User logout without confirmation?

[Southside]

Hi I have been using a special plugin to easy make login/logout item in the navigation menu. But I now want to remove that plugin, it is not necessary since I can easily make my own custom nav links to the login page and a logout action. And show them to the right user role (logged in or logged out) with the help of ypur plugin.

But! When I do set the Logout menu item to “/wp-login.php?action=logout” it takes med to a confirmation page “Do you really want to logout?” I do not want that message/page!

With the former login/logout plugin that confirmation was hidden. I don´t know how and have googled it, but I see many different solutions and not sure wich one is safe to use…

Do you know what PHP code to use to skip that confirmation page for all users, when I use your plugin?
Or do you already have some easy login/logout menu item function in your plugin that I haven´t found?

I think it is a vital part of a user role plugin, since it is very much about a lot of people loggin in and loggin out easy and elegant. Would be super if this could be an easy alternative to choose when you make a menu.

[Vladimir]

Hi,

Such confirmation comes out from the check_admin_referer('log-out'); function call, which if it does not find the valid _wpnonce value at logout URL shows the mentioned page with logout confirmation request:

function wp_nonce_ays( $action ) {
	if ( 'log-out' === $action ) {
		$html = sprintf(
			/* translators: %s: Site title. */
			__( 'You are attempting to log out of %s' ),
			get_bloginfo( 'name' )
		);
		$html       .= '</p><p>';
		$redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
		$html       .= sprintf(
			/* translators: %s: Logout URL. */
			__( 'Do you really want to <a href="%s">log out</a>?' ),
			wp_logout_url( $redirect_to )
		);
	}

As a workaround you can use the code below, which just ignores the result of _wpnonce checking:

add_action( 'check_admin_referer', 'logout_without_confirm', 10, 2 );

function logout_without_confirm( $action, $result ) {
    if ( $action!=='log-out' ) {
        return;
    }
    
    if ( $result ) {
        return;
    }
    
    // It's a copy of logout code from wp-login.php, from line #666, just after check_admin_referer( 'log-out' ); call
    $user = wp_get_current_user();

    wp_logout();

    if (!empty($_REQUEST['redirect_to'])) {
        $redirect_to = $_REQUEST['redirect_to'];
        $requested_redirect_to = $redirect_to;
    } else {
        $redirect_to = add_query_arg(
            array(
            'loggedout' => 'true',
            'wp_lang' => get_user_locale($user),
            ), wp_login_url()
        );

        $requested_redirect_to = '';
    }

    /**
     * Filters the log out redirect URL.
     *
     * @since 4.2.0
     *
     * @param string  $redirect_to           The redirect destination URL.
     * @param string  $requested_redirect_to The requested redirect destination URL passed as a parameter.
     * @param WP_User $user                  The WP_User object for the user that's logging out.
     */
    $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);

    wp_safe_redirect($redirect_to);
    exit;
    
}

I think it’s safe as there is nothing more safer than just logout currently logged in user without any other conditions.

[Southside]

Thank you! I will test that.

The code I found when I googled was short and had a different approach, adding nonce (if I understand correct).
I do not know if this code is better/safer, or if it is working the way I need. Maybe I test both.

/**
 *  Add nonce to logout URL in navigation
 */

function add_logout_url_nonce($items){
  foreach($items as $item){
    if( $item->url == '/wp-login.php?action=logout'){
         $item->url = $item->url . '?redirect_url=/&_wpnonce=' . wp_create_nonce( 'log-out' );
    }
  }
  return $items;

}

add_filter('wp_nav_menu_objects', 'add_logout_url_nonce');

[Author]

Posts