Changeset 3081704

Timestamp:

05/06/2024 06:54:09 AM (20 months ago)

Author:

lev0

Message:

Extend to all login pages

Location:

stop-logging-me-out

Files:

• assets/screenshot-1.png (added)
• tags/1.0.0 (copied) (copied from stop-logging-me-out/trunk)
• tags/1.0.0/languages/stop-logging-me-out.pot (modified) (4 diffs)
• tags/1.0.0/readme.txt (modified) (3 diffs)
• tags/1.0.0/stop-logging-me-out.php (modified) (9 diffs)
• trunk/languages/stop-logging-me-out.pot (modified) (4 diffs)
• trunk/readme.txt (modified) (3 diffs)
• trunk/stop-logging-me-out.php (modified) (9 diffs)

stop-logging-me-out/tags/1.0.0/languages/stop-logging-me-out.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: Stop Logging Me Out 0.1.1\n"
+"Project-Id-Version: Stop Logging Me Out 1.0.0\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/stop-logging-me-out\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2023-06-20T14:46:34+09:30\n"
+"POT-Creation-Date: 2024-05-06T05:36:58+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"X-Generator: WP-CLI 2.6.0\n"
+"X-Generator: WP-CLI 2.9.0\n"
 "X-Domain: stop-logging-me-out\n"
 
@@ -20 +20 @@
 
 #. Description of the plugin
-msgid "WordPress logs you out again when you revisit a tab/window where a previous session had expired."
+msgid "Stop a previously expired session's login page from forcibly logging you out of your current session."
 msgstr ""
 
@@ -31 +31 @@
 msgstr ""
 
-#: stop-logging-me-out.php:140
-msgid "You could not be authenticated in order to return you to the original page. You will need to log in again."
+#: stop-logging-me-out.php:164
+msgid "You could not be authenticated in order to return you to your session. You will need to log in again."
 msgstr ""
 
-#: stop-logging-me-out.php:207
+#: stop-logging-me-out.php:232
+msgid "You have logged in again since this page loaded. Would you like to try returning to your session?"
+msgstr ""
+
+#: stop-logging-me-out.php:233
 msgid "You have logged in again since this page automatically logged you out. Would you like to try returning to it?"
 msgstr ""

stop-logging-me-out/tags/1.0.0/readme.txt

@@ -3 +3 @@
 Tags: login, sessions, annoyances
 Requires at least: 4.0.0
-Tested up to: 6.2.2
-Stable tag: 0.1.1
+Tested up to: 6.5.2
+Stable tag: 1.0.0
 Requires PHP: 7.0.0
 License: GPLv2 or later
@@ -13 +13 @@
 == Description ==
 
-WordPress asks you to reauthenticate when your session expires, or for other security reasons. This is great *except* when you've just done so, and it logs you out again each time you visit a similar but obsolete reauthentication log in page.
+WordPress asks you to reauthenticate when your session expires, or for other security reasons. This is great *except* when you've just done so, and WordPress mistakenly believes you need to do it again and again.
 
-This plugin interacts with the login system, so may not work in rare instances where that system is already being modified by other third party code in a way that isn't completely compatible with the default WordPress functions.
+This plugin modifies a small portion the login system to prevent login cookies being erased when they don't need to. It may not work in rare instances where that system is already being modified by other third party code in a way that isn't completely compatible with the default WordPress functions.
 
 == Installation ==
@@ -21 +21 @@
 Install in the usual manner by searching for this plugin by name, or uploading it, on your **Add Plugins** page.
 
-No configuration is required but it only fixes reauthentication pages that were generated *after* the plugin was installed.
+No configuration is required but it only fixes reauthentication pages generated *after* the plugin is installed, so visiting any that have the old `reauth=1` in the URL will still trigger WordPress' bad behaviour.
 
 == Changelog ==
+ 
+= 1.0.0 =
+
+* Offer to return to a current session from regular login pages as well.
  
 = 0.1.1 =

stop-logging-me-out/tags/1.0.0/stop-logging-me-out.php

@@ -2 +2 @@
 /*
 Plugin Name: Stop Logging Me Out
-Description: WordPress logs you out again when you revisit a tab/window where a previous session had expired.
-Version: 0.1.1
+Description: Stop a previously expired session's login page from forcibly logging you out of your current session.
+Version: 1.0.0
 Requires at least: 4.0.0
 Requires PHP: 7.0.0
@@ -14 +14 @@
 
