We are using BuddyBoss Platform Pro + Theme. Recently we also invested in the BuddBoss App (released earlier this year).
Our intent all along, was to create a membership site and have our subscribers pay for access to content. BuddyBoss highlights their integration with Memberpress extensively on their site, has integration features that support it, video tutorials about how to set it up etc. Memberpress is working well for us with BuddyBoss Platform Pro and Theme.
However, we have been unable to get it protect content in the BuddyBoss App (IOS and Android). I opened a ticket with BuddyBoss and after a week of no meaningful response - they offered the following:
As per checking with the development team here is the update:
For MemberPress, It does not protect blog posts in the REST API and > App is using REST API to show blog post in a Native way. So if the > MemberPress protect content in blog REST endpoint then blog post would not show in App as well.
Regards,
BuddyBoss Customer Support
We have a general rule in Memberpress that protects all Wordpress Posts. From this response, it appears that BuddyBoss did not consider that users of their App would want to protect the content, even though that feature is heavily promoted on their Platform and Theme value prop.
Is anyone else experiencing this issue, and does anyone have a suggestion to solve it? We already have thousands of users of the App, and they are getting free access to our content subverting our subscriptions business model.
So just to put a bit of context on BuddyPress answer. In short what Memberpress does is restricting the front end access, but any REST API request can still be performed, therefore anyone with a bit of knowledge can access your restricted content.
I'm not familiar with any of those services (BuddyPress) so the following answer is regarding the Wordpress REST API in general.
You can require authentication for all REST API requests by adding an is_user_logged_in check to the rest_authentication_errors filter which will block any external request, locking down your content for logged in users. This can be easily adapted to a specific role eg: when a paid membership is used.
The following example will block any REST API request for non logged in user and non admin.
<?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
};
/**
* Require authentication for all requests. Prevent blank or empty bots request.
*
* Filters REST API authentication errors.
*
* #link https://developer.wordpress.org/rest-api/frequently-asked-questions/#require-authentication-for-all-requests
*/
add_filter( 'rest_authentication_errors', function( $result ) {
// If a previous authentication check was applied,
// pass that result along without modification.
if ( true === $result || is_wp_error( $result ) ) {
return $result;
};
// No authentication has been performed yet.
// Return an error if user is not logged in or isn't a Admin, Editor or Author
if ( ! is_user_logged_in() || ! current_user_can( 'publish_posts' ) ) {
header( 'Refresh: 1; ' . esc_url( home_url() ) );
return new WP_Error(
'rest_not_logged_in',
__( 'You are not currently logged in OR are not allowed.' ),
array( 'status' => 401 )
);
};
// Our custom authentication check should have no effect
// on logged-in requests
return $result;
} );
Related
I have a wordpress website hosted on GoDaddy.
I am an advanced stripe user and have integrated stripe with many Ruby on Rails apps , along with stripe-webhook integration with the Rails. Also i am well versed in how web-hooks work.
But recently i was made owner of a wordpress website hosted on GoDaddy and on that website i am supposed to receive stripe payment failed webhook and then trigger an email based on that webhook event.
I am not able to make much connect with wordpress and stripe from online resources and need help on how to receive stripe-webhooks in wordpress website i.e where to put code to make that happen etc.
I recently had the same problem and pippins stripe integration plugin seemed to answer it but it had a lot of extra code I did not need so I removed it and made a concise version just for the webhook integration: WPStripeWebhook. README is self explanatory. Basically make changes to includes/stripe_listener.php for your events. Also attaching readme here as per stackoverflow guidelines:
Usage:
Copy the complete folder WPStripeWebhook in wp-content/plugins. Go
to website admin page.
Activate the WP Stripe webhook plugin for
plugins section.
After this Settings will start showing Stripe
webhook settings section. Click on it. In the page fill the stripe
keys and check test mode option if you want to test the plugin.
In WPStripeWebhook/includes/stripe_listener.php, make changes for your
event type and email or whatever you want to do in response to
an event. It currently sends out an email.
