Community Support Forums

Re: Check s2Member auth and level from external app?

2011-06-23T22:39:53-05:00

lol... I'm sorry that happened, I know it can be frustrating.

I hope you rest well and can finish your test tomorrow.

Statistics: Posted by Cristián Lávaque — June 23rd, 2011, 10:39 pm

Re: Check s2Member auth and level from external app?

2011-06-23T22:32:53-05:00

I still like having an external manual, but you were right, s2Member's inline documentation is really useful. Just read along and configure each bubble from top-to-bottom. Thoroughly documented, well done.

Everything was poised to test: WordPress, s2Member, my external application, PayPal sandbox, PayPal subscription button (generated by s2Member). I click the button and...

PayPal Sandbox is currently unavailable due to scheduled maintenance.

Argh. Time to sleep anyway.

Statistics: Posted by PseudoNyhm — June 23rd, 2011, 10:32 pm

Re: Check s2Member auth and level from external app?

2011-06-21T23:39:42-05:00

PseudoNyhm wrote:
So they probably aren't interchangeable. Is this the correct way to check a role versus capability:

Code:
user_can($userid, 'access_s2member_level1') // capability check user_is($userid, 's2member_level1') // role check

user_can is a WP function since 3.1, but user_is doesn't exist yet, current_user_is exists with s2Member but if you want to check other users you could try to use something like

Code:: $user_level = c_ws_plugin__s2member_user_access::user_access_level($user); $user_role = c_ws_plugin__s2member_user_access::user_access_role($user);

Package s2Member\User_Access Class c_ws_plugin__s2member_user_access
viewtopic.php?f=40&t=9477&src_doc_v=110605

PseudoNyhm wrote:
If so, then that makes good sense. Thanks for the clarification. I will install a test platform, including the role management plugin you suggested, to see how things are set up.

Cool.

Statistics: Posted by Cristián Lávaque — June 21st, 2011, 11:39 pm

Re: Check s2Member auth and level from external app?

2011-06-21T22:51:57-05:00

Is the software web based or computer based? Mine is computer based if that helps.

The plugin will accept any http post in the proper format. If you need it, it is here.

Statistics: Posted by fcp2011 — June 21st, 2011, 10:51 pm

Re: Check s2Member auth and level from external app?

2011-06-21T22:41:08-05:00

fcp2011, thanks for the offer, but I'm using my own software. Based on your description, my situation sounds a little different, but it's good to hear that someone else has had success under similar conditions.

Statistics: Posted by PseudoNyhm — June 21st, 2011, 10:41 pm

Re: Check s2Member auth and level from external app?

2011-06-21T22:19:14-05:00

I have a plugin for this. I had it programmed just for my company to use to register member supported software. what 3 party software are you using? Mine can handle the HTTP Post method. You need to set up a seperate database as well as use another plugin I had created. I would be willing to share it with you if it would work and you could pitch me a few bones to help cover the cost I spent. I spent about 1k on the programmer.

The additional plugin I had made reads the cookie and can post user specific data as well that is stored in a seperate database. It is shortcode based as well.

Let me know more about your 3rd party software. My plugin returns a standard server response of True or False, and a custom message based on some logic (this can be changed as need sorta).

Statistics: Posted by fcp2011 — June 21st, 2011, 10:19 pm

Re: Check s2Member auth and level from external app?

2011-06-21T15:36:52-05:00

Cristián Lávaque wrote:
's2member_level1' is a role, 'access_s2member_level1' is a capability.

So they probably aren't interchangeable. Is this the correct way to check a role versus capability:

Code:: user_can($userid, 'access_s2member_level1') // capability check user_is($userid, 's2member_level1') // role check

If so, then that makes good sense. Thanks for the clarification. I will install a test platform, including the role management plugin you suggested, to see how things are set up.

Statistics: Posted by PseudoNyhm — June 21st, 2011, 3:36 pm

Re: Check s2Member auth and level from external app?

2011-06-21T12:26:39-05:00

About the documentation, I'll ask Jason to consider having it in the website, but since it goes hand in hand with the actual feature, it is much easier to follow in the plugin's admin pages. You can simply install the plugin and read there, It's worked very well for most people so far.

's2member_level1' is a role, 'access_s2member_level1' is a capability.

Statistics: Posted by Cristián Lávaque — June 21st, 2011, 12:26 pm

Re: Check s2Member auth and level from external app?

2011-06-21T11:59:25-05:00

So far I haven't even installed s2Member yet! The amount of knowledge I have gained without even using the tool is a testament to the quality of the support offered here by you (and Jason's videos). This gives me good confidence that I can rely on the product even before I've seen it in action.