 (function() {
-    $cookie_name = 'slmo_last_login_' . COOKIEHASH;
-    $cookie_path = function() {
+    $slmo_cookie_name = 'slmo_last_login_' . COOKIEHASH;
+    $slmo_cookie_path = function() {
         static $path;
         if ($path === null) {
             list($path) = explode('?', preg_replace(
-                '|https?://[^/]+|i' # same pattern as used in wp-includes/default-constants.php, for performance
+                '|https?://[^/]+|i' # same as used in COOKIEPATH definition, for performance
                 , ''
                 , wp_login_url()
@@ -31 +31 @@
     $slmo_expire = null;
     $slmo_user_id = 0;
-    $keep_login_cookies = false;
-    $modify_login = 0;
+    $slmo_retain_cookies = false;
+    $slmo_modify_login = 0;
 
     # change boolean reauth value to a timestamp
@@ -81 +81 @@
     add_action(
         'clear_auth_cookie'
-        , function() use (&$keep_login_cookies, &$slmo_user_id) {
-            $keep_login_cookies = false;
+        , function() use (&$slmo_retain_cookies, &$slmo_user_id) {
+            $slmo_retain_cookies = false;
             $slmo_user_id = 0;
         }
@@ -91 +91 @@
     add_filter(
         'send_auth_cookies'
-        , function($send_auth_cookies) use (&$slmo_send_auth_cookies, &$slmo_user_id, &$keep_login_cookies, $cookie_name, $cookie_path) {
+        , function($send_auth_cookies) use (&$slmo_send_auth_cookies, &$slmo_user_id, &$slmo_retain_cookies, $slmo_cookie_name, $slmo_cookie_path) {
             if ($slmo_user_id) {
                 $slmo_send_auth_cookies = $send_auth_cookies;
             }
-            elseif ($keep_login_cookies) {
+            elseif ($slmo_retain_cookies) {
                 $send_auth_cookies = false; # unnecessary session destruction stopped
             }
             elseif ($send_auth_cookies) {
-                setcookie($cookie_name, ' ', time() - YEAR_IN_SECONDS, $cookie_path(), COOKIE_DOMAIN); # real logout
+                setcookie($slmo_cookie_name, ' ', time() - YEAR_IN_SECONDS, $slmo_cookie_path(), COOKIE_DOMAIN); # real logout
             }
             return $send_auth_cookies;
@@ -108 +108 @@
     add_action(
         'wp_login'
-        , function($user_login) use ($cookie_name, $cookie_path, &$slmo_secure_logged_in_cookie, &$slmo_expire, &$slmo_send_auth_cookies) {
+        , function($user_login) use ($slmo_cookie_name, $slmo_cookie_path, &$slmo_secure_logged_in_cookie, &$slmo_expire, &$slmo_send_auth_cookies) {
             if ($slmo_send_auth_cookies) {
-                setcookie($cookie_name, time(), $slmo_expire, $cookie_path(), COOKIE_DOMAIN, $slmo_secure_logged_in_cookie);
+                setcookie($slmo_cookie_name, time(), $slmo_expire, $slmo_cookie_path(), COOKIE_DOMAIN, $slmo_secure_logged_in_cookie);
             }
         }
@@ -118 +118 @@
     add_filter(
         'wp_login_errors'
-        , function($errors, $redirect_to) use ($cookie_name, &$keep_login_cookies, &$modify_login) {
+        , function($errors, $redirect_to) use ($slmo_cookie_name, &$slmo_retain_cookies, &$slmo_modify_login) {
+            $min = 1680000000;
             if (
-                !$errors->has_errors()
-                && !empty($_REQUEST['reauth'])
-                && $_REQUEST['reauth'] > 1680000000 # assume our modified value
+                (
+                    !$errors->has_errors()
+                    || $errors->get_error_codes() === ['loggedout']
+                )
+                && (
+                    ($unforced = empty($_REQUEST['reauth']))
+                    || $_REQUEST['reauth'] > $min # assume our modified value
+                )
             ) {
-                $modify_login = (int) $_REQUEST['reauth'];
+                $slmo_modify_login = $unforced ? $min : (int) $_REQUEST['reauth'];
                 if (
-                    !empty($_COOKIE[$cookie_name])
-                    && (int) $_COOKIE[$cookie_name] > $modify_login # logged in again since WP required reauth
+                    !empty($_COOKIE[$slmo_cookie_name])
+                    && (int) $_COOKIE[$slmo_cookie_name] > $slmo_modify_login # not reauth, or logged in again since WP required reauth
                 ) {
-                    if (wp_parse_auth_cookie('', $scheme = 'logged_in')) {
-                        if (wp_validate_auth_cookie('', $scheme)) {
-                            wp_safe_redirect($redirect_to);
+                    if (wp_parse_auth_cookie('', 'logged_in')) {
+                        if (
+                            ($user = wp_get_current_user())
+                            && $user->exists()
+                        ) {
+                            # extra redirect logic duplicated from wp-login.php
+                            if ( ( empty( $redirect_to ) || 'wp-admin/' === $redirect_to || admin_url() === $redirect_to ) ) {
+                                // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
+                                if ( is_multisite() && ! get_active_blog_for_user( $user->ID ) && ! is_super_admin( $user->ID ) ) {
+                                    $redirect_to = user_admin_url();
+                                } elseif ( is_multisite() && ! $user->has_cap( 'read' ) ) {
+                                    $redirect_to = get_dashboard_url( $user->ID );
+                                } elseif ( ! $user->has_cap( 'edit_posts' ) ) {
+                                    $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url();
+                                }
+
+                                wp_redirect( $redirect_to );
+                                exit;
+                            }
+
+                            wp_safe_redirect( $redirect_to );
                             exit;
                         }
-                        $keep_login_cookies = true; # cookies may still be valid for grace-period, etc., but this page normally wipes them
+                        $slmo_retain_cookies = true; # cookies may still be valid for grace-period, etc., but login page normally wipes them
                     }
                     $errors->add(
                         'slmo_no_redir'
-                        , esc_html__('You could not be authenticated in order to return you to the original page. You will need to log in again.', 'stop-logging-me-out')
+                        , esc_html__('You could not be authenticated in order to return you to your session. You will need to log in again.', 'stop-logging-me-out')
                     );
-                    $modify_login = time(); # hold off focus detection until after next login
+                    $slmo_modify_login = time(); # hold off focus detection until after next login
                 }
             }
@@ -151 +175 @@
     add_action(
         'login_footer'
-        , function() use (&$modify_login, $cookie_name) {
-            if ($modify_login) {
+        , function() use (&$slmo_modify_login, $slmo_cookie_name) {
+            if ($slmo_modify_login) {
                 printf(
                     <<<'EOHTML'
@@ -202 +226 @@
 </script>
 EOHTML
-                    , json_encode($cookie_name)
-                    , $modify_login
+                    , json_encode($slmo_cookie_name)
+                    , $slmo_modify_login
                     , json_encode(wp_strip_all_tags(
-                        __('You have logged in again since this page automatically logged you out. Would you like to try returning to it?', 'stop-logging-me-out')
+                        empty($_REQUEST['reauth']) ?
+                            __('You have logged in again since this page loaded. Would you like to try returning to your session?', 'stop-logging-me-out') :
+                            __('You have logged in again since this page automatically logged you out. Would you like to try returning to it?', 'stop-logging-me-out')
                     ))
                 );  

