Tips and Tricks HQ Support Portal › Forums › WP eMember › WP eMember Troubleshooting › bbPress Forums Lockdown
Tagged: bbpress, cascading security, custom content, custom variables, forum, protect custom content, security, sitewide lockdown, user account
- This topic has 22 replies, 7 voices, and was last updated 11 years, 5 months ago by admin.
-
AuthorPosts
-
March 9, 2012 at 1:18 pm #5789atanassterMember
Hi,
I need to create members-only forums :
1. I created a page called Forums and aded the following code [bbp-forum-index]
2. I locked down this page using eMember (not available to general public, but available to subscription levels)
However the forums page is visible.
I also tested adding [bbp-forum-index] to an already protected page and just adding the shortcut makes the page visible to everyone.
Thanks
March 10, 2012 at 6:37 am #42864adminKeymasterCan you please go to the “Manage Content” protection menu of eMember and check under the “General Protection” to make sure that the “Forums” page is protected?
March 12, 2012 at 5:22 am #42865atanassterMemberHi,
Yes, in the General Protection, the page is marked as protected. Actually, if the shortcode [bbp-forum-index] is not on the page, then the page works as expected (protected).
Also, if I add the shortcode to a different and already protected page, then it becomes unprotected as well.
Thanks,
March 13, 2012 at 1:20 am #42866adminKeymasterOkay, we have made some changes to handle this BBPress shortcode (this shortcode doesn’t seem to work the same way normal WordPress shortcodes work). Please load the new build of the eMember plugin from here then protect the forum page as usual and let me know how it goes:
March 13, 2012 at 3:52 pm #42867atanassterMemberThanks a lot, it works now.
Just one drawback, the default /forums url can not be protected, so I had to change it in bbPress to a random url, otherwise bbpress was stepping in and still redirecting the page to an unprotected list of forums. Not sure if you can do something about this, since the random url will still be left unprotected and can be a breach of security.
Thanks
Atanas
March 14, 2012 at 5:15 am #42868adminKeymasterBBPress has an option where you can tell it to only show the forum posts to logged in users. Given this is a members only forum, you should enable that and it will automatically take care of that issue for you. I am guessing you are using the option explained here:
Using eMember with Another Plugin That Uses the WordPress User Roles
This way eMember will act as a gate keeper so visitors can only become a user when they make a payment. BBPress will only show content based on the user role.
September 25, 2012 at 7:16 pm #42869advexpMemberI reviewed the notes above, and everything tracks with my experience. The forum index page is still showing unprotected (I also changed the index to something other than /forums -> [http://www.iRecite.org/talk]). Upon testing and re-testing, I noticed that the forum posts themselves ARE protected from non-members, but the index page where I have the [bbp-forum-index] short code is still unprotected.
Thanks much!
WP – v3.4.2
eMember – v8.2.1
September 26, 2012 at 2:11 am #42870adminKeymasterThat is how the default BBPress forum protection works. Most users like to show the existence of the forum but protect the content of the posts. So the way it works is that an anonymous visitor can go to your forum page and see that there are posts and stuff but they can’t see the actual post content.
If you want to make it to where you want to totally hide everything then use eMember’s sitewide lockdown feature. You can fully lockdown a specific page (example, your forum area) using this feature. See the 3rd option from the following BBPress integration documentation:
December 19, 2012 at 5:23 pm #42871KSpectatorGreat tips so far in here. However, lets say we have three different membership levels (Gold, Silver, Bronze for this example) with three forums (one for each level). Gold can see all three, Silver sees Silver and Bronze forums. Bronze only sees Bronze. Is there a way to hide the forums not accessible for the membership level of member, and redirect them to either a login page, or some other page, if they try to access a forum, topic, or reply they don’t have rights to…not just protect the content?
Do you have to hook into bbPress’s rendering model and check the forum’s eMember protection (I know how to get a user’s membership level, but not a protected object’s allowed membership levels), and custom code that for the “forums” page, along with putting in checks whenever a forum, topic, or reply URL is direct loaded, to peg up to the forum level, get that protection level, and then decide whether or not to redirect based on logged in user’s membership level?
