|
|
Hi Suhaib.
So you want all URLs that have [hilite mono]/members/[/hilite] in the URL to be protected at Level 0, so that only logged in users can see them?
Could you post here what you entered in the box for each level in your URI restriction panel, or take a screenshot? [hilite path]Dashboard -› s2Member® -› Restriction Options -› URI Access Restrictions[/hilite]
Thanks. :)
|
|
|
Hi Cristian, Thanks for reply. Yes, I know it is under Dashboard -› s2Member® -› Restriction Options -› URI Access Restrictions.
Perhaps I did not explain the question.
I want level 0 to access only /member/ but not anything else under /member/
That is I want level 0 to have access to
/member/
but level 0 cannot have access to
/members/?pid=13&pagetitle=trending
/members/?pid=14&pagetitle=my_email&message_template=compose
/members/?pid=14&pagetitle=my_email&message_template=inbox
/members/?pid=4&pagetitle=album
/members/?pid=4&pagetitle=photo
This is what I entered for level 0
/member/
and for level 1 I entered
trending
compose
inbox
album
photo
|
|
|
Okay. Did you try [hilite mono]/members/?[/hilite] at Level 1?
|
|
|
/member/? did not work. Is ? not a RegEx which is not allowed in URI Access Restriction?
If /member/? can be used then I would have used /members/?pid=14 and /members/?pid=13 etc for level 1, which would make life much easier.
|
|
|
Hi Suhaib,
Yes, you can restrict /members/?pid=13; so I suggest restricting Level 0 to /members/ and Level 1 to /members/?pid=.
|
|
|
Raam,
Thanks for your help. I tried restricting level 0 to /members/
and level 1 to
/members/?pid=3
/members/?pid=4
/members/?pid=11
/members/?pid=14
A level 0 user can access some of the features which are allowed to level 1 only.
Can I use full URI at level 1 e.g. /members/?pid=14&pagetitle=my_email&message_template=compose? I have not tried it yet.
|
|
|
@Suhaib,
Hi, yes, you can use full URIs, although just remember that it must have all parts of it like you restricted it, or it won’t work.
Hope this helps. :)
|
|
|
Thanks Eduan.
Let me try it.
|
|
|
@Eduan
Thanks a lot for the help. Complete URI did the trick. The level 0 now gets redirected to s2Member’s upgrade page.
|
|
|
You’re welcome Suhaib. :)
Glad I was able to help.
|
|
|
I am not sure what is going on. The URI restriction worked for a couple of days, then stopped. Now level 0 members can access URI defined for level 1.
Here are my URI for level 0
/members/
/members/?pid=2
/members/?pid=5&pagetitle=basic_search
/members/?pid=6&pagetitle=account_settings
/members/?pid=6&pagetitle=noitification
/members/?pid=6&pagetitle=upgrade_account
/members/?pid=10&pagetitle=online_mem
/members/?pid=5&pagetitle=search_result
And for level 1, I have
/members/?pid=14&pagetitle=my_email&message_template=inbox
/members/?pid=14&pagetitle=my_email&message_template=compose
/members/?pid=14&pagetitle=my_email&message_template=sent
/members/?pid=14&pagetitle=my_email&message_template=deleted
/members/?pid=4&pagetitle=album
/members/?pid=4&pagetitle=photo
/members/?pid=4&pagetitle=manage_album
/members/?pid=4&pagetitle=add_audio
/members/?pid=4&pagetitle=add_video
/members/?pid=12&pagetitle=add_blogs
/members/?pid=12&pagetitle=my_blogs
/members/?pid=5&pagetitle=advance_search
/members/?pid=5&pagetitle=zipcode_search
/members/?pid=5&pagetitle=save_searches
/members/?pid=6&pagetitle=privacy_settings
/members/?pid=6&pagetitle=skype_settings
/members/?pid=13&pagetitle=viewed_me
/members/?pid=13&pagetitle=i_viewed
/members/?pid=13&pagetitle=trending
/members/?pid=13&pagetitle=interest_cloud
/members/?pid=1&pagetitle=view_winks
/members/?pid=1&pagetitle=view_friends
/members/?pid=1&pagetitle=my_favourites
/members/?pid=1&pagetitle=my_matches
/members/?pid=1&pagetitle=alerts
/members/?pid=1&pagetitle=blocked
/cometchat/cometchatjs.php
Level 0 members can access all the URI which supposed to restricted for level 1.
I have not changed anything in s2Members configuration and no new plugins were installed. I tried disabling WP Super Cache, but still same problems.
The only thing works is /cometchat/cometchatjs.php, which is not available to level 0 members. level 0 can access the remaining which are restricted to level 1.
