我有一个自定义登录表单,可以通过添加[custom-login-form] 到静态页面。虽然表单看起来确实很不一样,但它仍然通过method=“post”将其数据提交给wp_login_url() (不带参数),与默认登录表单一样。
我通过插件将用户发送到该页面,如下所示:
add_action( \'login_form_login\', array( $this, \'redirect_to_custom_login\' ) ); // login
public function redirect_to_custom_login() {
if ( \'GET\' === $_SERVER[\'REQUEST_METHOD\'] ) {
if ( \'\' !== $this->redirect_after_login_url ) {
$redirect_to = $this->redirect_after_login_url;
} else {
$redirect_to = null;
}
if ( is_user_logged_in() ) {
$this->redirect_logged_in_user( $redirect_to );
exit;
}
// The rest are redirected to the login page
$login_url = site_url( \'user/login\' );
if ( ! empty( $redirect_to ) ) {
$login_url = add_query_arg( \'redirect_to\', $redirect_to, $login_url );
}
wp_redirect( $login_url );
exit;
}
}
我尝试在登录后将非管理员用户发送回他们所在的页面,以及:
add_filter( \'login_redirect\', array( $this, \'redirect_after_login\' ), 10, 3 ); // login
public function redirect_after_login( $redirect_to, $requested_redirect_to, $user ) {
$redirect_url = site_url();
if ( ! isset( $user->ID ) ) {
return $redirect_url;
}
if ( ! empty( $user->roles[0] ) && in_array( $user->roles[0], array( \'administrator\' ) ) ) {
// Use the redirect_to parameter if one is set, otherwise redirect to admin dashboard.
if ( \'\' === $requested_redirect_to ) {
$redirect_url = admin_url();
} else {
$redirect_url = $requested_redirect_to;
}
} else {
// Non-admin users go to their account page after login, unless another url is supplied
if ( \'\' === $requested_redirect_to ) {
$redirect_url = site_url( \'user\' );
} else {
$redirect_url = $requested_redirect_to;
}
}
return wp_validate_redirect( $redirect_url, site_url() );
}
我还使用以下代码试图阻止用户注销:
if ( ! function_exists( \'custom_login_expiration\' ) ) :
add_filter( \'auth_cookie_expiration\', \'custom_login_expiration\' );
function custom_login_expiration( $expirein ) {
return 31556926; // 1 year in seconds
}
endif;
但我从多个用户那里得到了一致的报告,他们每天都必须登录。我自己没有必要这么做,这可能是因为我没有足够长的时间不活动。报告用户不是管理员,而是订阅者、贡献者、编辑等。
我看不到任何证据表明我的自定义登录挂钩必须自己设置cookie-据我所知,它们似乎没有拦截该过程-但我看不出用户会独立于授权到期而注销的另一个原因。
更新:我发现管理员级别的用户are 设置正确的Cookie,这样他们就可以保持登录状态。但是,如果用户在登录时没有发送到管理页面,则他们不会获得wp-settings-time-{user_id} 和wp-settings-{user_id} 已设置cookies。
我尝试了wp_user_settings() Core用于设置这些Cookie的方法。这确实设置了过期值,但在用户关闭浏览器时不会保持登录状态。
function my_user_settings() {
if ( is_admin() ) {
return;
}
if ( ! $user_id = get_current_user_id() ) {
return;
}
if ( ! is_user_member_of_blog() ) {
return;
}
$settings = (string) get_user_option( \'user-settings\', $user_id );
if ( isset( $_COOKIE[\'wp-settings-\' . $user_id] ) ) {
$cookie = preg_replace( \'/[^A-Za-z0-9=&_]/\', \'\', $_COOKIE[\'wp-settings-\' . $user_id] );
// No change or both empty
if ( $cookie == $settings )
return;
$last_saved = (int) get_user_option( \'user-settings-time\', $user_id );
$current = isset( $_COOKIE[\'wp-settings-time-\' . $user_id]) ? preg_replace( \'/[^0-9]/\', \'\', $_COOKIE[\'wp-settings-time-\' . $user_id] ) : 0;
// The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
if ( $current > $last_saved ) {
update_user_option( $user_id, \'user-settings\', $cookie, false );
update_user_option( $user_id, \'user-settings-time\', time() - 5, false );
return;
}
}
// The cookie is not set in the current browser or the saved value is newer.
$secure = ( \'https\' === parse_url( site_url(), PHP_URL_SCHEME ) );
setcookie( \'wp-settings-\' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
setcookie( \'wp-settings-time-\' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH, null, $secure );
$_COOKIE[\'wp-settings-\' . $user_id] = $settings;
}
我认为我在这一部分上走的是正确的,也许我是,但它没有达到预期的最终结果。
