The MU forums have moved to WordPress.org

wp-signup for logged-in users ONLY (2 posts)

  1. anjovis
    Member
    Posted 16 years ago #

    Is there aa simple way to protect the wp-signup.php in the same way as wp-admin? My script so far does:

    1) clicking "login" redirects (custom scripts in pluggable.php) to ous SSO-service, then runs wp_set_current_user() to make them logged in if they already exist in the database, or additionally creates them if they don't yet exist.

    2) at this point they have no blogs (obviously) but only usernames which is exactly as I want it to be :)

    3) I want to run the same script on wp-signup.php so as they go to wp-signup, if they are logged in they get the "welcome back xxx, create new blog" bit. What actually happens is that they get the whole new username + new blog registration form, which is no good.

    So far so good, but I only want logged-in (via SSO) users to be able to signup for a blog. There is no hook that runs before the signup-process? There must be, right, although I could not find any.

    Also trying to include my custom script in the page causes a whole lot of "undefined function/class" errors, though I tried to include just about all files with functions I could think of...

    Any quick way to achieve what I'm after? I'm running 1.2.4 (the newest version was causing me a lot of grief with infinite redirects)

  2. anjovis
    Member
    Posted 16 years ago #

    Answering to myself :)

    I added a hook to wp-signup (do_action('signup_form'))
    Then created a function cas_auth_redirect() in my pluggable.php, and in that function call my previously customized auth_redirect().

    And that seems to be it! I't almost working but for some Single Sign-on library related issues/non-fatal eror messages, but so far so good!

About this Topic