Community Support Forums

Re: Not in love with the ?s2-ssl=yes convention

2011-09-05T05:38:34-05:00

I was having trouble using this custom field - when submitting a form to the secured page the $_POST data was getting lost.

Instead I applied the $_GET in the form action which fixed the problem:

Code:

Statistics: Posted by shahar — September 5th, 2011, 5:38 am

Re: Not in love with the ?s2-ssl=yes convention

2011-04-02T17:46:49-05:00

Very cool.

Statistics: Posted by Cristián Lávaque — April 2nd, 2011, 5:46 pm

Re: Not in love with the ?s2-ssl=yes convention

2011-04-02T17:45:13-05:00

Cristián Lávaque wrote:
I understand what you mean with the name clash possibility. Would s2-ssl work without the =yes part, though? I don't know how s2Member checks it, with an isset or a ==='yes'?

In the current release ( at this time, s2Member v3.5.7 ), it just needs to be a non-zero value. In other words !empty($_GET["s2-ssl"]). In the development release, it's been changed to isset($_GET["s2-ssl"]). So starting with s2Member v3.6, it could just be ?s2-ssl.

Statistics: Posted by Jason Caldwell — April 2nd, 2011, 5:45 pm

Re: Not in love with the ?s2-ssl=yes convention

2011-04-02T17:30:14-05:00

I understand what you mean with the name clash possibility. Would s2-ssl work without the =yes part, though? I don't know how s2Member checks it, with an isset or a ==='yes'?

Statistics: Posted by Cristián Lávaque — April 2nd, 2011, 5:30 pm

Re: Not in love with the ?s2-ssl=yes convention

2011-04-02T17:15:50-05:00

Cristián Lávaque wrote:
Would it be practical to change that to ?ssl only?
That'd make the URL shorter, a bit nicer, and can be checked with isset($_GET['ssl']) pretty easily.

You could certainly do that with the Filter I mentioned.

Code:: add_filter("ws_plugin__s2member_check_force_ssl_get_var_name", "my_function"); function my_function(){ return "ssl"; /* << Change this to what you prefer. */ } ?>

By default though, s2Member needs to make sure it's operating within a unique namespace. That is, it's not likely that ?s2-ssl=yes would ever clash with any other existing functionality of WordPress, other plugins, or that of a hosting facility.

Statistics: Posted by Jason Caldwell — April 2nd, 2011, 5:15 pm

Re: Not in love with the ?s2-ssl=yes convention

2011-04-02T17:02:27-05:00

Would it be practical to change that to ?ssl only?

That'd make the URL shorter, a bit nicer, and can be checked with isset($_GET['ssl']) pretty easily.

Statistics: Posted by Cristián Lávaque — April 2nd, 2011, 5:02 pm

Re: Not in love with the ?s2-ssl=yes convention

2011-04-02T16:59:19-05:00

Jason,

Your timely, thorough and insightful response is greatly appreciated. You're a pleasure to deal with!

Opting out of the s2member_force_ssl = yes custom post/page field functionality in favor of .htaccess rewrite/redirect rules resolves my initial gripes.

The hook for s2-ssl parameter name customization is considerate as well.

Mahalo!
John

Statistics: Posted by johnleblanc — April 2nd, 2011, 4:59 pm

Re: Not in love with the ?s2-ssl=yes convention

2011-04-02T16:49:42-05:00

Yes, I understand where you're coming from.

While not perfect, I like the "Theme My Profile" plugin because it provides access to custom profile fields in a more WordPress-y way. This seems more hookable/filterable/community-supportable than the s2member-specific "Custom Registration Fields" administration (which is a great feature for non-developers, kudos!).

I agree on this point. We may try to improve compatibility here in a future release.

Statistics: Posted by Jason Caldwell — April 2nd, 2011, 4:49 pm

Re: Not in love with the ?s2-ssl=yes convention

2011-04-02T16:33:26-05:00

Hi John. Thanks for those suggestions.
~ really, much appreciated!