Important notes and suggestions
For live mode, add stripe webhook endpoint (stripe account -> settings -> account settings -> webhook) like this
https://yourdomain.com?webhook-listener=stripe
For testing locally on your machine, you can use Ultrahook. Its awesome! Set up your keys and username and start ultrahook on your machine using:
ultrahook -k your_ultrahook_key stripe 8888
Add a webhook endpoint url in your stripe account similar to this:
http://stripe.your_ultrahook_username.ultrahook.com/your_wp_website_folder_name/stripe-listener.php?webhook-listener=stripe
And it should start working for you. Also, you might see 404 in ultrahook console. Just ignore it. I would suggest setting up debugging too. It really helps. For debugging, add these to your wp_config.php
define('WP_DEBUG', true);
define( 'WP_DEBUG_LOG', true );
define('WP_DEBUG_DISPLAY', false );
#ini_set( 'display_errors', 0 );
define('SCRIPT_DEBUG', true );
After this, you should see a debug.log file in your wp-content folder and it will display errors and warnings and whatever you print using error_log()
Here is my two cents. For posterity and because the accepted answer didn't do it for me.
We can use the WordPress REST api.
By Extending the REST API and Adding Custom Endpoints through the register_rest_route function.
<?php
add_action( 'rest_api_init', 'wpso40015091' );
function wpso40015091() {
$routes = array(
array(
'namespace' => 'wpso40015091/listener/v1',
'route' => 'endpoint',
//www.example.com/index.php/wp-json/wpso40015091/listener/v1/endpoint
//This is the endpoint to add in your Stripe dashboard webhook section.
//From time to time, depending on your host, the "index.php" might be omitted.
//You can use "get_rest_url()" to Retrieves the URL to a REST endpoint on a site.
//https://developer.wordpress.org/reference/functions/get_rest_url/
'args' => array(
'methods' => 'POST',
'callback' => function () {
//...
},
'permission_callback' => '__return_true',
),
'override' => true,
),
);
foreach ( $routes as $route ) {
register_rest_route( $route['namespace'], $route['route'], $route['args'], $route['override'] );
};
};
The callback function is the event listener. Stripe has a built in generator, refer https://stripe.com/docs/webhooks/quickstart.
earlier in 2015 i started creating a website with drupal 7 that imports instagram-content (images, likes, comments etc.) via Drupal Feeds. Everything worked finde, but the projects stopped then.
Now it seems we start that again but suddenly the import is not working anymore. I always get the following error:
{"meta": {"error_type": "OAuthPermissionsException", "code": 400,
"error_message": "This request requires scope=public_content, but this
access token is not authorized with this scope. The user must
re-authorize your application with scope=public_content to be granted
this permissions."}}
I didnt had to send the "public_content" earlier, so i was just sending "basic"-scope access. And as i said, everything worked well.
Now i inserted also the scope for "public_content" along with "basic" within the oauth-Module for feeds. But still getting the error-message above.
Any hints on that?
Thanks in advance and regards,
Fab
This is due to a Instagram Platfrom Update
You'll have to add public_content scope as Joshi has pointed out - and also you'll need to renew your auth token in the settings page.
Then you'll be good to go.
Here is the solution:
Use following code in instagram_social_feed.module
Function: instagram_social_feed_settings()
if (variable_get('instagram_social_feed_client_id', '') != '' && variable_get('instagram_social_feed_redirect_uri', '') != '') {
$form['authenticate'] = array(
'#markup' => l(t('Click here to authenticate via Instagram and create an access token'),
'https://api.instagram.com/oauth/authorize/?client_id=' . variable_get('instagram_social_feed_client_id') . '&redirect_uri=' . variable_get('instagram_social_feed_redirect_uri') . '&response_type=code&scope=public_content'
)
);
}
This will solve the issus
I currently have a Wordpress Multisite set up with WooCommerce. My goal is to have a shared shopping cart in a GUEST session for a subbblog mapped domain, and full domain itself.
ie the shopping cart would be the same for:
http://www.blog2mappeddomain.com/cart/
and
https://networkdomain.com/blog2/cart/
While I can get the carts working independently, they will have their own cookies on each respective domain.
3 cookies manage the shopping cart experience:
woocommerce_items_in_cart
woocommerce_cart_hash
wp_woocommerce_session_
(Where wp_woocommerce_session_ will be something like this in practice:)
wp_woocommerce_session_e235b4c0280f7763c7ffd1dd8492f8a2
(ref: https://docs.woothemes.com/document/woocommerce-cookies/)
I modified the function wc_setcookie in the file: includes/wc-core-functions.php to set the cookies for both domains|paths with the following:
A normal cookie is set in this function via:
setcookie( $name, $value, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure );
I will add an additional cookie (for each cookie set with:
$temp1 = get_blog_details();
setcookie( $name, $value, $expire, $temp1->path, $temp1->domain, $secure );
However these secondary cookies are not seen when going to the other domain path.
So the question is how can I accomplish execute this via extra coding or server modifications in NGINX or with both.
