CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
force_ssl_admin example
function set_url_scheme( $url, $scheme = null ) {
$orig_scheme = $scheme;
if ( ! $scheme ) {
$scheme = is_ssl() ? 'https' : 'http';
} elseif ( 'admin' === $scheme || 'login' === $scheme || 'login_post' === $scheme || 'rpc' === $scheme ) {
$scheme = is_ssl() || force_ssl_admin() ? 'https' : 'http';
} elseif ( 'http' !== $scheme && 'https' !== $scheme && 'relative' !== $scheme ) {
$scheme = is_ssl() ? 'https' : 'http';
}
$url = trim( $url );
if ( str_starts_with( $url, '//' ) ) {
$url = 'http:' . $url;
}
if ( 'relative' === $scheme ) {
$url = ltrim( preg_replace( '#^\w+://[^/]*#', '', $url ) );
$url = add_query_arg( 'rest_route', $path, $url );
}
if ( is_ssl() && isset( $_SERVER['SERVER_NAME'] ) ) {
// If the current host is the same as the REST URL host, force the REST URL scheme to HTTPS. if ( parse_url( get_home_url( $blog_id ), PHP_URL_HOST ) === $_SERVER['SERVER_NAME'] ) {
$url = set_url_scheme( $url, 'https' );
}
}
if ( is_admin() && force_ssl_admin() ) {
/* * In this situation the home URL may be http:, and `is_ssl()` may be false, * but the admin is served over https: (one way or another), so REST API usage * will be blocked by browsers unless it is also served over HTTPS. */
$url = set_url_scheme( $url, 'https' );
}
/** * Filters the REST URL. * * Use this filter to adjust the url returned by the get_rest_url() function. * * @since 4.4.0 * * @param string $url REST URL. * @param string $path REST route. * @param int|null $blog_id Blog ID. * @param string $scheme Sanitization scheme. */
}
if ( is_ssl() && isset( $_SERVER['SERVER_NAME'] ) ) {
// If the current host is the same as the REST URL host, force the REST URL scheme to HTTPS. if ( parse_url( get_home_url( $blog_id ), PHP_URL_HOST ) === $_SERVER['SERVER_NAME'] ) {
$url = set_url_scheme( $url, 'https' );
}
}
if ( is_admin() && force_ssl_admin() ) {
/* * In this situation the home URL may be http:, and `is_ssl()` may be false, * but the admin is served over https: (one way or another), so REST API usage * will be blocked by browsers unless it is also served over HTTPS. */
$url = set_url_scheme( $url, 'https' );
}
/** * Filters the REST URL. * * Use this filter to adjust the url returned by the get_rest_url() function. * * @since 4.4.0 * * @param string $url REST URL. * @param string $path REST route. * @param int|null $blog_id Blog ID. * @param string $scheme Sanitization scheme. */
/** Make sure that the WordPress bootstrap has run before continuing. */
require __DIR__ . '/wp-load.php';
// Redirect to HTTPS login if forced to use SSL. if ( force_ssl_admin() && ! is_ssl() ) {
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {
wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit;
} else {
wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit;
}
}
/** * Outputs the login page header. * * @since 2.1.0 * * @global string $error Login error message set by deprecated pluggable wp_login() function * or plugins replacing it. * @global bool|string $interim_login Whether interim login modal is being displayed. String 'success' * upon successful login. * @global string $action The action that brought the visitor to the login page. * * @param string $title Optional. WordPress login Page title to display in the `<title>` element. * Default 'Log In'. * @param string $message Optional. Message to display in header. Default empty. * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance. */
function force_ssl_login( $force = null ) {
_deprecated_function( __FUNCTION__, '4.4.0', 'force_ssl_admin()' );
return force_ssl_admin( $force );
}
/** * Retrieve path of comment popup template in current or parent template. * * @since 1.5.0 * @deprecated 4.5.0 * * @return string Full path to comments popup template file. */
function get_comments_popup_template() {
/**
* Checks if a user is logged in, if not it redirects them to the login page.
*
* When this code is called from a page, it checks to see if the user viewing the page is logged in.
* If the user is not logged in, they are redirected to the login page. The user is redirected
* in such a way that, upon logging in, they will be sent directly to the page they were originally
* trying to access.
*
* @since 1.5.0
*/
function auth_redirect() {
$secure = ( is_ssl() || force_ssl_admin() );
/** * Filters whether to use a secure authentication redirect. * * @since 3.1.0 * * @param bool $secure Whether to use a secure authentication redirect. Default false. */
$secure = apply_filters( 'secure_auth_redirect', $secure );
// If https is required and request is http, redirect.
function auth_redirect() {
$secure = ( is_ssl() || force_ssl_admin() );
/** * Filters whether to use a secure authentication redirect. * * @since 3.1.0 * * @param bool $secure Whether to use a secure authentication redirect. Default false. */
$secure = apply_filters( 'secure_auth_redirect', $secure );
// If https is required and request is http, redirect.
function wp_ssl_constants() {
/** * @since 2.6.0 */
if ( ! defined( 'FORCE_SSL_ADMIN' ) ) {
if ( 'https' === parse_url( get_option( 'siteurl' ), PHP_URL_SCHEME ) ) {
define( 'FORCE_SSL_ADMIN', true );
} else {
define( 'FORCE_SSL_ADMIN', false );
}
}
force_ssl_admin( FORCE_SSL_ADMIN );
/** * @since 2.6.0 * @deprecated 4.0.0 */
if ( defined( 'FORCE_SSL_LOGIN' ) && FORCE_SSL_LOGIN ) {
force_ssl_admin( true );
}
}
/** * Defines functionality-related WordPress constants. * * @since 3.0.0 */
/** * @since 2.6.0 */
if ( ! defined( 'FORCE_SSL_ADMIN' ) ) {
if ( 'https' === parse_url( get_option( 'siteurl' ), PHP_URL_SCHEME ) ) {
define( 'FORCE_SSL_ADMIN', true );
} else {
define( 'FORCE_SSL_ADMIN', false );
}
}
force_ssl_admin( FORCE_SSL_ADMIN );
/** * @since 2.6.0 * @deprecated 4.0.0 */
if ( defined( 'FORCE_SSL_LOGIN' ) && FORCE_SSL_LOGIN ) {
force_ssl_admin( true );
}
}
/** * Defines functionality-related WordPress constants. * * @since 3.0.0 */