Protecting non-wordpress content

I’ve built a web app in php+Javascript and I’m trying to set up s2member around it.

I have my main website at
example.com

Then s2member installed on a wordpress at
example.com/members

Then I have the actual app (which consists of one .php page) at:
example.com/app

I tried moving it to
example.com/members/app

and set the Login Welcome Page to a Special Redirection URL:
http://example.com/members/app

but it is still accessible to anyone, so I’m assuming s2member is using wordpress based functionality to protect pages rather than htaccess.

Is there a way to change it? I prefer to avoid using a wordpress page for this as it will complicate the way my php script works.

• This topic was modified 4 years, 10 months ago by  Adam Tal.

[see update]

• This reply was modified 4 years, 10 months ago by  Adam Tal.

Ok seems to be easier that I thought. Sorry for the hasty post, there’s just so much to read ;)

What I did was use the conditional php tags like so:

require('../wp-blog-header.php'); // required so my app can tell if the wp user is even logged in.
if (current_user_can("access_s2member_level1")){ 
	// user is allowed to view, so do nothing.
} else {
   echo 'permission denied'; die(); // freeloaders no welcome - no app for you!:)
} 
	
<!-- the rest of my app code is here -->

I’d love to hear any comments or ideas for a more elegant way to do this.

• This reply was modified 4 years, 10 months ago by  Adam Tal.
• This reply was modified 4 years, 10 months ago by  Adam Tal.

Hello Adam, thanks for the follow-up.

The only real advice I can offer is personal taste, I would only format the code a little different:

// required so my app can tell if the wp user is even logged in.
require('../wp-blog-header.php');
if (current_user_can("access_s2member_level1")) { 
	// user is allowed to view, so do nothing.
} else {
	// freeloaders no welcome - no app for you! :)
	echo 'permission denied'; die();
} 
	
/* the rest of my app code is here */

Haven’t tested it, but if it works for you then it’s OK. :)
Other than that. Well done! :)

Not bad actually, much easier on the eyes that way. Thanks! :)

You’re welcome. :)

If you’re loading your own content, you won’t actually need the templating functionality from WordPress, so you could use /wp-load.php instead, which is the standard way to handle this type of thing.

<?php
include_once "wp-load.php";
if (current_user_can("access_s2member_level1"))
	{ 
		// User is allowed to view, so display something here.
	}
else
	exit("Permission denied!");
?>