Automatic Login Based on IP

Hack Description

Sometimes, when you're working with companies that have many employees working with a static IP, or range of static IPs, they may request an automatic login feature be added. Thankfully, this is pretty simple.

Hack Instructions

To get started, you want to create a Must-Use plugin. If you do not have a /wp-content/mu-plugins/ directory, create it. I named my Must Use Plugin s2hack_auto_ip_login.php

Secondly, you want to create an array of the IPs that should be logged in. If you are running tests in a local environment, you can keep the IP array $ip at 127.0.0.1.

$ips = array('127.0.0.1'); # This array should be filled with possible IPs the visitors could be using

Now lets make our function. Using the 'init' action hook within WordPress allows most plugins to access $current_user without causing plugins (which is important).

The function below is an example of an auto-login function. Note that $ips and $id should be set to the correct values to work correctly. If you do not know the User's ID, you can use the user's login instead. :-) :

user_pass);
				/**/
				wp_login($user_login, $user_pass, true);
				wp_setcookie($user_login, $user_pass, true);
				wp_set_current_user($user->ID, $user_login);
			}
	}
add_action('plugins_loaded', 's2hack_auto_login_ip');

This function will not allow the user to log out.

Functionality to support this could be built in with use of a separate cookie. Find info on PHP cookies here: http://php.net/manual/en/features.cookies.php

• This topic was modified 4 years, 2 months ago by  Bruce.
• This topic was modified 3 years, 4 months ago by  Bruce.

NB: this hack does not work if you have Quick Cache activated.

Could you provide a little more specifics on how this is implemented?
1. What does the function look like when there are multiple IPs and multiple User IDs and User Passes?
2. If I had five users in one location, would I need an IP for each of them, plus a user ID and login for each? I.e. do I need to create a user for each of the 5 users?

A more detailed explanation of setup would be very greatly appreciated!

PS I am, in fact a paying customer of your plugin. I don’t know why I am showing as a free user. My website which uses your paid plugin is ifastfacts.com. Can you also help me get this fixed?

Hi Chris

The array looks something like this when you have multiple IPs:

( '111.222.333.444', '222.333.444.555', '333.444.555.666')

All users logged in this way will end up with a single ID, which you specify in the plugin code on line 8.

You do need to create this ‘collective’ user and decide how much access they have to your site.

Everything you need to make this work for single IPs is in Bruce’s instructions above.

Ok. Thank you! One more…. Can the IPs be a range, instead of an array of IPs? Further can it be multiple ranges? I have a client who is determining how many IPs they will need access from. but these could be several blocks of ips.

Thanks for you help!

The code above can only handle single IPs.

Ryan Imel (ryan@aspiringindie.com) made us a plugin which can handle both multiple ranges and wildcards.

Thanks John. Do i need to email ryan directly to get that plugin, or is it available elsewhere? Does it do everything that the hack above does, or does it just allow for the IP ranges.

Thanks again, Chris

I don’t think the plugin is available for download anywhere, so yes, you’ll have to email Ryan.

You would use Ryan’s plugin instead of the hack on this page.

The plugin allows for multiple:

• individual IPS
• ranges of IPs
• IPs with wildcards

Great! I’ll try to reach Ryan by email. Thanks again for all your help.

Hi John, I’ve heard back from Ryan and he is making sure his plugin is up to snuff and then, I believe, he is going to send me a copy. So thanks again for that.

All of this has been for a client who wants to purchase multiple seats and get auto login based on IP address. So I am about to take a swing at this.

In the interest of speed, can you recommend the best way to handle selling multiple seats to one user? Under the scenario above, I would create just one user ID. But there will be 20 seats. Should I create a new membership level to handle this? Or is there a way to set up S2 so that a user can enter a number of licenses at checkout? We think we may begin having a number of institutional users who will need a multi-seat setup.

Any pointers greatly appreciated!

Hi John,

Another challenge that occurred to me…. if I have my Unique IP Address restrictions set to limit access for each user to only 5 IP addresses per user per month, and I set up a new user with a block of IP addresses for bulk access per the hack above, is there going to be a conflict? Or will the hard-coding somehow override the Unique IP restrictions I’ve set?

