Bug: Automessage gives users access to admin blog

Background: Using GravityForms + ProSites to create new sites for users. Upon form submission users are redirect to the dashboard of their new website. This redirect works by redirecting users to the main site dashboard (domain.com/wp-admin). But instead of telling the user that they are not a member of this site and showing what sites they're a member of it automatically redirects them to their own site.

Bug: When Automessage is active instead of redirecting users to the dashboard of their own site (i.e. subdomain.domain.com/wp-admin), they're redirected to the main site dashboard (domain.com/wp-admin). When any link is clicked it automatically redirects them to their own dashboard, but this shouldn't be happening in the first place.

I've tested this many times over the past couple hours creating multiple sites and it happens 100% of the time when Automessage is active and 0% of the time when Automessage is inactive. The issue seems to be Automessage temporarily giving the user access to the dashboard of the site even though they're not a member.

  • Michael Bissett

    Hey @Gabe,

    Gravity Forms & Pro Sites both have quite a few bells and whistles, I was hoping to get a better idea of your setup first before doing a test here, as I'd prefer to do the testing right the first time. :slight_smile:

    Since the contracts you have in place don't allow for us to log into the site, we'll need to take a different route. Would it be possible to send in screenshots of how you have things set up here? Particularly:

    - How you have the Gravity Form set up for Pro Sites
    - How you have this redirect set up:

    "Upon form submission users are redirect to the dashboard of their new website. This redirect works by redirecting users to the main site dashboard (domain.com/wp-admin). But instead of telling the user that they are not a member of this site and showing what sites they're a member of it automatically redirects them to their own site."

    If you'd prefer to send this in privately, could you please send in the following via our contact form:

    - Mark to my attention, the subject line should contain only: ATTN: Michael Bissett
    - Do not include anything else in the subject line, doing so may delay our response due to how email filtering works.
    - Link back to this thread
    - Include details/screenshots of the situation
    - Include any relevant URLs for your site

    On the contact form (linked to below), please select "I have a different question", this ensures it comes through and gets assigned to me.

    https://premium.wpmudev.org/contact/

    Thanks! :slight_smile:

    Kind Regards,
    Michael

  • Gabe

    @Michael Bissett

    To use GravityForms for signup I'm using the official GravityForms User Registration Add-On with the WPMUDEV Blog Templates Plugin. In the attached screenshot you'll see my settings for this. You'll also see a screenshot for the redirect upon submission of the signup form, which is just a redirect to the main site's admin area.

    Since the user is not a member of the main site they get the default "admin_page_access_denied" message which shows a list of sites they belong to. I hook into this message if the user isn't a member of this site and use wp_redirect to redirect them to their own site using the below with the user_login global and get_currentuserinfo(); with the "admin_page_access_denied" hook.

    if ( ( is_admin() ) && ( ! is_user_member_of_blog() ) ) {
        wp_redirect( 'https://' . $user_login . '.domain.com/wp-admin/' );
        exit;
      }

    The username is used as the prefix above because usernames are automatically used as the subdomain on our network, i.e. username.domain.com.

    This works fine typically, but when Automessage is active it redirects them to the main site's dashboard until they click any link, at which point they're redirected to their own dashboard.

  • Michael Bissett

    Hey @Gabe, my apologies for the extreme delay here! :slight_frown:

    I don't have the code for the $user_login variable, so I wasn't able to walk through all of how you've set things up here. As I was setting things up though, I got curious... in regards to the code you posted earlier:

    if ( ( is_admin() ) && ( ! is_user_member_of_blog() ) ) {
        wp_redirect( 'https://' . $user_login . '.domain.com/wp-admin/' );
        exit;
      }

    Do you have that wrapped inside of a function already? As I was walking through this, I had the idea to try inserting the following as a mu-plugin (making sure that it knows what the value of the $user_login variable is):

    <?php
    
    function my_redirect_function() {
    
    if ( ( is_admin() ) && ( !is_user_member_of_blog() ) ) {
        wp_redirect( 'https://' . $user_login . '.domain.com/wp-admin/' );
        exit;
      }
    
    }
    
    add_action ( 'admin_init', 'my_redirect_function' );

    Since it'd be wrapped up in a function, you would also have the option to adjust the priority of the function.

    How does that sound? :slight_smile:

    Please advise,
    Michael

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.