External access to protected content

I’ve a wordpress site with S2 members pro and I use a third-party service that generates a pdf version of any post. My problem is that when I make a post restricted this service can’t access to the post to generate the PDF file. How can I allow this online service access to all my posts even if they are restricted?

The third-party service is this: http://www.convertapi.com/api/web-pdf-api

Thanks.

I think it would be usefull to have some way to login using get parameters.

For example:

If I want to access to a protected post with the url: http://www.website.com/blog/post_name
With the user: bloguser and pass: passuser
It would be great to have the option to do something like this:

http://www.website.com/blog/post_name?action=login&user=bloguser&pass=passuser

Doing this we can provide to third-party apis an url with his own user to access to protected content.

Hi Antonio.

Thanks for the suggestion. We’re planning to add an access key that can be used in the URL to load protected content. It will be in the new s2Member we’re developing. :)

Thanks Cristian. Is there any temporal fix that I can improbe until the next release be done?

Hmm… I don’t know…

Only thing that comes to mind is to create a hack that checks for a secret key in the URL, that when present authenticates the person as a user you created for this, with the access you need it to have to see the content.

You’ll need to find what WP function/method will let you auntenticate that service you’re trying to use. A quick search of the WP functions found me wp_signon, not sure if it does what you need, but it’s a start. http://codex.wordpress.org/Function_Reference/wp_signon

I hope that helps.

I’ve implemented a temporal fix for this. This is what i have done, usefull if someone needs something like this…

First, create an user with the necesary access level on wp backend panel and get his user id. For this example supose that user’s id is 5.

Now edit on file posts.inc.php:

Near line 50, after:

$user = (is_user_logged_in () && is_object ($user = wp_get_current_user ()) && !empty ($user->ID)) ? $user : false; /* Current User's object. */

Add:

if ((!$user) && (isset($_GET['key'])) && ($_GET['key'] == md5(date("Ymd")."yourstring"))){
	$userid = 5;
	$user = get_userdata( $userid );
	}
										

Now you have to provide add the key parameter to the address that you have to give to the thrid-party service.

For example, if the url of your post is http://www.website.com/blog/post_name/ , you have to give the url: http://www.website.com/blog/post_name/?key= followed with the md5 key that you want to generate (in my case is date(“Ymd”) + “yourstring”)

Maybe this is not the best solution, but is a solution until the s2team give us a better fix.

Cool hack. Thanks for sharing it. :)

You should remember that this will be lost when you update WordPress, so remember to reapply it.