File: /wordpress/plugins/wp-cloud-client/1.2.0/src/Access/LoginPageGuard.php
<?php
declare(strict_types=1);
namespace VPlugins\WPCloudClient\Access;
use VPlugins\WPCloudClient\Settings\SettingsRepository;
class LoginPageGuard {
/**
* Login-page actions that must always reach native handling, even when the
* login page is hidden (logout, lost-password and reset-password flows).
*
* @var string[]
*/
private const ALLOWED_ACTIONS = [ 'logout', 'lostpassword', 'rp', 'resetpass' ];
/**
* Construct the login page guard.
*
* @param SettingsRepository $settings Settings repository.
*/
public function __construct(
private readonly SettingsRepository $settings,
) {}
/**
* Hooked to `init`. Redirects unauthenticated visitors away from
* wp-login.php when the login page is hidden.
*
* Mirrors the bootstrapper's WSP_EXPOSE_WP_LOGIN behaviour: the native
* login page is hidden by default and direct access is redirected to the
* manager URL (falling back to the site home). One-click login, logout and
* password-reset flows are always allowed through.
*
* @return void
*/
public function handle(): void {
if ( ( $GLOBALS['pagenow'] ?? '' ) !== 'wp-login.php' ) {
return;
}
// Authenticated users keep full access to the login page.
if ( is_user_logged_in() ) {
return;
}
// Manager has explicitly exposed the login page — do nothing.
if ( $this->settings->isLoginExposed() ) {
return;
}
// One-click login (handled by LoginInterceptor on the same hook).
if ( isset( $_GET['wpcc_login_token'] ) ) {
return;
}
// Logout and password-reset flows must continue to work.
$action = isset( $_REQUEST['action'] )
? sanitize_key( wp_unslash( $_REQUEST['action'] ) )
: '';
if ( in_array( $action, self::ALLOWED_ACTIONS, true ) ) {
return;
}
$target = $this->settings->getLoginRedirectUrl();
if ( '' === $target ) {
$target = home_url();
}
// External host, so wp_redirect (not wp_safe_redirect), matching the
// bootstrapper's redirect to the Portal. esc_url_raw() guards against a
// malformed or javascript:-scheme URL supplied by the manager.
wp_redirect( esc_url_raw( $target ) );
exit;
}
}