While I'm not wild about the ?s2-ssl=yes either, I can assure you that much thought was given to this technique. You see, the issue is that s2Member Pro Form processors need to know when a Post/Page is submitted with SSL Filters applied; because s2Member's SSL Filters work together at converting a Post/Page to SSL, while still making sure that other portions of the site are NOT, including some important links within WordPress core functionality that would normally default to https:// whenever a Post/Page is running in SSL mode. In other words, the act of "forcing" SSL on a specific Post/Page, tells s2Member that the rest of your site is obviously not, and generally should not, be running in SSL mode.

Since most form processors ( including those that come with s2Member Pro ), are processed on the "init" action Hook, s2Member needs to know when it should and/or should not deal with SSL Filters.

The "init" action Hook comes before the WP Query, so there is no other way for s2Member to know that a site owner has requested its SSL Filters during the "init" Hook. Thus, we need a way ( other than with the https:// protocol ), to know when a Post/Page is being handled by s2Member's SSL Filters.

Although not as elegant as we'd like, the ?s2-ssl=yes parameter is a reliable approach to this otherwise troublesome issue; particularly when it comes to PayPal® Express Checkout, where a Customer actually leaves the host domain all together, to return later with SSL Filters applied ( i.e. with ?s2-ssl=yes ).

* Note. This will have no effect on get_permalink(). s2Member will force the query string argument ( i.e. ?s2-ssl=yes ) automatically whenever `s2member_force_ssl = yes`. If other plugins are causing a conflict in some way, I recommend NOT using s2Member's SSL Filters, and instead dealing with this through an .htaccess file. There are some tricks offered here.

* Note. All tricks aside though, the functionality that s2Member offers here is unique. That is, s2Member's SSL Filters have the unique ability to convert a specific Post/Page over to SSL, including all media contained within it, while not affecting other links on the page. In other words, s2Member's goal is to force checkout pages to SSL, but NOT the entire site. This is something that is not possible unless you're using `s2member_force_ssl = yes`, or another plugin that offers similar functionality.

* Note. While I completely understand your concern over referrer detection, we feel the ?s2-ssl=yes parameter gives other plugins a way of recognizing the intention of s2Member in a global way. For instance, inside WordPress® Hooks, such as the init Hook I mentioned.

* Note. So while this DOES add a non-standardized query string argument to your URL; which again, we are not wild about, it does serve a very important purpose.

We have also made it possible to change the name of this variable if you prefer.

Here is an example.

Create this directory and file:
/wp-content/mu-plugins/s2-hacks.php

Code:: add_filter("ws_plugin__s2member_check_force_ssl_get_var_name", "my_function"); function my_function(){ return "my-s2-ssl"; /* << Change this to what you prefer. */ } ?>

Statistics: Posted by Jason Caldwell — April 2nd, 2011, 4:33 pm

Not in love with the ?s2-ssl=yes convention

2011-04-01T03:35:34-05:00

The new ?s2-ssl=yes query string seems a bit untidy to me. Call me old skewl, but I'm pretty hot on using the simplest URLs possible so that permalinks may remain PERMAlinks wherever possible: http://www.w3.org/Provider/Style/URI.html

Additionally, this new suffix may break certain plugins which rely on get_permalink() (or similar) calls to determine the proper referrer for form submissions.

One example of this is Jeff Farthing's "Theme My Profile" plugin, an alternative to the [s2Member-Profile /] method of themed profile modification:
http://wordpress.org/extend/plugins/theme-my-profile/

While not perfect, I like the "Theme My Profile" plugin because it provides access to custom profile fields in a more WordPress-y way. This seems more hookable/filterable/community-supportable than the s2member-specific "Custom Registration Fields" administration (which is a great feature for non-developers, kudos!).

For instance, using "Theme My Profile," I can control users' ability to update website, AIM, jabber and even custom usermeta items via WP's user_contactmethods filter. Here's a practical example which may be used within a plugin or a theme's functions.php:

Code:: function my_custom_contact_methods($content) { unset($content['aim']); unset($content['yim']); unset($content['jabber']); $content['facebook'] = __('Facebook'); $content['twitter'] = __('Twitter'); $content['linkedin'] = __('LinkedIn'); // only exposed to admins if ( current_user_can('add_users') ) { $content['affiliate_id'] = __('Affiliate ID'); } return $content; } add_filter('user_contactmethods','my_custom_contact_methods', 10, 1);

Statistics: Posted by johnleblanc — April 1st, 2011, 3:35 am