Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Wordpress admin-ajax results in Error 302 redirect

I have customized a plugin to make some ajax calls to admin-ajax.php and it works great. I copied the code over to another site and it no longer works for users who are not logged in.

From firebug:

POST http://<subdomain>.<server>/wp-admin/admin-ajax.php 302 Moved Temporarily 1.08s    

GET http://<subdomain>.<server>/ 200 OK

edit: The question is what could a theme possibly do to redirect ajax requests. The plugin has two hooks:

add_action( 'wp_ajax_em_ajax_getEvents', 'em_ajax_getEvents' ); // ajax for logged in users
add_action( 'wp_ajax_nopriv_em_ajax_getEvents', 'em_ajax_getEvents' ); // ajax for not logged in users

They both work fine on most sites, but one theme redirects requests from non logged in users somehow. Since these actions are specific to the plugin I am at a loss as to where to start looking.

SOLUTION: Big thanks to Ronald Huereca for the add_action( 'init' solution, that''s exactly where the offending redirect was hooking in, in an attempt to protect the admin area. Now I just need to find a safe fix here that doesn't compromise the theme's admin area, but also doesn't hamstring other plugins from allowing users to make anonymous ajax requests.

// stop users accessing the admin
add_action('init', array( $this, 'prevent_admin_access' ), 0);

function prevent_admin_access() {       

    if (strpos(strtolower($_SERVER['REQUEST_URI']), '/wp-admin') !== false) {
        $current_user = wp_get_current_user(); 

        if(!user_can($current_user->ID, 'administrator') && ( !user_can($current_user->ID, 'contributor') ) ){
            wp_redirect(get_option('siteurl'));
        }
    }
}
like image 478
Sinetheta Avatar asked Feb 23 '12 06:02

Sinetheta


2 Answers

I had something similar occur in a theme. The original coder was trying to prevent a non-admin user from being able to see the /wp-admin/ area.

Here's an example:

// Block Access to /wp-admin for non admins.
function custom_blockusers_init() {
  if ( is_user_logged_in() && is_admin() && !current_user_can( 'administrator' ) ) {
    wp_redirect( home_url() );
    exit;
  }
}
add_action( 'init', 'custom_blockusers_init' ); // Hook into 'init'

I would check your theme for source code similar to what I have.

When you find the code, just add an extra conditional to make sure that a user isn't redirected if the DOING_AJAX constant is defined.

like image 77
Ronald Huereca Avatar answered Oct 16 '22 04:10

Ronald Huereca


I know this is still a old question but you can have a look.

LETS DO THE CODE FASTER IF NOT INTERESTED ON EXPLANATION:

function redirect_non_admin_user(){
    if ( !defined( 'DOING_AJAX' ) && !current_user_can('administrator') ){
        wp_redirect( site_url() );  exit;
    } 
}


add_action( 'admin_init', 'redirect_non_admin_user' );

EXPLANATION: The reason for this problem is that either some of the installed plugins are redirecting the non admin users to homepage or any pages when they try to access wp-admin like http://localhost/project/wp-admin . So this causing the problems .

SO when you redirecting non admins from accessing admin ,you can use the following code.This will also work in admin ajax call in frontend.

like image 39
Rocker Maruf Avatar answered Oct 16 '22 03:10

Rocker Maruf