Forum Replies Created
Viewing 10 posts - 1 through 10 (of 10 total)
-
-
This works well enough, since I only want to display the first error message in the case of errors
COPY CODEecho json_encode(array( 'loggedin' => false, 'message' => '<span class="wrong-response"><i class="icon icon-attention"></i>' . $user_signon->get_error_message() . '</span>' ));Hi Abe,
The user_signon doesn’t ever contain information about being locked out. It’s always just a message about bad credentials, e.g.
COPY CODEWP_Error Object ( [errors:WP_Error:private] => Array ( [incorrect_password] => Array ( [0] => <strong>ERROR</strong>: The password you entered for the username <strong>ataylor</strong> is incorrect. <a href="http://local.meetmindful.com/wp-login.php?action=lostpassword">Lost your password</a>? ) ) [error_data:WP_Error:private] => Array ( ) )and my modified members loop code
COPY CODE<?php if ( bp_has_members( bp_ajax_querystring( 'members' ).mm_saved_search_params().'&per_page='.sq_option('buddypress_perpage') ) ) : ?>COPY CODE/************** AUTO FILTER MEMBERS PAGE ******/ add_action('bp_before_members_loop', 'mm_autofilter_members'); function mm_autofilter_members() { // Only offer feature to logged in users who havent yet answered prompt and are not executing a search already.. if(is_user_logged_in() && !isset($_GET["field_4"]) && $_COOKIE['mm_autofilter'] != 'true' ): // Prepare info to be saved to cookies global $bp; $loggedin_user_id = $bp->loggedin_user->id; $user_sex = xprofile_get_field_data('Sex', $loggedin_user_id ); $user_looking_for = xprofile_get_field_data('Looking to meet', $loggedin_user_id ); $translated_user_sex = ($user_sex == 'Male' ? 'Men' : 'Women' ); $translated_user_looking_for = ($user_looking_for == 'Men' ? 'Male' : 'Female' ); $expirestring = 'Thu, 18 Dec 2015 12:00:00 GMT; path=/'; ?> <script> if(confirm('Only show <?php echo $user_looking_for ?>?')) { document.cookie='mm_autofilter=true; expires=<? echo $expirestring; ?>'; document.cookie='mm_results_looking_for=<? echo $translated_user_sex; ?>; expires=<? echo $expirestring; ?>'; document.cookie='mm_results_gender_is=<? echo $translated_user_looking_for; ?>; expires=<? echo $expirestring; ?>'; window.location = '/members'; } else { document.cookie='mm_autofilter=false; expires=<? echo $expirestring; ?>'; } </script> <?php endif; } function mm_saved_search_params() { if($_COOKIE['mm_autofilter'] == 'true') { return mm_custom_ids('Sex', $_COOKIE['mm_results_gender_is']); } else { return ''; } } function mm_custom_ids( $field_name, $field_value = '' ) { if ( empty( $field_name ) ) return ''; global $wpdb; $field_id = xprofile_get_field_id_from_name( $field_name ); if ( !empty( $field_id ) ) $query = "SELECT user_id FROM " . $wpdb->prefix . "bp_xprofile_data WHERE field_id = " . $field_id; else return ''; if ( $field_value != '' ) $query .= " AND value = '" . $field_value . "'"; $custom_ids = $wpdb->get_col( $query ); if ( !empty( $custom_ids ) ) { // convert the array to a csv string // had to switch to exclude here?? $custom_ids_str = 'exclude=' . implode(",", $custom_ids); return $custom_ids_str; } else return ''; }I changed that up to this. Does anyone know why this only works when I EXCLUDE based on the query? I expected this to select IDs to INCLUDE but it works perfectly inverse..