Thank you for your time
Thankfully for privacy and security, you can't just set a cookie for a different domain due to same-origin policies implemented in browsers.
See the related Cross-Domain Cookies post on StackOverflow for a discussion of options when you control both domains.
The post Cross-domain-cookies - a maybe new idea explains another approach when you control both domains.
I am trying to get a gravity form from my wordpress website to serve as a login form for another application (CakePhp website). The form has two fields-username and password. I have added a hook to submit the form to the other application using gform_after_submission as follows:
add_action( 'gform_after_submission_6', 'mysite_gform_after_submission', 10, 2 );
function mysite_gform_after_submission( $entry, $form ) {
$post_url = 'http://otherapplicationurl.com/login';
$body = array(
"data[User][username]" => $entry[1],
"data[User][password]" => $entry[2],
);
$request = new WP_Http();
$response = $request->post($post_url, array('body' => $body));
//this is to delete the entry
GFAPI::delete_entry( $entry['id'] );
}
The form's confirmation setting is to display some text. But what I essentially want it to do is login the user to the other application and show the homepage of that application i.e redirect to the url "http://otherapplicationurl.com/home".
I keep getting the following error.
WP_Error Object
(
[errors] => Array
(
[http_request_failed] => Array
(
[0] => Too many redirects.
)
)
[error_data] => Array()
)
I don't know how to get the form to log the user in and redirect to the other applications home page.
Thanks in advance.
You've hit a very tricky process here. What you're trying to do is two things simultaneously:
Log in to an external service
Redirect to the user to the service
Technically, this can't be done the way you're looking to do it. And here's why:
You're dealing with cookies. When you log in, data is stored as a cookie/session that will remember who you are as you navigate through the site. The info is also only available to the relevant domain/path, and can only be set from that same domain/path.
The server, not the user, is logging in.
In other words, you're trying to log the user into the service from another domain via the server. In this case, the server will log in on behalf of the user (as it's the server doing the request), but will do nothing with the cookies. Even if we sent the cookies back to the user, they would apply under the original domain and we'd be no closer to being logged in.
Solution 1: Simple, but insecure
What you could do, is make the redirect and the login process the same thing. That is, using a URL such as http://otherapplication.com/login?user=adomnom&pass=awesome (though I strongly discourage that for security reasons).
Solution 2: Secure, but (you guessed it) complex
A safer approach would be to use the structure you have at the moment to generate a one-time login code. That is, the server will request a unique, one-time 'token' from the other application using the login details and use these as part of the redirect. The user is taken to this other page and is logged in using this token as a substitute for credentials. After this, the token should then become invalid.
That way, the other application is the one setting the cookies and no sensitive information is being directly transferred.
And here's how I'd do it...
1. Create new endpoint on the CakePHP side: /get-token
This endpoint will receive the username and password from GET data, then generate, store and return a unique token.
2. Extend /login on the CakePHP side to allow for a 'token' GET variable
Submitting 'token' to /login should also log in the user and delete the token - preventing it from being used again.
3. Update the submission process to use the correct hook
You'll want to use the gform_confirmation hook to do this - it's the hook that deals with redirects and thank you page contents (ie. the stuff that the user is shown after submitting the form).
add_action( 'gform_confirmation_6', 'mysite_gform_confirmation', 10, 3 );
function mysite_gform_confirmation( $confirmation, $form, $entry ) {
// Send login request
$token = wp_remote_post(
'http://otherapplicationurl.com/login',
array(
'body' => array(
"data[User][username]" => $entry[1],
"data[User][password]" => $entry[2]
)
)
);
// Delete entry
GFAPI::delete_entry( $entry['id'] );
// Redirect
return array('redirect', "http://otherapplicationurl.com/login?token=$token");
}
Hope that helps! Good luck!
In this page, I'm using the Contact Form 7 plug in (at the very bottom).
When I fill the form and press send the form stay loading forever.
Any suggestions?
code:
<p>您的姓名 〈需填寫〉<br />
[text* your-name] </p>
<p>您的電子郵件信箱 〈需填寫〉<br />
[email* your-email] </p>
<p>主旨<br />
[text your-subject] </p>
<p>您的信件內容<br />
[textarea your-message] </p>
<p>[submit "傳送"]</p>
(there's isn't really too much code since is a Wordpress plugin).