One request: The site says that the user documentation is embedded in the plugin. That's fine for reference. However, I'd really like to see the documentation on your site. I'm the type that reads the manual to find out what a product can do. Part of the reason I have to ask questions here is that there is no manual to read up front.

Another (on-topic) question: What's the difference between 's2member_level1' and 'access_s2member_level1'? When is it appropriate to use one versus the other? In which calls should one or the other be used?

Statistics: Posted by PseudoNyhm — June 21st, 2011, 11:59 am

Re: Check s2Member auth and level from external app?

2011-06-21T10:56:09-05:00

I think it's fine. I haven't tried user_can yet, just current_user_can, but I'm pretty sure they'd do the same except for the user being checked. To confirm you could just run a couple of tests with test user accounts set at different levels so you see if you get trues or falses.

By the way, I think it's silly that they made the user's ID the first parameter and required, had they left it optional at the end, it could have defaulted to current user and the function would replace the silly current_user_can too.

Statistics: Posted by Cristián Lávaque — June 21st, 2011, 10:56 am

Re: Check s2Member auth and level from external app?

2011-06-21T09:24:35-05:00

I drifted off-topic a bit. To get back on track, here's some pseudocode showing the calls I'm making to load WP, check a given user/pass, and test role/level membership. Notice that none of this occurs during a current user session.

This is called from an external app, which provides the user/pass (eg, via POST over HTTPS). I've removed all the safety/security/control code for this listing, just to show the core procedure:

Code:: require('../blog/wp-load.php'); if (!validate_username($user)) // fail $userid = username_exists($user); if (is_null($userid)) // fail if (!user_pass_ok($user,$pass)) // fail if (!user_can($userid, 's2member_level1')) // fail // user has run the gauntlet, signal auth accept

It's that last call to user_can($userid, 's2member_level1')) that I'm not sure about. Will this work for s2Member levels (it works with WP roles such as 'administrator'), or should I be calling user_is(..) from the s2Member APIs? Clarification on these methods greatly appreciated.

Statistics: Posted by PseudoNyhm — June 21st, 2011, 9:24 am

Re: Check s2Member auth and level from external app?

2011-06-20T23:42:13-05:00

It's fine that you ask questions. I'm so glad I'm being of help and that you're making progress.

It's wonderful that the documentation is useful, Jason published it recently after a lot of work. He did a great job with that, but please let us know if you see any way in which it can be improved.

b. current_user_is will check if the user has the role being checked, current_user_can will check if the user has that capability. So for a level 2 user current_user_is('s2member_level1') will be false, but current_user_can('access_s2member_level1') will be true because of the incremental access (level 2 can access content at level 2 and below).

c. If you create a new role, I don't know how you'd sell it with s2member. You could, though, edit the capabilities for one of the roles that s2Member works with. The EOT behavior can be edited from WP Admin -> s2Member -> PayPal Options -> Automatic EOT Behavior.

I hope that helps.

Statistics: Posted by Cristián Lávaque — June 20th, 2011, 11:42 pm

Re: Check s2Member auth and level from external app?

2011-06-20T22:28:21-05:00

Good, then I can code "s2member_level1" into my script without too much concern of it ever changing
I meant, is WP API user_can(..) equivalent to s2M's user_is(..) or is there some subtle difference I'm missing? Does one or the other not include the cascading level inclusions? I'm wondering which I need to call for checking level access. WP user_can(..) is working, but I'm wondering if that's 100% correct.
Excellent. If I use User Roll Editor plugin, and manually assign some special non-s2Member role/capability (eg, Free Account for Life Special Access role), then they buy a subscription, will s2Member's logic override my role? What about when their subscription ends/canceled; I read elsewhere that s2Member will erase their roles/capabilities and set them back to level 0 only. Is this accurate?

Sorry to bombard you with questions, but I really appreciate the level of expertise. By the way, I had my external application authentication checks working within about an hour this morning (your tip to require wp-load.php started me on the correct path). WP and s2Member APIs are so much better than phpBB (in my opinion as a software developer). I'll provide more details later... thanks again.

Statistics: Posted by PseudoNyhm — June 20th, 2011, 10:28 pm

Re: Check s2Member auth and level from external app?

2011-06-20T21:37:07-05:00

a. That's the role, it doesn't change when you edit the label.

b. By the "name" do you mean the label you set for the s2Member levels? WP Admin -> s2Member -> General Options -> Membership Levels/Labels

c. Right, s2Member adds some roles, doesn't edit the WP ones. You can see better what happens with the roles and their capabilities using a plugin like User Role Editor. https://wordpress.org/extend/plugins/user-role-editor/

Statistics: Posted by Cristián Lávaque — June 20th, 2011, 9:37 pm

Re: Check s2Member auth and level from external app?

2011-06-20T09:35:51-05:00

Cristián Lávaque, thank you for the input. I'll be testing soon, and will report back how it worked out.