stop-logging-me-out/trunk/languages/stop-logging-me-out.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: Stop Logging Me Out 0.1.1\n"
+"Project-Id-Version: Stop Logging Me Out 1.0.0\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/stop-logging-me-out\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2023-06-20T14:46:34+09:30\n"
+"POT-Creation-Date: 2024-05-06T05:36:58+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"X-Generator: WP-CLI 2.6.0\n"
+"X-Generator: WP-CLI 2.9.0\n"
 "X-Domain: stop-logging-me-out\n"
 
@@ -20 +20 @@
 
 #. Description of the plugin
-msgid "WordPress logs you out again when you revisit a tab/window where a previous session had expired."
+msgid "Stop a previously expired session's login page from forcibly logging you out of your current session."
 msgstr ""
 
@@ -31 +31 @@
 msgstr ""
 
-#: stop-logging-me-out.php:140
-msgid "You could not be authenticated in order to return you to the original page. You will need to log in again."
+#: stop-logging-me-out.php:164
+msgid "You could not be authenticated in order to return you to your session. You will need to log in again."
 msgstr ""
 
-#: stop-logging-me-out.php:207
+#: stop-logging-me-out.php:232
+msgid "You have logged in again since this page loaded. Would you like to try returning to your session?"
+msgstr ""
+
+#: stop-logging-me-out.php:233
 msgid "You have logged in again since this page automatically logged you out. Would you like to try returning to it?"
 msgstr ""

stop-logging-me-out/trunk/readme.txt

@@ -3 +3 @@
 Tags: login, sessions, annoyances
 Requires at least: 4.0.0
-Tested up to: 6.2.2
-Stable tag: 0.1.1
+Tested up to: 6.5.2
+Stable tag: 1.0.0
 Requires PHP: 7.0.0
 License: GPLv2 or later
@@ -13 +13 @@
 == Description ==
 
-WordPress asks you to reauthenticate when your session expires, or for other security reasons. This is great *except* when you've just done so, and it logs you out again each time you visit a similar but obsolete reauthentication log in page.
+WordPress asks you to reauthenticate when your session expires, or for other security reasons. This is great *except* when you've just done so, and WordPress mistakenly believes you need to do it again and again.
 
