CUNY Academic Commons

For reference, the question here is related to a site, which has been locked down via More Privacy Options to " I would like my site to be visible only to users I add to it. "

There are two flows in question:
1. Non-logged-in user. The user is sent directly to wp-login.php on the main site.
2. Logged-in user who is not a member of the site. The user sees the interstitial in the screenshot and is redirected to wp-login.php on the main site after 8 seconds.

Part of the confusion here is that there's no status message shown on the login page. This appears to be because we redirect all logins to the main site, which means that MPO's registered_users_login_message() isn't able to work correctly. If it did work, users would at least see a message along the lines of "You must be a registered user to see this site" or whatever. Ray, I'm copying you here because I think that the login behavior is part of 1.13 changes. It's possible that we could fix this by detecting where the wp-login.php request came from (HTTP_REFERER? looking at the redirect_to param? a new URL parameter that we'd add specifically to MPO redirects?), but I'd like your thoughts on it. (Note that we're running a pretty old fork of MPO in mu-plugins, and we might want to consider updating the plugin before modifying it further.)

As for Michael's specific question about having a custom page: This is not currently possible. Is the idea that you'd choose a different page on your site to redirect non-authorized users to? The problem with that is that users wouldn't be authorized to view this page, so we'd need some magic to exclude it from the privacy redirects. Another thought is to be able to customize the "error" text on wp-login.php after redirect, but this requires that we first fix the issue described above.

My recommendation for now is that we do the necessary work to reinstate the lost message that should appear on wp-login.php, which will be general but far better than nothing, and then see where things stand. It could be that this additional language provides enough context for your users, with no further customization required.

For reference, the question here is related to a site, which has been locked down via More Privacy Options to " I would like my site to be visible only to users I add to it. "

Good catch. This is related to the changes we made to force logins to the main site - #5525.

I did not account for the messaging added by the More Privacy Options plugin. This is now implemented in the following commit - https://github.com/cuny-academic-commons/cac/commit/5a0ad40dcd737fa4ffed499254a389fa2a10a307.

It's possible that we could fix this by detecting where the wp-login.php request came from (HTTP_REFERER? looking at the redirect_to param? a new URL parameter that we'd add specifically to MPO redirects?), but I'd like your thoughts on it.

This is basically what I did. I added a parameter to the login redirect URL so I can track which site requires the additional messaging. Then, I added the message above the login form.

(Note that we're running a pretty old fork of MPO in mu-plugins, and we might want to consider updating the plugin before modifying it further.)

I chose not to update our fork for now because there looked to be some non-trivial changes:
https://github.com/cuny-academic-commons/cac/commits/1.13.x/wp-content/mu-plugins/ds_wp3_private_blog.php

One thing that I'd like to implement is to remove the interstitual for the "I would like my site to be visible only to users I add to it" option. Right now, if a non-site user visits such a site, a gray page with the message "Wait 8 seconds or click to continue" is displayed. After the 8 seconds, the user is redirected to the login page, which also displays similar messaging.