Protecting HTML & PHP pages under membership

I have a form that is built on a html page and is accessing a php page. These elements were crafted by Web Form Builder Pro software. Is there anyway to protect this form with S2?

Right now I am accessing the form through an iFrame on my WordPress page. The WordPress page is protected under the membership levels, but the form itself is accessible from outside membership if someone gets hold of the html address.

Thanks,
Brad

Hello Brad,

Check out this article for protecting content outside WordPress:
Knowledge Base » Protecting Non-WordPress Content with s2Member

Hope this helps. :)

I put that code at the top of the main php file it is referencing, just as it is. Am I supposed to put anything in the if statement where it says “// User is allowed to view, so display something here.”. So far it doesn’t seem to have made any difference.

Also, the php relates to an html file which this code can’t be attached since: “This solution uses PHP code and that means the external pages that use this code will need to be PHP files. Files that end in .htm or .html will not be able to use this code unless you’ve specifically configured your web server to parse those file types with PHP.”

So far I still have access to the form within the iFrame and if I go to the html I can see and submit info still even when not logged in.

Thanks,
Brad

Hello Brad, yes you are supposed to your content where that comment is, all your protected content should be there. :)

That way even if they have access s2Member will restrict them. :)

Hope this helps. :)

I placed the code on the main php for the form, but don’t see any change. I was still able to access the html link and upload directly from the form.

I haven’t done anything to the html file. I have attached the code for the php form where I placed the code. Do I need to put this on all php files that have any relation to the form?

THANKS SO MUCH!!

<?php

include_once "wp-load.php";
if (current_user_can("access_s2member_level1"))
	{ 
		// User is allowed to view, so display something here.
		$scriptpath = substr( $_SERVER['SCRIPT_FILENAME'], 0, -4 );
		$paths = explode ( DIRECTORY_SEPARATOR , $scriptpath );
		$myName = end($paths);
		require $scriptpath . '/fbapp/php/config.inc.php';


		if( strtoupper( $_SERVER['REQUEST_METHOD'] ) == 'POST' ) {

			$ctl = new FormController();
			$ctl->Dispatch();

		} else {
			
			if( ! isset( $_GET['action'] ) )		$myPage->ReportStats( 'NotifyFormView' );
		}

		ob_start();

		$myPage->Show();
		ob_end_flush();

		
	}
else
	exit("Permission denied!");


?>

I suggest doing the following:

The HTML file with the content that you want to protect should be called “name-of-html-file.php“.

The contents of that file should be:

<!DOCTYPE html>
<html>
<head>
	<!-- Your HTML head content goes here, no PHP goes here -->
</head>
<body>
<?php
include_once "wp-load.php";

if (current_user_can("access_s2member_level1")) {
?>

ALL OF YOUR HTML GOES HERE, ALL YOUR CONTENT THAT YOU WANT TO PROTECT GOES HERE.

<?php
} else
	exit("Permission denied");
?>
</body>
</html>

And that’s it, you don’t need to use iFrames, just put a link directly to the file.

If you’re afraid that users will be able to download the file, then simply use s2Member’s download restrictions. Here are some videos about them: Video » s2Member® File Downloads (Complete Series)

Hope this helps. :)

Eduan,

If I place all my files into the “s2member-files” folder is there a way to point to files in a subfolder? I want to add all my html and php files for my form into the protected folder and then display inline. I will need to access the html file inline but then also point to the files (php and png mostly) that are in the subfolder for the form.

I have added all the file types to the accessibility of being viewed inline and can access files that are just in the root “s2member-files” but have no idea how to get into the subfolder (Idea Submissions) I added in the folder (s2member-files).

Thanks,
Brad

Hello Brad,

For this you would simply follow the instructions in the videos in order achieve what you want. :)

This is possible, just gotta watch the videos (and I don’t have at the top of m head, so I can’t really share the solution).

– Eduan

Hi,

Sorry for digging his old post up, but I’m having issues with similar topic.

I have several html files that need to be protected from public (and guessers via url); because people are paying to view those files.

These html files are in s2member-files folder.

The page has a line of code:

<iframe src="http://abc.com/wp-content/plugins/s2member-files/chapter1.html"></iframe>

Instead of rendering out the content of the embedded html iframe, it displays the store instead (within that iframe).

If I move chapter1.html out of s2member-files folder, and change the url of the iframe, the content loads.

I’m currently testing it with an admin account.

Sincerely,
Khairul

---

EDIT:
Sorry, its a typo on domain url.