302 Redirect loop for locked users (with solution code)

  • dalgaard

    (@dalgaard)


    8 years ago

    When a user is locked out, i get a 302 redirect loop to the frontpage.

    I have isolated the problem to be in class-itsec-lockout.php in the execute_lock method.

    This code assumes that the wp_get_current_user function does not return an object for a logged out user. But it does! It is just an empty user-object with ID = 0

    $current_user = wp_get_current_user();

if ( is_object( $current_user ) && isset( $current_user->ID )) {
	wp_logout();
}

    Proposed solution (The code is almost directly taken from the example on wp_get_current_user documentation page:

    $current_user = wp_get_current_user();

if ( $current_user->ID !== 0) {
	wp_logout();
}
    • This topic was modified 8 years ago by dalgaard.
    • This topic was modified 8 years ago by dalgaard.
Viewing 2 replies - 1 through 2 (of 2 total)
  • pronl

    (@pronl)

    @dalgaard

    Yup. Though the codex wp_get_current_user() page includes the following note:

    IMPORTANT NOTE: This is for demonstration purposes ONLY. The correct way to determine whether a user is logged in is to use the function is_user_logged_in().

    So simply use:

    if ( is_user_logged_in() )
	wp_logout();

    Where the original code of the is_user_logged_in() function is:

    $user = wp_get_current_user();
 
return $user->exists();

    Do note is_user_logged_in() is a pluggable function.

    Thread Starter dalgaard

    (@dalgaard)

    Any chance that the developers will include this fix?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘302 Redirect loop for locked users (with solution code)’ is closed to new replies.