Hi,
I'm trying to create a "hidden page" functionality in my theme. It should work like this:
1. User goes to a page.
2. When something happens, a $_SESSION variable is set that allows to access a certain page.
3. When they go to the page, the $_SESSION variable should be unset, so that it's impossible to access that page again.
The problem is, even though the variable gets unset (I check for that), I can always access the page again.
Here's the code
<?php
/**
* Extensions for functions.php
*/
function conditional_session_start() {
if( session_id() == '' || !isset($_SESSION ) ) {
session_start();
}
}
function allow_create( $value = true ) {
conditional_session_start();
$var_name = 'allowed';
$_SESSION[$var_name] = $value;
session_write_close();
}
function allow_destroy() {
conditional_session_start();
$var_name = 'allowed';
unset( $_SESSION[$var_name] );
session_write_close();
}
function allow_check() {
conditional_session_start();
$var_name = 'allowed';
$output = false;
if( isset( $_SESSION[$var_name] ) && $_SESSION[$var_name] == true ) {
$output = true;
}
session_write_close();
return $output;
}
function allow_404() {
// Show 404 error
global $wp_query;
$wp_query->set_404();
status_header(404);
}
Then in functions.php:
/**
* Implement the 'protected' functionality.
*/
function add_protects_functionality() {
global $post;
if( !isset( $post ) ) {
return;
}
if( get_post_meta( $post->ID, 'protects', true) == "true" ) {
allow_create();
}
}
add_action( 'wp', 'add_protects_functionality' );
function add_protected_functionality() {
global $post;
if( !isset( $post ) ) {
return;
}
if( get_post_meta( $post->ID, 'protected', true ) == "true" ) {
if( !allow_check() ) {
allow_404();
}
}
}
add_action( 'wp', 'add_protected_functionality' );
function add_unprotect_functionality() {
global $post;
if( !isset( $post ) ) {
return;
}
if( get_post_meta( $post->ID, 'unprotects', true) == "true" ) {
allow_destroy();
}
}
add_action( 'wp', 'add_unprotect_functionality');