-This plugin interacts with the login system, so may not work in rare instances where that system is already being modified by other third party code in a way that isn't completely compatible with the default WordPress functions.
+This plugin modifies a small portion the login system to prevent login cookies being erased when they don't need to. It may not work in rare instances where that system is already being modified by other third party code in a way that isn't completely compatible with the default WordPress functions.
 
 == Installation ==
@@ -21 +21 @@
 Install in the usual manner by searching for this plugin by name, or uploading it, on your **Add Plugins** page.
 
-No configuration is required but it only fixes reauthentication pages that were generated *after* the plugin was installed.
+No configuration is required but it only fixes reauthentication pages generated *after* the plugin is installed, so visiting any that have the old `reauth=1` in the URL will still trigger WordPress' bad behaviour.
 
 == Changelog ==
+ 
+= 1.0.0 =
+
+* Offer to return to a current session from regular login pages as well.
  
 = 0.1.1 =

stop-logging-me-out/trunk/stop-logging-me-out.php

@@ -2 +2 @@
 /*
 Plugin Name: Stop Logging Me Out
-Description: WordPress logs you out again when you revisit a tab/window where a previous session had expired.
-Version: 0.1.1
+Description: Stop a previously expired session's login page from forcibly logging you out of your current session.
+Version: 1.0.0
 Requires at least: 4.0.0
 Requires PHP: 7.0.0
@@ -14 +14 @@
 
 (function() {
-    $cookie_name = 'slmo_last_login_' . COOKIEHASH;
-    $cookie_path = function() {
+    $slmo_cookie_name = 'slmo_last_login_' . COOKIEHASH;
+    $slmo_cookie_path = function() {
         static $path;
         if ($path === null) {
             list($path) = explode('?', preg_replace(
-                '|https?://[^/]+|i' # same pattern as used in wp-includes/default-constants.php, for performance
+                '|https?://[^/]+|i' # same as used in COOKIEPATH definition, for performance
                 , ''
                 , wp_login_url()
@@ -31 +31 @@
     $slmo_expire = null;
     $slmo_user_id = 0;
-    $keep_login_cookies = false;
-    $modify_login = 0;
+    $slmo_retain_cookies = false;
+    $slmo_modify_login = 0;
 
