latest stable versions: v140816 (changelog)

Old Forums (READ-ONLY): The community now lives at WordPress.org. If you have an s2Member® Pro question, please use our new Support System.

Deleted Users can Log In

Home Forums Community Forum Deleted Users can Log In

Tagged: 

This topic contains 9 replies, has 3 voices.
Last updated by  Mary Grisolia 1 year, 4 months ago.

Topic Author Topic
Posted: Friday Mar 29th, 2013 at 2:41 pm #46079

Hi,

I’m running s2Member in a Multisite (Network) installaton and I have Automatic EOT behavior set to Delete accounts (not demote).

EOT works fine. s2Member deletes user’s account from current blog, although user’s account will not be completely deleted from database. I can see all accounts from the main (administrator) network site on Users, and those who have been “deleted” from any child blog are there but not assigned to any blog.

The problem is, when any of these users log in to ANY of my child blogs with s2Member, they CAN log in and are redirected to the Login Welcome page. They don’t get access to any protected page, but they can log in even if their account is not associated with that particular blog.

Is there a way to prevent this from happening? A “deleted” user should not be able to log in to the blog where he/she was deleted from…

List Of Topic Replies

Viewing 9 replies - 1 through 9 (of 9 total)
Author Replies
Author Replies
Posted: Saturday Mar 30th, 2013 at 2:56 pm #46157
Bruce
Username: Bruce
Staff Member

Thank you for reporting this important issue.

I’m taking a look at this behavior now, and I’ll let you know what I come up with. In the mean time, please give me the following information:

  • What version of WordPress and s2Member are you running?
  • Are you using subdomain, or subdirectory MultiSite structure?
  • Are you domain mapping?
Posted: Saturday Mar 30th, 2013 at 4:21 pm #46162

Hi Bruce, thanks a lot for your reply.

I’m running WordPress 3.5.1 (es_ES) and s2Member 130221.
I’m using subdomain with domain mapping (each child blog has its own domain).

Juts to be clear, a deleted user can log in to any blog with s2Member, not just the one their account was created (and deleted) from. If the blog doesn’t have s2member activated, then protection works fine (WordPress doesn’t let the user log in to that particular blog because their account is not associated to it).

Posted: Sunday Mar 31st, 2013 at 7:38 pm #46223
Bruce
Username: Bruce
Staff Member

Thanks for the information.

We’ve sent this to the development team to get more information on. Thank-you for your patience. :-)

Posted: Saturday Apr 6th, 2013 at 8:33 am #46738
Staff Member

Mary, this is what Jason said:

We’ve identified the underlying cause of this issue, and the next maintenance release will correct this behavior so that users who have been deleted from a child blog are NOT allowed to log into that child blog in any way.

Attempts to log into a child blog where you have been previously deleted will result in an error message during your attempt to log into the site. And also this resolves the issue with ANY blog in the Network as well.

This really is not a bug in s2Member, it’s a shortcoming in the WordPress implementation that s2Member will supplement to provide the desired behavior starting in the next maintenance release.

Posted: Saturday Apr 6th, 2013 at 2:43 pm #46772

Thanks a lot Cristián,
I already saw the update in my dashboard, doing it right now.
Cheers!

Mary

Posted: Saturday Apr 6th, 2013 at 6:48 pm #46780
Staff Member

Ah, Jason gave me that reply after v130404, so it may not be in it, but the coming one.

Posted: Sunday Apr 7th, 2013 at 4:25 am #46791

Oh I see. Too bad :(
Well, the next one it will be. I’ll think of a workaround in the meantime.
Thanks again!

Posted: Sunday Apr 7th, 2013 at 4:29 am #46792
Staff Member

It was released earlier today, after my previous reply. Update to v130406 please. :)

Posted: Sunday Apr 7th, 2013 at 7:03 am #46795

Lol, ok!
I was lucky to not have updated yet, so only one update to do ;)

Viewing 9 replies - 1 through 9 (of 9 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WordPress.org. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.