Change WordPress user roles and capabilities › Forums › How to or FAQ › User logout without confirmation?
- This topic has 2 replies, 2 voices, and was last updated 3 years, 8 months ago by Southside.
-
AuthorPosts
-
11/04/2021 at 14:58 #7524SouthsideParticipant
Hi I have been using a special plugin to easy make login/logout item in the navigation menu. But I now want to remove that plugin, it is not necessary since I can easily make my own custom nav links to the login page and a logout action. And show them to the right user role (logged in or logged out) with the help of ypur plugin.
But! When I do set the Logout menu item to “/wp-login.php?action=logout” it takes med to a confirmation page “Do you really want to logout?” I do not want that message/page!
With the former login/logout plugin that confirmation was hidden. I don´t know how and have googled it, but I see many different solutions and not sure wich one is safe to use…
Do you know what PHP code to use to skip that confirmation page for all users, when I use your plugin?
Or do you already have some easy login/logout menu item function in your plugin that I haven´t found?I think it is a vital part of a user role plugin, since it is very much about a lot of people loggin in and loggin out easy and elegant. Would be super if this could be an easy alternative to choose when you make a menu.
12/04/2021 at 06:13 #7525VladimirKeymasterHi,
Such confirmation comes out from the
check_admin_referer('log-out');
function call, which if it does not find the valid _wpnonce value at logout URL shows the mentioned page with logout confirmation request:function wp_nonce_ays( $action ) { if ( 'log-out' === $action ) { $html = sprintf( /* translators: %s: Site title. */ __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ); $html .= '</p><p>'; $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; $html .= sprintf( /* translators: %s: Logout URL. */ __( 'Do you really want to <a href="%s">log out</a>?' ), wp_logout_url( $redirect_to ) ); }
As a workaround you can use the code below, which just ignores the result of _wpnonce checking:
add_action( 'check_admin_referer', 'logout_without_confirm', 10, 2 ); function logout_without_confirm( $action, $result ) { if ( $action!=='log-out' ) { return; } if ( $result ) { return; } // It's a copy of logout code from wp-login.php, from line #666, just after check_admin_referer( 'log-out' ); call $user = wp_get_current_user(); wp_logout(); if (!empty($_REQUEST['redirect_to'])) { $redirect_to = $_REQUEST['redirect_to']; $requested_redirect_to = $redirect_to; } else { $redirect_to = add_query_arg( array( 'loggedout' => 'true', 'wp_lang' => get_user_locale($user), ), wp_login_url() ); $requested_redirect_to = ''; } /** * Filters the log out redirect URL. * * @since 4.2.0 * * @param string $redirect_to The redirect destination URL. * @param string $requested_redirect_to The requested redirect destination URL passed as a parameter. * @param WP_User $user The WP_User object for the user that's logging out. */ $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user); wp_safe_redirect($redirect_to); exit; }
I think it’s safe as there is nothing more safer than just logout currently logged in user without any other conditions.
12/04/2021 at 06:53 #7526SouthsideParticipantThank you! I will test that.
The code I found when I googled was short and had a different approach, adding nonce (if I understand correct).
I do not know if this code is better/safer, or if it is working the way I need. Maybe I test both./** * Add nonce to logout URL in navigation */ function add_logout_url_nonce($items){ foreach($items as $item){ if( $item->url == '/wp-login.php?action=logout'){ $item->url = $item->url . '?redirect_url=/&_wpnonce=' . wp_create_nonce( 'log-out' ); } } return $items; } add_filter('wp_nav_menu_objects', 'add_logout_url_nonce');
-
AuthorPosts
- You must be logged in to reply to this topic.