     # change boolean reauth value to a timestamp
@@ -81 +81 @@
     add_action(
         'clear_auth_cookie'
-        , function() use (&$keep_login_cookies, &$slmo_user_id) {
-            $keep_login_cookies = false;
+        , function() use (&$slmo_retain_cookies, &$slmo_user_id) {
+            $slmo_retain_cookies = false;
             $slmo_user_id = 0;
         }
@@ -91 +91 @@
     add_filter(
         'send_auth_cookies'
-        , function($send_auth_cookies) use (&$slmo_send_auth_cookies, &$slmo_user_id, &$keep_login_cookies, $cookie_name, $cookie_path) {
+        , function($send_auth_cookies) use (&$slmo_send_auth_cookies, &$slmo_user_id, &$slmo_retain_cookies, $slmo_cookie_name, $slmo_cookie_path) {
             if ($slmo_user_id) {
                 $slmo_send_auth_cookies = $send_auth_cookies;
             }
-            elseif ($keep_login_cookies) {
+            elseif ($slmo_retain_cookies) {
                 $send_auth_cookies = false; # unnecessary session destruction stopped
             }
             elseif ($send_auth_cookies) {
-                setcookie($cookie_name, ' ', time() - YEAR_IN_SECONDS, $cookie_path(), COOKIE_DOMAIN); # real logout
+                setcookie($slmo_cookie_name, ' ', time() - YEAR_IN_SECONDS, $slmo_cookie_path(), COOKIE_DOMAIN); # real logout
             }
             return $send_auth_cookies;
@@ -108 +108 @@
     add_action(
         'wp_login'
-        , function($user_login) use ($cookie_name, $cookie_path, &$slmo_secure_logged_in_cookie, &$slmo_expire, &$slmo_send_auth_cookies) {
+        , function($user_login) use ($slmo_cookie_name, $slmo_cookie_path, &$slmo_secure_logged_in_cookie, &$slmo_expire, &$slmo_send_auth_cookies) {
             if ($slmo_send_auth_cookies) {
-                setcookie($cookie_name, time(), $slmo_expire, $cookie_path(), COOKIE_DOMAIN, $slmo_secure_logged_in_cookie);
+                setcookie($slmo_cookie_name, time(), $slmo_expire, $slmo_cookie_path(), COOKIE_DOMAIN, $slmo_secure_logged_in_cookie);
             }
         }
@@ -118 +118 @@
     add_filter(
         'wp_login_errors'
-        , function($errors, $redirect_to) use ($cookie_name, &$keep_login_cookies, &$modify_login) {
+        , function($errors, $redirect_to) use ($slmo_cookie_name, &$slmo_retain_cookies, &$slmo_modify_login) {
+            $min = 1680000000;
             if (
-                !$errors->has_errors()
-                && !empty($_REQUEST['reauth'])
-                && $_REQUEST['reauth'] > 1680000000 # assume our modified value
+                (
+                    !$errors->has_errors()
+                    || $errors->get_error_codes() === ['loggedout']
+                )
+                && (
+                    ($unforced = empty($_REQUEST['reauth']))
+                    || $_REQUEST['reauth'] > $min # assume our modified value
+                )
             ) {
-                $modify_login = (int) $_REQUEST['reauth'];
+                $slmo_modify_login = $unforced ? $min : (int) $_REQUEST['reauth'];
                 if (
-                    !empty($_COOKIE[$cookie_name])
-                    && (int) $_COOKIE[$cookie_name] > $modify_login # logged in again since WP required reauth
+                    !empty($_COOKIE[$slmo_cookie_name])
+                    && (int) $_COOKIE[$slmo_cookie_name] > $slmo_modify_login # not reauth, or logged in again since WP required reauth
                 ) {
-                    if (wp_parse_auth_cookie('', $scheme = 'logged_in')) {
-                        if (wp_validate_auth_cookie('', $scheme)) {
-                            wp_safe_redirect($redirect_to);
+                    if (wp_parse_auth_cookie('', 'logged_in')) {
+                        if (
+                            ($user = wp_get_current_user())
+                            && $user->exists()
+                        ) {
+                            # extra redirect logic duplicated from wp-login.php
+                            if ( ( empty( $redirect_to ) || 'wp-admin/' === $redirect_to || admin_url() === $redirect_to ) ) {
+                                // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
+                                if ( is_multisite() && ! get_active_blog_for_user( $user->ID ) && ! is_super_admin( $user->ID ) ) {
+                                    $redirect_to = user_admin_url();
+                                } elseif ( is_multisite() && ! $user->has_cap( 'read' ) ) {
+                                    $redirect_to = get_dashboard_url( $user->ID );
+                                } elseif ( ! $user->has_cap( 'edit_posts' ) ) {
+                                    $redirect_to = $user->has_cap( 'read' ) ? admin_url( 'profile.php' ) : home_url();
+                                }
+
+                                wp_redirect( $redirect_to );
+                                exit;
+                            }
+
+                            wp_safe_redirect( $redirect_to );
                             exit;
                         }
-                        $keep_login_cookies = true; # cookies may still be valid for grace-period, etc., but this page normally wipes them
+                        $slmo_retain_cookies = true; # cookies may still be valid for grace-period, etc., but login page normally wipes them
                     }
                     $errors->add(
                         'slmo_no_redir'
-                        , esc_html__('You could not be authenticated in order to return you to the original page. You will need to log in again.', 'stop-logging-me-out')
+                        , esc_html__('You could not be authenticated in order to return you to your session. You will need to log in again.', 'stop-logging-me-out')
                     );
-                    $modify_login = time(); # hold off focus detection until after next login
+                    $slmo_modify_login = time(); # hold off focus detection until after next login
                 }
             }
@@ -151 +175 @@
     add_action(
         'login_footer'
-        , function() use (&$modify_login, $cookie_name) {
-            if ($modify_login) {
+        , function() use (&$slmo_modify_login, $slmo_cookie_name) {
+            if ($slmo_modify_login) {
                 printf(
                     <<<'EOHTML'
@@ -202 +226 @@
 </script>
 EOHTML
-                    , json_encode($cookie_name)
-                    , $modify_login
+                    , json_encode($slmo_cookie_name)
+                    , $slmo_modify_login
                     , json_encode(wp_strip_all_tags(
-                        __('You have logged in again since this page automatically logged you out. Would you like to try returning to it?', 'stop-logging-me-out')
+                        empty($_REQUEST['reauth']) ?
+                            __('You have logged in again since this page loaded. Would you like to try returning to your session?', 'stop-logging-me-out') :
+                            __('You have logged in again since this page automatically logged you out. Would you like to try returning to it?', 'stop-logging-me-out')
                     ))
                 );