since 1.3
+ */
+function bp_core_no_access( $args = '' ) {
+        global $bp;
+
+        $defaults = array(
+                'mode'                => '1',                        // 1 = $root, 2 = wp-login.php
+                'message'        => __( 'You must log in to access the page you requested.', 'buddypress' ),
+                'redirect'        => wp_guess_url(),        // the URL you get redirected to when a user successfully logs in
+                'root'                => $bp->root_domain        // the landing page you get redirected to when a user doesn't have access
+        );
+
+        $r = wp_parse_args( $args, $defaults );
+        extract( $r, EXTR_SKIP );
+
+        // Group filtering
+        // When a user doesn't have access to a group's activity / secondary page, redirect to group's homepage
+        if ( !$redirect ) {
+                if ( bp_is_active( 'groups' ) && bp_is_current_component( 'groups' ) ) {
+                        $root = bp_get_group_permalink( $bp->groups->current_group );
+                        $message = false;
+                }
+        }
+
+        // Apply filters to these variables
+        $mode                = apply_filters( 'bp_no_access_mode', $mode, $root, $redirect, $message );
+        $redirect        = apply_filters( 'bp_no_access_redirect', $redirect, $root, $message, $mode );
+        $root                = trailingslashit( apply_filters( 'bp_no_access_root', $root, $redirect, $message, $mode ) );
+        $message        = apply_filters( 'bp_no_access_message', $message, $root, $redirect, $mode );
+
+        switch ( $mode ) {
+                // Option to redirect to wp-login.php
+                // Error message is displayed with bp_core_no_access_wp_login_error()
+                case 2 :
+                        if ( $redirect ) {
+                                bp_core_redirect( wp_login_url( $redirect ) . '&action=bpnoaccess' );
+                        } else {
+                                bp_core_redirect( $root );
+                        }
+                break;
+
+                // Redirect to root with "redirect_to" parameter
+                // Error message is displayed with bp_core_add_message()
+                case 1 :
+                default :
+                        if ( $redirect ) {
+                                $url = add_query_arg( 'redirect_to', urlencode( $redirect ), $root );
+                        } else {
+                                $url = $root;
+                        }
+
+                        if ( $message ) {
+                                bp_core_add_message( $message, 'error' );
+                        }
+
+                        bp_core_redirect( $url );
+                break;
+        }
+}
+
+/**
+ * Adds an error message to wp-login.php.
+ * Hooks into the "bpnoaccess" action defined in bp_core_no_access().
+ *
+ * @package BuddyPress Core
+ * @global $error
+ * @since 1.3
+ */
+function bp_core_no_access_wp_login_error() {
+        global $error;
+
+        $error = apply_filters( 'bp_wp_login_error', __( 'You must log in to access the page you requested.', 'buddypress' ), $_REQUEST['redirect_to'] );
+
+        // shake shake shake!
+        add_action( 'login_head', 'wp_shake_js', 12 );
+}
+add_action( 'login_form_bpnoaccess', 'bp_core_no_access_wp_login_error' );
+
</ins><span class="cx"> ?>
</span><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="trunkbpthemesbpdefaultfunctionsphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-themes/bp-default/functions.php (4464 => 4465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-themes/bp-default/functions.php        2011-06-06 18:36:36 UTC (rev 4464)
+++ trunk/bp-themes/bp-default/functions.php        2011-06-06 20:38:34 UTC (rev 4465)
</span><span class="lines">@@ -657,4 +657,19 @@
</span><span class="cx"> }
</span><span class="cx"> add_action( 'comment_form', 'bp_dtheme_after_comment_form' );
</span><span class="cx"> endif;
</span><ins>+
+/**
+ * Adds a hidden "redirect_to" input field to the sidebar login form.
+ * Put here temporarily for proof-of-concept.
+ *
+ * @since 1.3
+ */
+function bp_dtheme_sidebar_login_redirect_to() {
+        $redirect_to = apply_filters( 'bp_no_access_redirect', isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '' );
+?>
+        <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
+<?php
+}
+add_action( 'bp_sidebar_login_form', 'bp_dtheme_sidebar_login_redirect_to' );
+
</ins><span class="cx"> ?>
</span><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="trunkbpthemesbpdefaultindexphp"></a>
<div class="modfile"><h4>Modified: trunk/bp-themes/bp-default/index.php (4464 => 4465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/bp-themes/bp-default/index.php        2011-06-06 18:36:36 UTC (rev 4464)
+++ trunk/bp-themes/bp-default/index.php        2011-06-06 20:38:34 UTC (rev 4465)
</span><span class="lines">@@ -4,6 +4,8 @@
</span><span class="cx">                 <div class="padder">
</span><span class="cx">
</span><span class="cx">                 <?php do_action( 'bp_before_blog_home' ) ?>
</span><ins>+                
+                <?php do_action( 'template_notices' ) ?>
</ins><span class="cx">
</span><span class="cx">                 <div class="page" id="blog-latest" role="main">
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>