Community Support Forums

[CincyPlanet]

I have been asked by a friend that uses s@Memer if I can create a mobile app that works with his site. What I want to do is check if a user is valid, using login and password. I am using Flash Builder with Actionscript, so I would need to use as3 to pass user and pass to a php script or the s2member site and return if the user is a current member...is this even possible from a thrid party app or site?

Thanks for any help in advance.

[Cristián Lávaque]

Great question. I emailed it to Jason.

[CincyPlanet]

Thanks. I am hoping there is an easy to implement solution. I am not real good in PHP but i have done some more basic login scripts which we will probably use if this isn't fairly easy or cost effective for his app.

[Jason Caldwell]

Thanks for the heads-up on this thread.

Yes, please create this directory and file:
/wp-content/mu-plugins/s2-hacks.php

Code: Select all

<?php
add_action ("init", "s2_user_pass_ok");
function s2_user_pass_ok ()
    {
        if (isset ($_GET[__FUNCTION__]) && $_GET[__FUNCTION__] === "xxxxx-something-secret-xxxxx")
            {
                if (user_pass_ok ($_GET["s2_username"], $_GET["s2_password"]))
                    exit ("1");
                else
                    exit ("0");
            }
    }
?>

Now you can do something like this in your 3rd-party app.

Code: Select all

http://example.com/?s2_user_pass_ok=xxxxx-something-secret-xxxxx&s2_username=johndoe&s2_password=password

If the script returns 1, it's a valid Username/Password. Else if it returns 0, it is not.

Change xxxxx-something-secret-xxxxx to some secret key that your app will use, just to avoid having this script wide open for hackers to potentially abuse.

Related article:
http://codex.wordpress.org/Function_Ref ... er_pass_ok

[CincyPlanet]

Jason,

Thanks that's what I was looking for. I will try and set up a test site this weekend and give it a try.

[CincyPlanet]

Jason,

Thanks a bunch! It looks like, from a few quick tests, that it works great.

[CincyPlanet]

I found a problem. When I try to use the script the login page for the main site won't work. If I remove the s2-hacks it goes back to working fine...is it not possible to use this with the normal site also?

[CincyPlanet]

is it possible to maybe add this script in another location or something that won't conflict?

[Jason Caldwell]

Thanks for the follow-up.
What is the error that you're seeing on the login page exactly?
This file, s2-hacks.php with the code I provided should not conflict. Do you have any spaces/tabs/line breaks before or after the <?php ?> tags in that file perhaps?

[CincyPlanet]

The login.PHP just comes up blank, so its not possible to login or register on the site. I just copied and pasted then changed the secret. I don't know much php but I can't see what would cause it, but when I remove the file it works fine.

[Jason Caldwell]

Thanks for the follow-up.

I would check again to be sure you don't have any leading/trailing whitespace, like spaces/tabs/line breaks before or after the opening/closing <?php ?> tags. Introducing whitespace ( some text editors do this inadvertently ) outside PHP tags can cause strange issues, and usually results in blank pages, or errors regarding "Headers already being sent".

If the problem continues, please post your local copy of the code that you've implemented, just to be sure nothing got mangled between the time I posted it and when you copied it. We'll review it for you.

[CincyPlanet]

Jason,

I got it. It must have been the copy and paste problem, I hand typed it in and it looks to be working.
Is there a way to have it return the member's level instead of the 0-1, like 0 if not registered or their level if they are even if they are not logged in? or a way to log them in and return it without going to the site?

[Jason Caldwell]

Great, thanks for reporting back on this for me.

Here is a modified version that returns the Level number. Remember that Levels begin at Level#0 ( i.e. a Free Subscriber ), so the return value in this case is either a numeric value, or just a hyphen; indicating the Username/Password is invalid here in this modified version.

Code: Select all

<?php
add_action ("init", "s2_user_pass_ok");
function s2_user_pass_ok ()
    {
        if (isset ($_GET[__FUNCTION__]) && $_GET[__FUNCTION__] === "xxxxx-something-secret-xxxxx")
            {
                status_header (200); header ("Content-Type: text/plain; charset=utf-8"); while (@ob_end_clean ());
                /**/
                if (user_pass_ok ($_GET["s2_username"], $_GET["s2_password"]))
                    {
                        $user = new WP_User ($_GET["s2_username"]);
                        $role = c_ws_plugin__s2member_user_access::user_access_role ($user);
                        $level = c_ws_plugin__s2member_user_access::user_access_level ($user);
                        exit ((string)$level); /* 0-4, or up to the number of configured Levels. */
                    }
                else
                    exit ("-"); /* Not a valid Username/Password combination. */
            }
    }
?>

Not a way to log them in though, not through ActionScript ( I don't think ), because cookies must be set in the client's browser upon login. Anyway, let me know if the above works out for you. They don't need to be logged-in for this to work as expected.

[CincyPlanet]

That looks perfect. I just needed the login if this couldn't work. Thanks a lot.
I will let you know if it works out.

[CincyPlanet]

Jason,

The script works very good. I appreciate all the help.