Chris

John, after hours or searching various support forums on this site, I’m starting to piece this together. But still need some help getting all the pieces to work. As far as I can see, these are the steps to implementing group access from a block of IPs and charging a central user for multi-seat access to a site…

1. I think I can accomplish the financial aspect of multi-seat / multi-license access based on a range of IP addresses, i.e. charging a recurring membership for say, 20 seats, by either creating more membership levels or by creating custom capabilities. For scalability, I would probably create several multi-seat membership options: 10 seats, 20 seats, etc. and set a unique recurring subscription fee for each. According to my research on this site, this would be better accomplished with custom capabilities than with increasing the number of membership levels. But the documentation on custom capabilities is vague. I don’t see specific instructions anywhere on how to create additional membership types with custom capabilities and then implement them on page restriction and on the order form. The documentation and videos are too brief to provide a complete picture.

2. I think I can bypass the 5 Unique IPs / user / month restriction based on userID using the code snippet from this post by your support rep, Bruce: http://www.s2member.com/forums/topic/ip-restrictions/ However, again, I don’t see how to implement this script. I don’t know where to put this file or how to make sure it’s implemented into the system. Can you provide specifics please? The post is closed to new replies so I can’t ask Bruce about it.

3. I would then create the MU Plugin you mentioned above. But I am unclear on the following: Should I add your function code to my functions.php file? Or should I put this somewhere else? And, is the single line of code that you mentioned above to create the array of IP addresses the only line of code that needs to be in the .php file? Or is there other php code that needs to be in there.

I apologize for all the questions, but if these posts were worth answering in part, I am hopeful that answering them in full detail so non-programmers could make them work would be worthwhile as well. Also, this might prevent some questions in the future as it would be clearly laid out, once and for all.

Thanks again, Chris

PS If I can get clear on all the steps, I’d be glad to volunteer to write a KB article that ties it all together in a step by step fashion. I’m sure you guys are very busy.

I think you might need to lower your expectations somewhat Chris.

My client runs an academic journal; Universities, Government agencies and large corporates expect to be able to purchase a ‘site licence’, with unlimited access for their entire network.

Our single “collective” ID is potentially used by hundreds or even thousands of users. It uses our only s2member level the same as the other paid members.

We negotiate a fee for each organisation depending on how many users they might reasonably be expected to have, but there is no way I can see of actually limiting their use to numbers of seats or downloads, etc.

Adding this kind of access by IP is not automatic; in fact there isn’t even a nice admin screen to update the data.
I need to edit our function.php file every time we add a new member (or group) with access by IP.

If you (ie: anyone reading this) are not experienced with modifying the PHP in theme function files, this solution is probably not for you – crashing your site and locking yourself out of the admin is extremely easy if you make an error in this particular file.

I’m just an s2member customer like you.

I’m hoping that if enough people start asking for this feature, Jason (the lead developer of s2member) will get inspired to include it in the core, with a user friendly admin page.

Then, what I really want, is that Quick Cache can be updated to ignore our list of IPs so I can turn it back on.

@Bruce, can you confirm?
1. Is the content of the plugin file (s2hack_auto_ip_login.php) simply, “$ips = array(‘127.0.0.1’); # This array should be filled with possible IPs the visitors could be using” ?

Wow! Got it to work. Just created a single .php file with name and content as described by Bruce above. I did add the standard plugin header code as described in the WordPress Plugins Codex: https://codex.wordpress.org/Writing_a_Plugin. Then entered user my user ID and my IP address. Worked perfectly.

Still wonder if this will conflict with Unique IP restrictions setup for my site, if under a given IP address there is a network with many computers. Any experience with that, Bruce or John?

Chris

Update…. Although automatic IP-based login did seem to work when I hard-coded my own IP, it also seems to have broken my admin panel. Couldn’t search for users etc. I don’t have quick cache activated. But I am using a number of other plugins on the site. Full stop at this point. :-(

Any suggestions?

Got it working. I think I’m almost where I need to be. So John, in your entry above, you have one single user for all of your bulk ip access? And then you just add IPs or ranges as needed for different customers with different IPs? Or is there a way to add individual IDs to the ID list in the functions.php file?

you have one single user for all of your bulk ip access?

