Change WordPress user roles and capabilities Forums How to or FAQ User logout without confirmation?

Tagged: , ,

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #7524
    Southside
    Participant

    Hi I have been using a special plugin to easy make login/logout item in the navigation menu. But I now want to remove that plugin, it is not necessary since I can easily make my own custom nav links to the login page and a logout action. And show them to the right user role (logged in or logged out) with the help of ypur plugin.

    But! When I do set the Logout menu item to “/wp-login.php?action=logout” it takes med to a confirmation page “Do you really want to logout?” I do not want that message/page!

    With the former login/logout plugin that confirmation was hidden. I don´t know how and have googled it, but I see many different solutions and not sure wich one is safe to use…

    Do you know what PHP code to use to skip that confirmation page for all users, when I use your plugin?
    Or do you already have some easy login/logout menu item function in your plugin that I haven´t found?

    I think it is a vital part of a user role plugin, since it is very much about a lot of people loggin in and loggin out easy and elegant. Would be super if this could be an easy alternative to choose when you make a menu.

    #7525
    Vladimir
    Keymaster

    Hi,

    Such confirmation comes out from the check_admin_referer('log-out'); function call, which if it does not find the valid _wpnonce value at logout URL shows the mentioned page with logout confirmation request:

    
    function wp_nonce_ays( $action ) {
    	if ( 'log-out' === $action ) {
    		$html = sprintf(
    			/* translators: %s: Site title. */
    			__( 'You are attempting to log out of %s' ),
    			get_bloginfo( 'name' )
    		);
    		$html       .= '</p><p>';
    		$redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
    		$html       .= sprintf(
    			/* translators: %s: Logout URL. */
    			__( 'Do you really want to <a href="%s">log out</a>?' ),
    			wp_logout_url( $redirect_to )
    		);
    	}
    

    As a workaround you can use the code below, which just ignores the result of _wpnonce checking:

    
    add_action( 'check_admin_referer', 'logout_without_confirm', 10, 2 );
    
    function logout_without_confirm( $action, $result ) {
        if ( $action!=='log-out' ) {
            return;
        }
        
        if ( $result ) {
            return;
        }
        
        // It's a copy of logout code from wp-login.php, from line #666, just after check_admin_referer( 'log-out' ); call
        $user = wp_get_current_user();
    
        wp_logout();
    
        if (!empty($_REQUEST['redirect_to'])) {
            $redirect_to = $_REQUEST['redirect_to'];
            $requested_redirect_to = $redirect_to;
        } else {
            $redirect_to = add_query_arg(
                array(
                'loggedout' => 'true',
                'wp_lang' => get_user_locale($user),
                ), wp_login_url()
            );
    
            $requested_redirect_to = '';
        }
    
        /**
         * Filters the log out redirect URL.
         *
         * @since 4.2.0
         *
         * @param string  $redirect_to           The redirect destination URL.
         * @param string  $requested_redirect_to The requested redirect destination URL passed as a parameter.
         * @param WP_User $user                  The WP_User object for the user that's logging out.
         */
        $redirect_to = apply_filters('logout_redirect', $redirect_to, $requested_redirect_to, $user);
    
        wp_safe_redirect($redirect_to);
        exit;
        
    }
    

    I think it’s safe as there is nothing more safer than just logout currently logged in user without any other conditions.

    #7526
    Southside
    Participant

    Thank you! I will test that.

    The code I found when I googled was short and had a different approach, adding nonce (if I understand correct).
    I do not know if this code is better/safer, or if it is working the way I need. Maybe I test both.

    /**
     *  Add nonce to logout URL in navigation
     */
    
    function add_logout_url_nonce($items){
      foreach($items as $item){
        if( $item->url == '/wp-login.php?action=logout'){
             $item->url = $item->url . '?redirect_url=/&_wpnonce=' . wp_create_nonce( 'log-out' );
        }
      }
      return $items;
    
    }
    
    add_filter('wp_nav_menu_objects', 'add_logout_url_nonce');
    
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.