Please help.
|
|
|
|
|
|
|
Suhaib,
I suggest removing all URI restrictions and starting with just restricting one URI. Add one URI restriction for Level 0 and one URI restriction for Level 1, then test to see if it works as expected.
|
|
|
Hi Raam
I tried your suggestion already. It did not work. I also tried adding following code to the functions.php of the template, but it throw the user level 0 to s2Members options page immediately upon login. level 0 user cannot do anything with this code in functions.php. Any link he clicks, he get thrown to the options page.
<?php
add_action ("wp", "my_custom_capabilities", 1);
function my_custom_capabilities ()
{
if (fnmatch ("/members/", $_SERVER["REQUEST_URI"]) && !current_user_can ("access_s2member_ccap_members/"))
{
header ("Location: " . S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL);
exit ();
}
}
?>
|
|
|
I see, so you’re trying to protect the URI based on a ccap instead of a level.
Your condition has a slash at the end of the ccap, is it part of the ccap’s name?
[hilite pre_code]
!current_user_can ("access_s2member_ccap_members/")
[/hilite]
If you remove the slash, does the hack then work properly?
|
|
|
Cristian,
Yes I tried it with and without slash. No success yet, with hack or using Dashboard -› s2Member® -› Restriction Options -› URI Access Restrictions
|
|
|
I tried several thing. I am unable to restrict URI generated by the wp plugin, which in the format of
/members/?pid=14&pagetitle=my_email&message_template=inbox
/members/?pid=14&pagetitle=my_email&message_template=compose
/members/?pid=14&pagetitle=my_email&message_template=sent
/members/?pid=14&pagetitle=my_email&message_template=deleted
Once level 0 login, he could access any URI starting with /members/
I tried hack to as I mentioned above.
|
|
|
URI Restrictions from
Dashboard -› s2Member® -› Restriction Options -› URI Access Restrictions
are not working. However, if I edit the code of plugin in question and do following
<?php if (current_user_can("access_s2member_level1")){ ?>
<a href="<? echo add_query_arg (array('pid' =>1,'pagetitle'=>'mypage'), $root_link);?>" title="<?=language_code('DSP_MENU_MY_PAGE')?>"><?=language_code('DSP_MENU_MY_PAGE')?></a></div>
<?php } ?>
It does work. But, it messes up CSS layout. This is not a good a solution because it will require editing a lot of php files.
I do not understand why
Dashboard -› s2Member® -› Restriction Options -› URI Access Restrictions
does not restrict URI.
I ruled out the plugins conflicts, by deactivating all the plugins except s2Member and the one of which I am trying to restrict URI.
|
|
|
I believe, I have same problem as discussed in this thread http://www.s2member.com/forums/topic/buddypress-url-restriction-trouble/. URI protection is not working due to conflicts because /members/ is present in all the URI. Can lead developer Jason look into it. Or, should I hopelessly give up on s2Members?
|
|
|
I can’t confirm that theory, because I haven’t tested it myself, since I don’t have BuddyPress. Have you tried protecting just /members/ with the URI restriction and seeing if it works? Also try another less sensitive URI string, to confirm that the restriction is working at all in your installation, please.
About the hack, I tested a few things and found that the fnmatch function was returning “false” although I had /members/ in the URI, so I changed it to a strpos and that worked.
[hilite pre_code]
[/hilite]
Could you try that and see if now works? Make sure to test with a non-admin account.
About the regular URI restriction and why it’s not working for you, I’m not sure. I emailed Jason and I’ll let you know when I hear back from him.
I hope that helps. :)
|
|
|
Hi Cristian
Thanks for your help. If I put /members/ in the level1 and nothing for level0 for URI Protection, level0 can still access /members/. But if I put a URI which does not has /members/ in the URI then that URI protection works. For example I put /cometchat/chometchatjs.php for level1. level0 cannot access it. It means URI protection does work, but not for members.
I used your code with a little modification to protect different URI for different levels. I put in mu-plugins/s2-hack.php. It worked. It allowed /members/ to level0 and level1, but redirected level0 to Members Option page for ‘/members/?pid=14&pagetitle=my_email&message_template=inbox’. Maybe I should use the hack to protect various URI which have /members/ in it?
<?php
add_action ('wp_loaded', 'ccap_uri_restriction', 1);
function ccap_uri_restriction() {
if (strpos($_SERVER['REQUEST_URI'], '/members/') !== false && current_user_can('access_s2member_level0') === false) {
wp_redirect(S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL);
exit;
}
if (strpos($_SERVER['REQUEST_URI'], '/members/?pid=14&pagetitle=my_email&message_template=inbox') !== false && current_user_can('access_s2member_level1') === false) {
wp_redirect(S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL);
exit;
}
}
?>
|
|
|
Thanks for the heads up on this thread.