Yes, that’s correct.

And then you just add IPs or ranges as needed for different customers

The script at the top of this page will only handle single IPs. You need Ryan’s plugin to use ranges.

Or is there a way to add individual IDs to the ID list in the functions.php file?

You could use the theme file editor, but I wouldn’t recommend this. Better to edit functions.php locally with your normal text editor and upload via FTP, so you can quickly roll it back if a typo crashes the site.

Hi John,

I really appreciate the time you’ve taken to try to help me out with this. As mentioned above, I have a customer who is willing to pay for 30 seats to my app. That’s about a $1,000 sale. So I am quite motivated to find solutions to this question. In return for your help, I’ll be sure to share with you whatever I work out. Still waiting for further news from Ryan with the plugin.

Regardless of how that (Ryan’s plugin) turns out, I think it should be a fairly simple to task to get a PHP developer to build out the script above in a little more detail so that it processes each user account either as a standard access account – i.e. an account without any specific IP addresses associated, or as an IP-based access account. I have upgraded my registration form to capture the range of IP addresses that the customer wishes to use to access my app. So it seems like it should be possible to hook it all together.

So, how do you handle new sign ups? Seemingly each new subscriber to your site would get a unique username. How do you manage it when all customers with IP based access are under one username (and presumably email address)?

Regards,
Chris

We paid Ryan to write the plugin for us.

I suggest if you offer to hire him for a few hours he is likely to respond very quickly, and be much more committed to solving your problem.

So, how do you handle new sign ups?

If they need access by IP, then completely manually (ie: by email and the WP admin “Add new user” screen).

How do you manage it when all customers with IP based access are under one username (and presumably email address)?

We are only likely to have a few dozen customers in this category, but with thousands of potential users, all sharing the single username. The email address is meaningless for this ID.

As far as I can see, there is no way for WordPress to distinguish these users from one another, so this is probably not going to work if social interaction is part of your site. Even a single IP address might have half a dozen users sharing a wi-fi network.

Generally, each of our IP based clients has a librarian or similar who manages bulk access to publications, and this is the person we deal with.

If a customer is prepared to pay many hundreds of dollars per year, a bit of inconvenient manual administration is worth accepting, in my view.

John,

Good points, all. I think we are using this system almost identically. My customer is a librarian too, who is managing access for other users.

I agree, a bit of manual work may be acceptable in this case.

I’m surprised that the S2Member team hasn’t made this sort of thing a core functionality. It seems like it would be a fairly common request.

I guess what I would like to be able to do is have this little plugin somehow hook into the user authentication part of S2Member. That way if there is an associated IP or range of IPs (and perhaps a setting “Login Automatically”, it will do the auto login. Otherwise, just require the user to do a normal login. Conceptually, it seems pretty simple. But maybe I’m kidding myself.

Communication between users is unimportant. But it would be nice to have each IP access account separate for contact purposes, etc.

One other thing. Does the plugin above in any way detect whether the customer is currently a paid subscriber? I.e. if you set your IP address access user to Level0, would they still have access to your paid content? Or does the plugin just circumvent that altogether? I can’t tell from the code.

@John, I found this script. http://blog.stefan-macke.com/wp-content/uploads/2006/11/wp-useriplogin.phps
I think if used with a custom IP address field stored during user registration, it might be along the lines of what we need to auto login users. It’s an old post, but could possibly be updated. Just an FYI.

Hi John (and any others who might be interested),

I went ahead and had a plugin created for this. Now, each user can have his own account with associated IP addresses or ranges of IP addresses. It’s still slightly manual in that you have to create a list of users who have IP based access and enter their IP addresses or ranges of addresses in fields. But this is done in the WordPress backend, rather than editing a php file. It’s dead simple to use and seems to work quite well.

The big benefit is that each institution now has it’s own account and email address and gets access or not based on S2Member protections. Makes it easy for us to contact them, do marketing, etc.

If you are interested in a copy, let me know. I’m willing to sell you a copy to help me recoup my investment in getting the plugin created. $50.

Chris

Hey Chris, if you could give me an email at nigel.kehler@gmail.com I would be interested in getting this script off of you. We need to support ip-based logins for places that use EZProxy.