Protecting Non-WP Content

I have a PHP/MySQL database app in the directory public_html/jobbase outside of WP which is in the directory public_html/wordpress.

I am embedding the main PHP page of the app into a WP page using an iframe. The WP page is protected via S2M. Now I need to protect the PHP page from being accessible outside of S2M.

Following the directions found at http://www.s2member.com/kb/protecting-non-wordpress-content-with-s2member/ I have inserted the following code at the top of my PHP page:

<?php
    include_once "../wordpress/wp-load.php";
    if (current_user_can("access_s2member_level1"))
    {
    // User is allowed to view, so display something here.
    }
    else
    exit("Permission denied!");
    ?>
    

When I try to load the page when logged in as admin or a test user with Level 1 privileges, I get the “Permission denied!” response.

Does something need to replace “// User is allowed to view, so display something here.” to make this function and protect the external (from WP) PHP file?

Hi Kris.

Did you make sure you were logged in to your account in WordPress when you tried that? Do you have that access level?

Make sure that you’re not using URLs with a mix of www and without. Knowledge Base » Don't mix www and without

I just went back and checked everything. Here is what I did:

I inserted the following code into the top of the main php page of my database app found at mysite.com/employerbase/Employer_list.php

<?php
    include_once "../wordpress/wp-load.php";
    if (current_user_can("access_s2member_level1"))
    {
    // User is allowed to view, so display something here.
    }
    else
    exit("Permission denied!");
    ?>

I logged into WP at mysite.com/wordpress/wp-login.php as Admin.

I checked under Settings > General and found:

Wordpress Address (URL) – http://mysite.com/wordpress
Site Address (URL) – http://mysite.com/wordpress

I checked the page called Employer Base and it has the address:

http://mysite.com/wordpress/employer-base

I checked the iframe which is generated by the Advanced iFrame plugin. It looks like this:

[advanced_iframe securitykey=”da39a3ee5e6b4b0d3255bfef95601890afd80709″ src=”http://mysite.com/employerbase/Employer_list.php” width=”100%” height=”1000px”]

I clicked View Page from the WP backend while logged in as Admin. The page displays normally except where the iFrame is located. Where the iFrame is located it reads:

Permission Denied!

Permissions for the file mysite.com/wordpress/wp-load.php are set at 755.

Do you have any other thoughts on what I should change to make this work?

Permissions denied is not from the FTP, it’s from the exit in your code.

I don’t know why it’s not working. Did you verify that wp-load.php is being included properly? Try [hilite mono]include_once("/wordpress/wp-load.php");[/hilite] Not sure if it’ll make a difference, but that’ how I’d write it.

Does Employer_list.php use other files from the /employerbase folder? If not, why not just copy the code from Employer_list.php and paste it straight into the WP page you’re trying to put it in with an iframe?

I tried the change you suggested. It returned this error:

Warning: include_once(/wordpress/wp-load.php) [function.include-once]: failed to open stream: No such file or directory in /home/nocojo5/public_html/employerbase/Employer_list.php on line 2

Warning: include_once() [function.include]: Failed opening ‘/wordpress/wp-load.php’ for inclusion (include_path=’.:/usr/lib/php:/usr/local/lib/php:/home/nocojo5/php’) in /home/nocojo5/public_html/employerbase/Employer_list.php on line 2

Fatal error: Call to undefined function current_user_can() in /home/nocojo5/public_html/employerbase/Employer_list.php on line 3

I changed it back to ../wordpress and get “permission denied”.

Unfortunately, my main PHP file has lots of includes (so I assume draws from many other files). Here is just the first few lines of code:

<?php
@ini_set("display_errors","1");
@ini_set("display_startup_errors","1");

include("include/dbcommon.php");
add_nocache_headers();

include('include/xtempl.php');
include("include/Employer_variables.php");
include('classes/runnerpage.php');
include('classes/listpage.php');
include("classes/searchpanel.php");
include("classes/searchcontrol.php");
include("classes/searchclause.php");
include("classes/panelsearchcontrol.php");

I have already changed my domain and plan to finish the migration on Friday. I will re-visit this after all of the URLs are set in stone.