@Suhaib Siddiqi
You mentioned this URI is being protected properly:
/cometchat/cometchatjs.php
But these are not:
/members/?pid=5&pagetitle=save_searches
/members/?pid=6&pagetitle=privacy_settings
/members/?pid=6&pagetitle=skype_settings
/members/?pid=13&pagetitle=viewed_me
/members/?pid=13&pagetitle=i_viewed
/members/?pid=13&pagetitle=trending
/members/?pid=13&pagetitle=interest_cloud
/members/?pid=1&pagetitle=view_winks
/members/?pid=1&pagetitle=view_friends
/members/?pid=1&pagetitle=my_favourites
/members/?pid=1&pagetitle=my_matches
/members/?pid=1&pagetitle=alerts
/members/?pid=1&pagetitle=blocked
Depending on your permalink settings in WordPress®, these URI Restrictions may or may not work with the trailing /? on the end. If your permalink options in WordPress® do NOT include a trailing slash, then all URIs on your site will NOT have a trailing slash at the end (this is how WordPress® works internally).
If your permalink settings do NOT include a trailing slash, your URI Restrictions need to look like this:
/members?pid=5&pagetitle=save_searches
/members?pid=6&pagetitle=privacy_settings
/members?pid=6&pagetitle=skype_settings
/members?pid=13&pagetitle=viewed_me
/members?pid=13&pagetitle=i_viewed
/members?pid=13&pagetitle=trending
/members?pid=13&pagetitle=interest_cloud
/members?pid=1&pagetitle=view_winks
/members?pid=1&pagetitle=view_friends
/members?pid=1&pagetitle=my_favourites
/members?pid=1&pagetitle=my_matches
/members?pid=1&pagetitle=alerts
/members?pid=1&pagetitle=blocked
I saw it mentioned somewhere that there was special handling of the word “members”. That is NOT the case. There is nothing special about the keyword “members”. All that matters is that the URI matches one of your URI Restrictions. If your URIs do not include a trailing slash, then your URI Restrictions need to reflect this also.
Reference article: http://codex.wordpress.org/Using_Permalinks
|
|
|
Hi Jason
My WP Permalinks do include trailing slash, and my URI Restrictions look like this:
/members/?pid=5&pagetitle=save_searches
/members/?pid=6&pagetitle=privacy_settings
/members/?pid=6&pagetitle=skype_settings
/members/?pid=13&pagetitle=viewed_me
/members/?pid=13&pagetitle=i_viewed
/members/?pid=13&pagetitle=trending
/members/?pid=13&pagetitle=interest_cloud
/members/?pid=1&pagetitle=view_winks
/members/?pid=1&pagetitle=view_friends
/members/?pid=1&pagetitle=my_favourites
/members/?pid=1&pagetitle=my_matches
/members/?pid=1&pagetitle=alerts
/members/?pid=1&pagetitle=blocked
It does not work. I am using Month and Name option from WP Permalink, which looks like http://www.mydomain.com/2012/08/sample-post/
However, the hack protects URI
<?php
add_action ('wp_loaded', 'ccap_uri_restriction', 1);
function ccap_uri_restriction() {
if (strpos($_SERVER['REQUEST_URI'], '/members/') !== false && current_user_can('access_s2member_level0') === false) {
wp_redirect(S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL);
exit;
}
if (strpos($_SERVER['REQUEST_URI'], '/members/?pid=14&pagetitle=my_email&message_template=inbox') !== false && current_user_can('access_s2member_level1') === false) {
wp_redirect(S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL);
exit;
}
}
?>
I do not understand why URI Restriction from Dashboard will not protect /members/?pid=14&pagetitle=my_email&message_template=inbox, but hack will do it.
|
|
|
I’m glad the hack worked with the code I gave you. You can edit it all you like to accommodate your needs.
About the strings you have in your URI restriction, did you try without the [hilite mono]/members/?[/hilite] part? I.e.:
pid=5&pagetitle=save_searches
pid=6&pagetitle=privacy_settings
pid=6&pagetitle=skype_settings
pid=13&pagetitle=viewed_me
pid=13&pagetitle=i_viewed
pid=13&pagetitle=trending
pid=13&pagetitle=interest_cloud
pid=1&pagetitle=view_winks
pid=1&pagetitle=view_friends
pid=1&pagetitle=my_favourites
pid=1&pagetitle=my_matches
pid=1&pagetitle=alerts
pid=1&pagetitle=blocked
|
|
|
Hi Cristian,
Yes, I tried URI restrictions without the /members/? part. It did not work. Anyway, the hack is working perfect. I edited it to accomodate my URIs.
|
Pre-Sale FAQs
Video Tutorials
Community Forum
Knowledge Base
News/Updates
s2 Codex / Docs
GPL v2 License
Contact A Human
About Us
Our Customers
Support Policy
Privacy Policy
Old Forums (READ-ONLY): The 
