Skip to content

Fix login redirect issue #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix login redirect issue #44

wants to merge 3 commits into from

Conversation

marcusquinn
Copy link
Contributor

Fix Login Redirect Issue and Enhance Login Form

Description

This PR addresses two related issues:

  1. Login Redirect Loop: Users were unable to log in through the frontend login form or access the WordPress admin login page due to a redirection loop between the custom login page and wp-login.php.

  2. Login Form Caching Issues: The frontend login form on the /account/ page was not working properly due to caching issues.

Changes Made

Emergency Login Feature

  1. Modified maybe_obfuscate_login_url() in inc/checkout/class-checkout-pages.php to add an emergency login parameter check
  2. Modified handle_auth_redirect() in inc/sso/class-sso.php to add the same emergency login parameter check
  3. Added documentation for the emergency login feature in docs/emergency-login.md

AJAX Login Functionality

  1. Created new JavaScript files (login-ajax.js and login-ajax.min.js) to handle AJAX login submissions
  2. Updated the Login Form Element class to register and enqueue the AJAX login script
  3. Modified the login form template to add a class for JavaScript targeting
  4. Added an AJAX handler in the Ajax class to process login requests

Benefits

  • Provides a reliable way to access the WordPress login page when needed via the emergency login parameter
  • Fixes login issues that could lock administrators out of their sites
  • Enhances the frontend login form to use AJAX, bypassing caching issues
  • Improves user experience with better error handling and feedback
  • Maintains security by still redirecting normal login attempts to the custom login page

Testing

  1. Test logging in through the frontend login form on the /account/ page
  2. Test accessing wp-admin when logged out
  3. Test the emergency login parameter by visiting /wp-login.php?emergency_login=1
  4. Verify that the normal login flow still works for regular users
  5. Test login with incorrect credentials to verify error handling

Usage

Emergency Login

If a site administrator gets locked out of their site, they can use the emergency login parameter to access the WordPress login page directly:

https://example.com/wp-login.php?emergency_login=1

AJAX Login

The frontend login form now uses AJAX to submit login requests, which:

  • Bypasses page caching issues
  • Provides immediate feedback on login errors
  • Prevents page refreshes on failed login attempts
  • Redirects to the appropriate page on successful login

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@marcusquinn