While the example I posted has only 3 levels, the client I am working for has 52 different levels, so having to hardcode those views would be time-consuming, never mind, inflexible.
December 20, 2012 at 4:04 am #42872adminKeymasterYou should take a look at the following feature of eMember.
This feature can be used lock down content of a particular section of your site. For example your forum area. You can enter a URL pattern (example: /forum/) and then all the forums posts or page that have “/forum/” in the URL will be totally locked down (only logged in member can see/access it.
The following will require some in-depth hooking into BBPress type code tweak.
"Totally hide a forum category from particular membership"
eMember has functions that you can use to determine the user permission when a page is rendering but at the same time you will need to alter the BBPress rendering to hide whatever you ant to hide (this won’t be trivial).
December 20, 2012 at 6:01 am #42873KSpectatorI know you can find the membership level(s) of a member, via PHP function, but is there a way to determine what member types are allowed with a page (return the ticked “Select the membership level that can access this content:” membership types associated with eMember Protection Options for the page/post/object/etc)? I couldn’t find that in documentation.
Unfortunately, sitewide protection, while it will be useful to lock down the forums from anonymous visitors, like you said, isn’t going to completely hide the forums in the forum view, and disable access to forums/topics/replies directly via URL. If there is a eMember function to return the allowed membership levels of a page/post/forum/etc, I can then compare that collection to the membership levels of the logged-in user and render/not render redirect/allow accordingly.
Thanks.
December 21, 2012 at 10:06 pm #42874adminKeymasterI see what you mean. We don’t have any option to do the kind of customization you are after. However, I am giving you an example code which shows you how to find out if a post or page is protected which might help:
$emember_auth = Emember_Auth::getInstance();
global $post;
$is_protected = false;
if($post->post_type == 'post'){
$is_protected = $emember_auth->is_protected_post($post->ID);
}
else if ($post->post_type == 'page'){
$is_protected = $emember_auth->is_protected_page($post->ID);
}
if($is_protected){
//This post or page is protected for this member. Do stuff accordingly
}December 27, 2012 at 6:30 am #42875KSpectatorThanks! Ended up modifying the code somewhat…
function eMember_redirect_instead_of_hide() {
$emember_auth = Emember_Auth::getInstance();
$is_protected = false;
//goes through pages and posts, but can be expanded for pages, posts, categories, comments, etc via the functions in eMember
if(is_bbpress()){
$is_protected = $emember_auth->is_protected_post(bbp_get_forum_id()) && !$emember_auth->is_permitted_post(bbp_get_forum_id());
}
if($is_protected){
header("Location: /member-login");
exit();
}
}Since we are using Thesis as our site theme, just threw this into the custom function file and hooked in at…
add_action('thesis_hook_before_html', 'eMember_redirect_instead_of_hide');
Still need to hide forums in forum listing, but that will be another snippet of code.
December 28, 2012 at 11:32 pm #42876JuryDutyMemberI’m trying to do a similar thing. I want to check and see if a user is the appropriate level for a post and if not, instead of prompting them to login, I want to redirect them to a sign-up page immediately.
I think I can modify your code above to do this, but it’s not working quite right. Here’s what I put at the top of my single.php file, above everything:
<?php
function eMember_redirect_instead_of_hide() {
$emember_auth = Emember_Auth::getInstance();
$is_protected = false;
if($is_protected){
header(‘Location: http://www.google.com’);
// Obviously I’ll change google to be a meaningful page later–this is just for testing.
exit();
}
} ?>
Then in my functions.php file, I put this at the top:
add_action(‘eMember_redirect_instead_of_hide’);
I’m sure this isn’t right as it’s not working, but I think I’m close…can you (or anyone) help?
December 29, 2012 at 11:37 pm #42877adminKeymaster@JuryDuty, That won’t work for your situation. I am guessing your theme doesn’t have a hook for when a post or page is being rendered. So the hook concept wont work exactly as shown in the post replied by user “K”. In your case, you will need to add the code in your single.php file to do the check and then redirect accordingly.
We are currently working on adding a feature so you can redirect user to a specific page when the user is accessing a single post or page that is protected for that user. I think it will be better if you wait for us to finish this feature.
-
AuthorPosts
- You must be logged in to reply to this topic.