Community Support Forums

Hi there,

I'm using the latest WP, BuddyPress and s2Member, with Suffusion as the theme (Suffusion child theme, actually).

Currently, the pages I set to be protected are not. I have a category that is supposed to be protected that I still can get to when logged out, plus all the URIs for BuddyPress I've supplied aren't protected in a similar manner.

I'm supposing this is due to the fact Suffusion uses a bunch of calls to format content and whatnot; just below get_header(); is a function, suffusion_query_posts();. Would this be what is causing the issue above?

If not, any idea what I might be doing wrong?

Thank you!

Hi aendrew,

In order to investigate this further, please send us a Dashboard login, I'll be happy to have a look for you.
Send it here for privacy:
http://www.s2member.com/contact/

I am having this issue, as well, with my installation of s2Member 3.2.3.

The system isn't redirecting the login to the Welcome page. This is true for both options on the setting via General Options -> Login Welcome Page (e.g., a redirected URL as well as selecting the page via the drop down menu).

However, the Members Options page (a redirect for non-logged in members) does seem to function as expected.

UPDATE: Actually, this only happens when I log in as the admin -- so, I'm okay with this.

Hi Liz. Are you running BuddyPress?

If so, please upgrade to s2Member v3.2.4
-- BuddyPress ( bug ). A bug that was first introduced in s2Member v3.2.3 with Hook priority on `template_redirect` was causing compatiblity issues with BuddyPress. This has been corrected in s2Member v3.2.4+.

AWESOME! (Yes on the buddypress and thanks for the fix in 3.2.4+!)

You rock Jason!

Thanks again,

Liz Ness

Hi again!
@Elizabeth -- I'm currently moving my local copy of WP to a testing server; will send dashboard login once done.

@Jason -- I tried upgrading to 3.2.4, same issue persists.

Thanks for the update.
Please feel free to post the Dashboard login and I'll have a look for you.

Yes, it sounds like this *could* be the problem ( i.e. suffusion_query_posts() ), but in our tests with Suffusion, I was unable to reproduce the issue. If you're PHP savvy, you may want to have a look at s2Member v3.2.4+, inside this file: /s2member/includes/functions/security-gate.inc.php

Otherwise, yep. Just send over a Dashboard login and we'll take a peak.

Hey Guys,

I wonder if someone could help me with something? I've just installed s2member into a site on my local pc WAMP server. I'm just wondering how the page protection works? I've set it up as per the video's / documentation and according to the set up it should be protecting 3 pages.

Then I logged out of my admin area and even tried closing my browser, but on this pc it doesn't protect the pages that are supposed to be protected? I can see them by just clicking on them. The only page that it's protecting is my "Login Welcome Page" - which redirects to the Membership Options Pages. The other "protected" pages are visible when I'm logged out.

I then tried a few different browsers to see if a cookie had been set, but s2member isn't protecting these pages on any of the browsers on my pc... I thought I'd be able to test it locally before launching it live.

Is this normal behaviour? I mean does it use an IP address to protect the pages? I would have thought it was a login rather than an ip address?

I can't test it easily elsewhere because like I said, it's on my WAMP server on my pc.

Does anyone have any ideas about this? Why wouldn't s2member be protecting the pages even though I'm logged out?

Thanks in advance,

Pabs

Try adding this line to your /wp-config.php file.

Code: Select all

define("LOCALHOST", true); 

s2Member has a special routine, which we refer to as the Systematics Routine. It sees your IP address is the same as the server's IP; which is sometimes an issue on a WAMP/MAMP installation. It's fine so long as your domain is http://localhost/. However, if it's something other than that, you'll need to add that line in your /wp-config.php file so s2Member realizes it's running on a localhost installation.

Also, please be sure to read s2Member's section on Alternative View Protection. This can sometimes cause confusion; depending on your theme. You'll find this in your Dashboard under: s2Member -> General Options -> Alternative View Protection.

Hey Jason,

Thanks for your quick response! Works like a treat!

I'm only just starting to look at this software, but it looks great so far..

Thanks again,

Pabs

I just wanted to say s2Member is brilliant! Thanks a lot for it.

Now, I just wanna ask, isn't there a way for the script to know when it's being run on a localhost, whose domain is other than 'localhost' and notify the user about the required wp-config.php edits?

It wasn't easy landing on this thread and finding the solution that Jason posted.

Thanks for the follow-ups, and for the KUDOS!

msafi wrote:I just wanted to say s2Member is brilliant! Thanks a lot for it.

Now, I just wanna ask, isn't there a way for the script to know when it's being run on a localhost, whose domain is other than 'localhost' and notify the user about the required wp-config.php edits?

It wasn't easy landing on this thread and finding the solution that Jason posted.

That's a great question. There isn't one that I'm aware of, but if you are, please let me know! If anyone else reads this and has suggestions, I'd be appreciative. To my knowledge, HTTP_HOST is the only environment variable available for testing in this regard. s2Member currently scans for 127.0.0.1 at the beginning, and localhost anywhere in the HTTP_HOST environment variable, as it's only way of auto-detecting localhost installations. Anything else must be specified in the /wp-config.php file with define("LOCALHOST", true); in order for s2Member to know.

Would SERVER_ADDR work?

Cristián Lávaque wrote:Would SERVER_ADDR work?

Ideally, yes. However, I've seen live server configurations return 127.0.0.1 in this environment variable.

Maybe s2Member could test behaviors and characteristics of the server, like how a localhost environment usually cannot be reached from outside. Or s2Member could check whether the domain looks like a real internet domain. In the past I used domains like 'http://msafipc/website1/', 'http://msafipc/website2/'. More recently I been using 'http://website1.xom', 'http://website2.xom', etc, all of which are not proper internet domain names?

That can get much more complicated, in my opinion.

Probably a simple option would be to have it as a setting at the top of General Options, like Deactivation Safeguards is, so that developers see that it's there, it exists and they need to set it when working in a local server.

@Cristián, yeah. Implementing it like I suggested would probably cause unnecessary bloat.

Had something been said about this issue in the 'General Options' or even the 'Quick-Start Guide', I would've noticed it and not had to search for a solution.