Remove ability to login

Hi all. I’m building another website with s2member and need to impliment it slightly differently this time.

My client only wants their members to be able to login and edit their details at specific times of the year. Is there a way we can block & unblock logging in for a specific member level? This would be my ideal solution.

My alternative is to simply remove their ability to edit their profile until updating is re-enabled!

Thanks!!

Zoe

Thanks for your great question.

You may want to check out the wp_logout() function. What you can do is update your Login Welcome Page to reflect that you may not currently log in, and use the above function with the conditionals available in Dashboard -› s2Member® -› API / Scripting -› Advanced PHP Conditionals to decide when to log a user out.

Note that to log a user out after the page a loaded, you should use the wp_footer hook.

Thanks for the heads up on this thread :-)

The wp_authenticate function is what logs a user into WordPress. Luckily, WordPress makes this a pluggable function. Meaning, you can define it yourself, and WordPress will use your version of the function instead of it’s default version.

Here is the default version of the function in WP v3.5.

/**
 * Checks a user's login information and logs them in if it checks out.
 *
 * @since 2.5.0
 *
 * @param string $username User's username
 * @param string $password User's password
 * @return WP_Error|WP_User WP_User object if login successful, otherwise WP_Error object.
 */
function wp_authenticate($username, $password) {
	$username = sanitize_user($username);
	$password = trim($password);

	$user = apply_filters('authenticate', null, $username, $password);

	if ( $user == null ) {
		// TODO what should the error message be? (Or would these even happen?)
		// Only needed if all authentication handlers fail to return anything.
		$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
	}

	$ignore_codes = array('empty_username', 'empty_password');

	if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
		do_action('wp_login_failed', $username);
	}

	return $user;
}

A modified version might look something like this.

Please create this directory and file:
/wp-content/mu-plugins/s2-hacks.php
(NOTE: these are MUST USE plugins, see: http://codex.wordpress.org/Must_Use_Plugins)
(See also: http://www.s2member.com/kb/hacking-s2member/)

/**
 * Checks a user's login information and logs them in if it checks out.
 *
 * @since 2.5.0
 *
 * @param string $username User's username
 * @param string $password User's password
 * @return WP_Error|WP_User WP_User object if login successful, otherwise WP_Error object.
 */
function wp_authenticate($username, $password) {
	$username = sanitize_user($username);
	$password = trim($password);

	$user = apply_filters('authenticate', null, $username, $password);

	if ( $user == null ) {
		// TODO what should the error message be? (Or would these even happen?)
		// Only needed if all authentication handlers fail to return anything.
		$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.'));
	}
	else if($user->has_cap('s2member_level1')) // A Level #1 Member?
		{
			$deny = TRUE; // Deny these Members?
			
			if($deny)
				{
					$user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: You have been denied access at this time. Please try again later.'));
				}
		}

	$ignore_codes = array('empty_username', 'empty_password');

	if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) {
		do_action('wp_login_failed', $username);
	}

	return $user;
}

Fab! Thanks Jason :)