Replies: 0
Hi @gioni
I have installed “WP-FB AutoConnect” plugin. It is a plugin that let user register or acces to web using facebook.
In addition, in your plugin I have changed the “wp-login.php” to “ic-login”
When I log in with “WP-FB AutoConnect”, log in do not run and user will be redirected to http://www.infocity.website/ic-login
If I do not change the login page, and let the default login page, “WP-FB AutoConnect” will run well.
The author of “WP-FB AutoConnect” said me the following:
In Main.php, line 240 you’ll see that the html form my plugin submits to initiate the login is being output by site_url( 'wp-login.php', 'login_post' ). If WP CERBER is altering the page location, I would expect them to be hooking this function to still return the proper URL, and thus the redirect to still work – that would be the next place to check.
Following, I add part of Main.php from line 232 to line 246:
//Output an html form that we'll submit via JS once the FB popup is dismissed.
//NOTE: Regardless of where we submit the form to (the "action"), the FB login is handled completely by _process_login.php,
//which runs in the "init" action and then immediately redirects elsewhere. We could basically submit this form to
//anywhere and it'd still work; I just use wp-login.php for simplicity (and because WP will guarantee that it's https
//if ssl logins are required).
//NOTE: I was previously submitting to wp_login_url(), which broke WPEngine. They specifically require I post to
// site_url(), with the 'login_post' param...)
?><form id="wp-fb-ac-fm" name="<?php echo $callbackName ?>_form" method="post" action="<?php echo esc_url(site_url( 'wp-login.php', 'login_post' )); ?>" >
<input type="hidden" name="redirectTo" value="<?php echo $redirectTo?>" />
<input type="hidden" name="access_token" id="jfb_access_token" value="0" />
<input type="hidden" name="fbuid" id="jfb_fbuid" value="0" />
<?php wp_nonce_field ($jfb_nonce_name, $jfb_nonce_name) ?>
<?php do_action('wpfb_add_to_form'); ?>
</form>So my QUESTION 1 is: are you hooking this function? I think “yes”, because after log in, user is redirected to http://www.infocity.website/ic-login
But I need you confirme me that you are hooking this function.
After to have this No Compatibility, I have read about the problem generated if administrators change wp-login.php A lot of security experts say that this change can generate problems of compatibility. Right now I have had the first problem… 🙂
So, if to change wp-login.php to other url I can broken other plugins (included also core wp funcionality) I have thought in a other solution, but I do not know if it is codeable… I am not informatic…
Maybe a good solution is not change and delete wp-login.php but give acces to wp-login.php only when requests are from internal function (wp core or plugins installed into my page), and block acces when request is from URL BAR for example.
So my QUESTION 2 is: it is codeable to do that? Are you interested in resolve this problem?
I hope your answer about the 2 QUESTIONS.
Thanks very much for your support.
-
This topic was modified 14 minutes ago by
giuseppecuttone.
-
This topic was modified 12 minutes ago by
giuseppecuttone.
-
This topic was modified 12 minutes ago by
giuseppecuttone.