COPY CODE/************** AUTO FILTER MEMBERS PAGE ******/ add_action('bp_before_members_loop', 'mm_autofilter_members'); function mm_autofilter_members() { // Only offer feature to logged in users who havent yet answered prompt and are not executing a search already.. if(is_user_logged_in() && !isset($_GET["field_4"]) && $_COOKIE['mm_autofilter'] != 'true' ): // Prepare info to be saved to cookies global $bp; $loggedin_user_id = $bp->loggedin_user->id; $user_sex = xprofile_get_field_data('Sex', $loggedin_user_id ); $user_looking_for = xprofile_get_field_data('Looking to meet', $loggedin_user_id ); $translated_user_sex = ($user_sex == 'Male' ? 'Men' : 'Women' ); $translated_user_looking_for = ($user_looking_for == 'Men' ? 'Male' : 'Female' ); $expirestring = 'Thu, 18 Dec 2015 12:00:00 GMT; path=/'; ?> <script> if(confirm('Only show <?php echo $user_looking_for ?>?')) { document.cookie='mm_autofilter=true; expires=<? echo $expirestring; ?>'; document.cookie='mm_results_looking_for=<? echo $translated_user_sex; ?>; expires=<? echo $expirestring; ?>'; document.cookie='mm_results_gender_is=<? echo $translated_user_looking_for; ?>; expires=<? echo $expirestring; ?>'; window.location = '/members'; } else { document.cookie='mm_autofilter=false; expires=<? echo $expirestring; ?>'; } </script> <?php endif; } function mm_saved_search_params() { if($_COOKIE['mm_autofilter'] == 'true') { return mm_custom_ids('Sex', $_COOKIE['mm_results_gender_is']); } else { return ''; } } function mm_custom_ids( $field_name, $field_value = '' ) { if ( empty( $field_name ) ) return ''; global $wpdb; $field_id = xprofile_get_field_id_from_name( $field_name ); if ( !empty( $field_id ) ) $query = "SELECT user_id FROM " . $wpdb->prefix . "bp_xprofile_data WHERE field_id = " . $field_id; else return ''; if ( $field_value != '' ) $query .= " AND value = '" . $field_value . "'"; $custom_ids = $wpdb->get_col( $query ); if ( !empty( $custom_ids ) ) { // convert the array to a csv string // had to switch to exclude here?? $custom_ids_str = 'exclude=' . implode(",", $custom_ids); return $custom_ids_str; } else return ''; }Going to mark this resolved and post the code that WPEngine is using to fix sites with this issue:
COPY CODE<?php /** * Plugin Name: Fix AJAX 403 * Plugin URI: https://gist.github.com/JPry/c8ad046c49f3f4a54377 * Description: Prevent bad AJAX login requests from generating a 403 code * Version: 1.0 * Author: Jeremy Pry * Author URI: http://jeremypry.com/ * License: GPL2 */ // Prevent direct access to this file if ( ! defined( 'ABSPATH' ) ) { die( "You can't do anything by accessing this file directly." ); } add_action( 'muplugins_loaded', 'jpry_adjust_wpe_hooks' ); function jpry_adjust_wpe_hooks() { remove_action( 'wp_login_failed', 'wpe_login_failed_403' ); add_action( 'wp_login_failed', 'jpry_login_failed_403' ); } function jpry_login_failed_403() { // Don't 403 for Ajax requests if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { return; } status_header( 403 ); }wp-admin/admin-ajax.php is accessible in all other functions of the website, except when handling a bad password.
The 403 header is applied by the wpengine plugin
COPY CODEfunction wpe_login_failed_403() { status_header( 403 ); } add_action( ‘wp_login_failed’, ‘wpe_login_failed_403′ );In my case.. it may not actually be an appropriate header?
Since the modal hangs on “Sending info..” then it seems the wp_signon is never actually taking place? Because if it was, then the check immediately afterward should either be showing me the “wrong password” message OR redirecting me elsewhere. Right? But it’s doing nothing.
COPY CODE$user_signon = wp_signon( $info, false ); if ( is_wp_error($user_signon) ){ echo json_encode(array('loggedin'=>false, 'message'=> '<i class="icon-warning-sign"></i> ' . __('Wrong username or password. Please try again.', 'kleo_framework'))); } else { $redirecturl = apply_filters( 'login_redirect', '', '', $user_signon ); echo json_encode(array('loggedin'=>true, 'redirecturl' => $redirecturl, 'message'=> '<i class="icon-ok-sign"></i> ' . __('Login successful, redirecting...','kleo_framework'))); }admin-ajax is defined on my DEV install and STAGING install, and still suffers from the issue described here, where admin ajax returns 403 if the password is incorrect.