Questions about s2Member API user_is(123, "s2member_level1")

If I rename my membership levels, do I need to replace "s2member_level1", or are these labels constant?
Is the WP API user_can(123, "s2member_level1") equivalent (will it recognize the s2Member level names)?
I'm assuming the s2Member level roles (capabilities?) are added to a user in addition to the WP native roles (not instead of). The s2Member API docs are a little misleading where they say "All of their other Roles/Capabilities are left untouched" (because s2Member doesn't actually manipulate the built-in WP roles... right?).

Statistics: Posted by PseudoNyhm — June 20th, 2011, 9:35 am

Re: Check s2Member auth and level from external app?

2011-06-19T23:34:20-05:00

Thanks, Bob.

PseudoNyhm wrote:
I am hoping not to directly access the database. For example, in phpBB, I'm able to instantiate the phpBB system, then fetch the user object (essentially from the DB, but through phpBB), then call methods such as phpbb_check_hash(..) and group_memberships(..). This does not require/incur any actual user login (no need for a current session). That's what I'm hoping for.

Hmm... Well, you could try including wp-load.php in your script, which basically is like loading WordPress so it makes your script much heavier, but you'll be able to use WordPress' and s2Member's functions. E.g.

Code:: require('/wp-load.php'); $user_label = c_ws_plugin__s2member_user_access::user_access_label($user);

https://codex.wordpress.org/Function_Reference/
s2Member Codex (code documentation)

I hope this helps.

Statistics: Posted by Cristián Lávaque — June 19th, 2011, 11:34 pm

Re: Check s2Member auth and level from external app?

2011-06-19T18:37:53-05:00

Your quick input is much appreciated, BobTabor.

I am hoping not to directly access the database. For example, in phpBB, I'm able to instantiate the phpBB system, then fetch the user object (essentially from the DB, but through phpBB), then call methods such as phpbb_check_hash(..) and group_memberships(..). This does not require/incur any actual user login (no need for a current session). That's what I'm hoping for.

I will also be using the levels for role-based site control (which is exactly what I need for the user experience on the site), but this external system must be able to operate independent of an actual login session. I look forward to more guidance - thanks!

Statistics: Posted by PseudoNyhm — June 19th, 2011, 6:37 pm

Re: Check s2Member auth and level from external app?

2011-06-19T15:49:13-05:00

Hi, I'm just a paying customer and I've never tried anything close to what you're describing ... so, for take this for what it's worth ... HOWEVER ... s2Member DOES USE THE WORDPRESS user database tables. All it does is add 4 new roles and has some code that manages accessibility to certain resources based on those 4 roles and payment to gain those roles.

SO ... if you've already done this for phpBB, I would guess you could do it for WordPress (assuming you can write PHP that hits a standard MySQL database directly), and if you did it for WordPress, then there's nothing special about s2Member (at least with regards to users, roles, etc.)

There are API's available within s2Member, however they are mostly for the currently logged in user. In other words, if you needed to show / hide / perform some custom logic on a given WordPress page, you can use shortcodes or PHP to harness the APIs to perform the logic given the current user's roles. In other words, they do not create an API providing access to a list of members or information about a given member outside of the scope of the currently logged in user.

Hopefully that will tide you over until Monday when you get the official answer from s2Member. Having said all of that, I'm a big fan of what they've done here and as you've noted they have a passionate, active user community (as well as support from their own internal staff).

Good luck!

Statistics: Posted by BobTabor — June 19th, 2011, 3:49 pm

Check s2Member auth and level from external app?

2011-06-19T15:14:01-05:00

First, I'd like to say that I'm familiar with WordPress, but brand new to s2Member. I really like the level of support I'm seeing from this product. I've already watched hours of Jason's videos (very useful for evaluation, thank you).

I have a particular use case, which I'm hoping s2Member can accommodate. I have an external application that must check both user authentication credentials and membership level.

More specifically, my users will enter their username/password into an external application. I need to POST the user's username and password to a URL (Web API). I can perform password hashing as needed, and the API can be accessed via HTTPS. The implementation (probably a php script) must ask WordPress whether the credentials are correct and report back the s2Member level (Level 0, Level 1, etc). The response can be set as header fields or as payload text that my application can parse.

Notice that the user does not have to be logged into WordPress. This should be performed entirely as a back-end routine. I can write some custom php code. I've done this already for phpBB, but want to improve my services by using WordPress and s2Member (with PayPal subscriptions).

Does s2Member support such an API? I understand that WordPress user credentials are somewhat out-of-scope, but s2Member seems to take over user registration, so it sounds like a good place to fetch these results.

Thanks in advance for any answers/insight/direction you can give!

Statistics: Posted by PseudoNyhm — June 19th, 2011, 3:14 pm