[Defender] Mask Login Area redirect issue

I use /login as the masked login url on my multisite.
After logging into a sub-site using the masked login such as subsitedomain.com/login , using also different admin account for this subsite I get redirected to mainsite.com/wp-admin/users which is not accessible for my sub-site admins.

  • Dave

    Found a temporary solution. This bug is caused by the domain mapping plugin. In add_propagation_script() function on \domain-mapping\classes\Domainmap\Module\Cdsso.php, the $redirect_to variable is not updated with the new login url set in wp defender mask login settings. So I added this code below:

    if ( is_plugin_active( 'wp-defender/wp-defender.php' ) ) {
    	$settings = \WP_Defender\Module\Advanced_Tools\Model\Mask_Settings::instance();
    	if( $settings->enabled == true ) {
    		$redirect_to = \WP_Defender\Module\Advanced_Tools\Component\Mask_Api::getNewLoginUrl();
    	}
    }

    the function now looks like this:

    public function add_propagation_script() {
    	global $redirect_to, $user;
    
    	if ( !$this->_do_propagation ) {
    		return;
    	}
    
    	if ( ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) {
    		// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
    		if ( is_multisite() && !get_active_blog_for_user( $user->ID ) && !is_super_admin( $user->ID ) ) {
    			$redirect_to = user_admin_url();
    		} elseif ( is_multisite() && !$user->has_cap( 'read' ) ) {
    			$redirect_to = get_dashboard_url( $user->ID );
    		} elseif ( !$user->has_cap( 'edit_posts' ) ) {
    			$redirect_to = admin_url( 'profile.php' );
    		}
    	}
    	if ( is_plugin_active( 'wp-defender/wp-defender.php' ) ) {
    		$settings = \WP_Defender\Module\Advanced_Tools\Model\Mask_Settings::instance();
    		if( $settings->enabled == true ) {
    			$redirect_to = \WP_Defender\Module\Advanced_Tools\Component\Mask_Api::getNewLoginUrl();
    		}
    	}
    	?>
    	<script <?php echo $this->_async ? "async='true'" : ""; ?>  type="text/javascript">
    		function domainmap_do_redirect() { window.location = "<?php echo $redirect_to ?>"; }
    		setTimeout(domainmap_do_redirect, 5000);
    	</script>
    
    	<?php
    
    	$url = add_query_arg( array(
    			'action' => self::ACTION_PROPAGATE_USER,
    			'auth'   => wp_generate_auth_cookie( $user->ID, time() + MINUTE_IN_SECONDS ),
    	), $this->get_main_ajax_url() );
    
    	$this->_add_script( $url );
    }

    There's no filter for the $redirect_url so I just placed that directly in the plugin.

  • Nithin

    Hi,

    Extremely sorry for the delay in fixing this issue, and I do see such delays affecting your workflow. The fix is slated for the plugin release, however at the moment I'm afraid, I don't have an exact ETA regarding this.

    I'm checking with our developer to see whether there is any patch that could be shared regarding this and will keep you updated asap.

    Dave Really appreciate your effort for sharing a temporary solution regarding this, sending some points your way.

    Regards,
    Nithin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.