FYI the demo site shows 500 internal server error on admin-ajax.php when you load the home page.
QUESTION: Is there any to modify is_wp_error to include a case for 403 on admin-ajax?
COPY CODEadd_action( 'wp_ajax_nopriv_kleoajaxlogin', 'kleo_ajax_login' ); if (!function_exists('kleo_ajax_login')): function kleo_ajax_login() { // Check the nonce, if it fails the function will break check_ajax_referer( 'kleo-ajax-login-nonce', 'security' ); // Nonce is checked, get the POST data and sign in user $info = array(); $info['user_login'] = $_POST['log']; $info['user_password'] = $_POST['pwd']; $info['remember'] = true; $info = apply_filters('kleo_ajaxlogin_atts', $info); $user_signon = wp_signon( $info, false ); if ( is_wp_error($user_signon) ){ echo json_encode(array('loggedin'=>false, 'message'=> '<i class="icon-warning-sign"></i> ' . __('Wrong username or password. Please try again.', 'kleo_framework'))); } else { $redirecturl = apply_filters( 'login_redirect', '', '', $user_signon ); echo json_encode(array('loggedin'=>true, 'redirecturl' => $redirecturl, 'message'=> '<i class="icon-ok-sign"></i> ' . __('Login successful, redirecting...','kleo_framework'))); } die(); } endif; add_action( 'wp_ajax_kleoajaxlogin', 'kleo_ajax_login_priv' ); if (!function_exists('kleo_ajax_login_priv')): function kleo_ajax_login_priv() { $link = "javascript:window.location.reload();return false;"; echo json_encode(array('loggedin'=>false, 'message'=> '<i class="icon-warning-sign"></i> ' . sprintf(__('You are already logged in. Please <a href="#" onclick="%s">refresh</a> page','kleo_framework'),$link))); die(); } endif;Any clues here?
Request headers
COPY CODEPOST /wp-admin/admin-ajax.php HTTP/1.1 Host: mmstock.wpengine.com Connection: keep-alive Content-Length: 60 Cache-Control: no-cache Pragma: no-cache Origin: http://mmstock.wpengine.com X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: application/json, text/javascript, */*; q=0.01 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36 Referer: http://mmstock.wpengine.com/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,es;q=0.6 Cookie: optimizelyEndUserId=oeu1399400978451r0.49796974984928966; _jsuid=2814151028; hsfirstvisit=http%3A%2F%2Fwpengine.com%2F2014%2F02%2F25%2Fwp-engine-introduces-copy-site%2F|https%3A%2F%2Fwww.google.com%2F|1399530671818; __utma=67904087.465359914.1399530670.1399530670.1399530670.1; __utmc=67904087; __utmz=67904087.1399530670.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); optimizelySegments=%7B%22852260298%22%3A%22false%22%2C%22858250216%22%3A%22search%22%2C%22858450478%22%3A%22gc%22%7D; optimizelyBuckets=%7B%7D; _referrer_og=https%3A%2F%2Fwww.google.com%2F; _ga=GA1.2.465359914.1399530670; __hstc=51647990.d59f5ec2ffcf79f21c6a06ff9caf2b77.1399530671820.1399996188709.1400187085641.4; __hssrc=1; hubspotutk=d59f5ec2ffcf79f21c6a06ff9caf2b77; wp-settings-time-2=1400190771; wordpress_test_cookie=WP+Cookie+checkresponse headers
COPY CODEHTTP/1.1 403 Forbidden Server: WP Engine/6.0.2 Date: Fri, 16 May 2014 18:00:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 118 Connection: keep-alive Keep-Alive: timeout=20 Access-Control-Allow-Origin: http://mmstock.wpengine.com Access-Control-Allow-Credentials: true X-Robots-Tag: noindex X-Content-Type-Options: nosniff Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Pragma: no-cache X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Content-Encoding: gzipAlso, the code above won’t work for dateboxes. To handle dateboxes, if you’re going to leave Foundation running and go the CSS route:
COPY CODE.kleo-selectbox .custom.dropdown.expand, .datebox .custom.dropdown.expand {display:none;} .kleo-selectbox select, .datebox select { display: block !important; }
Viewing 10 posts - 1 through 10 (of 10 total)
