Community Support Forums

[johnleblanc]

The new ?s2-ssl=yes query string seems a bit untidy to me. Call me old skewl, but I'm pretty hot on using the simplest URLs possible so that permalinks may remain PERMAlinks wherever possible: http://www.w3.org/Provider/Style/URI.html

Additionally, this new suffix may break certain plugins which rely on get_permalink() (or similar) calls to determine the proper referrer for form submissions.

One example of this is Jeff Farthing's "Theme My Profile" plugin, an alternative to the [s2Member-Profile /] method of themed profile modification:
http://wordpress.org/extend/plugins/theme-my-profile/

While not perfect, I like the "Theme My Profile" plugin because it provides access to custom profile fields in a more WordPress-y way. This seems more hookable/filterable/community-supportable than the s2member-specific "Custom Registration Fields" administration (which is a great feature for non-developers, kudos!).

For instance, using "Theme My Profile," I can control users' ability to update website, AIM, jabber and even custom usermeta items via WP's user_contactmethods filter. Here's a practical example which may be used within a plugin or a theme's functions.php:

Code: Select all

function my_custom_contact_methods($content) {
    unset($content['aim']);
    unset($content['yim']);
    unset($content['jabber']);

    $content['facebook'] = __('Facebook');
    $content['twitter'] = __('Twitter');
    $content['linkedin'] = __('LinkedIn');

    // only exposed to admins  
    if ( current_user_can('add_users') ) {
        $content['affiliate_id'] = __('Affiliate ID');
    }

    return $content;
}
add_filter('user_contactmethods','my_custom_contact_methods', 10, 1);
 

[Jason Caldwell]

Hi John. Thanks for those suggestions.
~ really, much appreciated!

While I'm not wild about the ?s2-ssl=yes either, I can assure you that much thought was given to this technique. You see, the issue is that s2Member Pro Form processors need to know when a Post/Page is submitted with SSL Filters applied; because s2Member's SSL Filters work together at converting a Post/Page to SSL, while still making sure that other portions of the site are NOT, including some important links within WordPress core functionality that would normally default to https:// whenever a Post/Page is running in SSL mode. In other words, the act of "forcing" SSL on a specific Post/Page, tells s2Member that the rest of your site is obviously not, and generally should not, be running in SSL mode.

Since most form processors ( including those that come with s2Member Pro ), are processed on the "init" action Hook, s2Member needs to know when it should and/or should not deal with SSL Filters.

The "init" action Hook comes before the WP Query, so there is no other way for s2Member to know that a site owner has requested its SSL Filters during the "init" Hook. Thus, we need a way ( other than with the https:// protocol ), to know when a Post/Page is being handled by s2Member's SSL Filters.

Although not as elegant as we'd like, the ?s2-ssl=yes parameter is a reliable approach to this otherwise troublesome issue; particularly when it comes to PayPal® Express Checkout, where a Customer actually leaves the host domain all together, to return later with SSL Filters applied ( i.e. with ?s2-ssl=yes ).

* Note. This will have no effect on get_permalink(). s2Member will force the query string argument ( i.e. ?s2-ssl=yes ) automatically whenever `s2member_force_ssl = yes`. If other plugins are causing a conflict in some way, I recommend NOT using s2Member's SSL Filters, and instead dealing with this through an .htaccess file. There are some tricks offered here.

* Note. All tricks aside though, the functionality that s2Member offers here is unique. That is, s2Member's SSL Filters have the unique ability to convert a specific Post/Page over to SSL, including all media contained within it, while not affecting other links on the page. In other words, s2Member's goal is to force checkout pages to SSL, but NOT the entire site. This is something that is not possible unless you're using `s2member_force_ssl = yes`, or another plugin that offers similar functionality.

* Note. While I completely understand your concern over referrer detection, we feel the ?s2-ssl=yes parameter gives other plugins a way of recognizing the intention of s2Member in a global way. For instance, inside WordPress® Hooks, such as the init Hook I mentioned.

* Note. So while this DOES add a non-standardized query string argument to your URL; which again, we are not wild about, it does serve a very important purpose.

We have also made it possible to change the name of this variable if you prefer.

Here is an example.

Create this directory and file:
/wp-content/mu-plugins/s2-hacks.php

Code: Select all

<?php
add_filter("ws_plugin__s2member_check_force_ssl_get_var_name", "my_function");
function my_function(){ return "my-s2-ssl"; /* << Change this to what you prefer. */ }
?>

[Jason Caldwell]

Yes, I understand where you're coming from.

While not perfect, I like the "Theme My Profile" plugin because it provides access to custom profile fields in a more WordPress-y way. This seems more hookable/filterable/community-supportable than the s2member-specific "Custom Registration Fields" administration (which is a great feature for non-developers, kudos!).

I agree on this point. We may try to improve compatibility here in a future release.

[johnleblanc]

Jason,

Your timely, thorough and insightful response is greatly appreciated. You're a pleasure to deal with!

Opting out of the s2member_force_ssl = yes custom post/page field functionality in favor of .htaccess rewrite/redirect rules resolves my initial gripes.

The hook for s2-ssl parameter name customization is considerate as well.

Mahalo!
John

[Cristián Lávaque]

Would it be practical to change that to ?ssl only?

That'd make the URL shorter, a bit nicer, and can be checked with isset($_GET['ssl']) pretty easily.

[Jason Caldwell]

Would it be practical to change that to ?ssl only?
That'd make the URL shorter, a bit nicer, and can be checked with isset($_GET['ssl']) pretty easily.

You could certainly do that with the Filter I mentioned.

Code: Select all

<?php
    add_filter("ws_plugin__s2member_check_force_ssl_get_var_name", "my_function");
    function my_function(){ return "ssl"; /* << Change this to what you prefer. */ }
?>

By default though, s2Member needs to make sure it's operating within a unique namespace. That is, it's not likely that ?s2-ssl=yes would ever clash with any other existing functionality of WordPress, other plugins, or that of a hosting facility.

[Cristián Lávaque]

I understand what you mean with the name clash possibility. Would s2-ssl work without the =yes part, though? I don't know how s2Member checks it, with an isset or a ==='yes'?

[Jason Caldwell]

I understand what you mean with the name clash possibility. Would s2-ssl work without the =yes part, though? I don't know how s2Member checks it, with an isset or a ==='yes'?

In the current release ( at this time, s2Member v3.5.7 ), it just needs to be a non-zero value. In other words !empty($_GET["s2-ssl"]). In the development release, it's been changed to isset($_GET["s2-ssl"]). So starting with s2Member v3.6, it could just be ?s2-ssl.

[Cristián Lávaque]

Very cool.

[shahar]

I was having trouble using this custom field - when submitting a form to the secured page the $_POST data was getting lost.

Instead I applied the $_GET in the form action which fixed the problem:

Code: Select all

<form action="https://[url]?s2-ssl=yes">