I'm using Wordpress 3.0.1 and Contact Form 7 (3.3.1)
Step:1
Go to ftp:
wp-content/plugins/contact-form-7/contact-form-7.php
In contact-form-7.php
Step:2
Find:
if ( ! defined( 'WPCF7_LOAD_JS' ) )
define( 'WPCF7_LOAD_JS', true);
Replace:
if ( ! defined( 'WPCF7_LOAD_JS' ) )
define( 'WPCF7_LOAD_JS', false );
upload your file and Try it done.
Try another contact form plugin to see if you can send any email at all. Check your webhost error logs for php errors.
Use the developer tools in your browser to check for Javascript errors. Contact Form 7 uses javascript for some of the form processing, and you may have a Javascript conflict.
The issue might be a server problem. Ask your webhost if there are issues using php mail. Try sending an email manually using php mail; see How to send an email using PHP?
Also, try WordPress › WP Mail SMTP « WordPress Plugins which allows you to test send email via SMTP and will show a log of server actions and which will let you possibly find the issues.
Since I don't want to edit any plugin files I went with the filter options:
// WPC7 forms were not submitting, this fixes that
add_filter( 'wpcf7_verify_nonce', '__return_true' );
add_filter( 'wpcf7_load_js', '__return_false' );
It might be conflict with other plugins, like another contact form? In my case I was using MMForms-Community and Contact Form 7 is the reason.. So in other words, I can not use both as they conflict with each other from WP version 3.0 and up.
Editing contact-form-7.php as mentioned above helped but my emails would not arrive in my inbox, but they were in my sent box.
Similar to my configuration:
Google Cloud for hosting WordPress (WP)
Google’s G Suite for email (smtp.gmail.com)
Contact Form 7 - WP Plugin
Postman SMTP - WP Plugin
Main email - John-Doe#example.com
Alias email - info#example.com
I was able to get the emails to my inbox by using the main-email account in the From location in Postman SMTP instead of the gmail alias because the main was needed for authentication.
Worked: From: John-Doe#example.com To: info#example.com
Did not work: From: info#example.com To: info#example.com
The text below is from the chat session with Google’s Support.
The reason why you have to use a different domain is because the web forms get confused and try to deliver the email at your web host rather than your mail host, they see your domain in the recipient and say "hey this is the same domain where the site is hosted at, it should be the same, lets save some effort looking at the domain’s MX records and lets leave it right here".
The From: field needs to be your primary email address since it requires authentication (aliases can’t authenticate), the TO: field has to be preferably an email not from your domain name, like the test alias example.com.test-google-a.com.
If you are sending it from a website is different, the behavior when it gets dropped is just when you use Gmail web mail or a mail client. For web forms, send the emails to the aliases from the test example.com.consulting.test-google-a.com.
I want to add to VijaiJerald's answer. That particular solution didn't work for me, but it did work when I changed as he proposed:
if ( ! defined( 'WPCF7_LOAD_JS' ) ) {
define( 'WPCF7_LOAD_JS', true);
}
Replace with:
if ( ! defined( 'WPCF7_LOAD_JS' ) ) {
define( 'WPCF7_LOAD_JS', false );
}
But also the following line:
if ( ! defined( 'WPCF7_VERIFY_NONCE' ) ) {
define( 'WPCF7_VERIFY_NONCE', false);
}
Replace with:
if ( ! defined( 'WPCF7_VERIFY_NONCE' ) ) {
define( 'WPCF7_VERIFY_NONCE', true );
}
I also want to note that literally no other solution worked for me (disabling all plugins, changing the WP_DEBUG value, resetting the browser, reinstalling Wordpress, updating and upgrading all plugins, disabling all custom CSS and JavaScripts, etc...) so this might help people that have this issue. I also want to note that while it wasn't working on my laptop (tried multiple browsers), I didn't had this issue on my phone at all.
Usually infinite loading is caused by a problem in your theme. You can overwrite the style/code of Contact Form 7 with javascript and a piece of css.
You can solve this problem with the following piece of javascript:
document.addEventListener( 'wpcf7submit', function( event ) {
jQuery('head').append('<style type="text/css">.aw-no-spinner:before{display:none!important}</style>');
jQuery('body').find('.processing').addClass('aw-no-spinner');
}, false );
jQuery('.wpcf7-submit').on('click', function( event ) {
jQuery('body').find('.processing').removeClass('aw-no-spinner');
});
In this example we use the built-in hook of contact form 7: wpcf7submit
When this event is fired then our piece of code is executed. This piece of code adds an extra class to the loading wrapper of contact form 7. And also we add a piece of css to the head so we don't have to put this in a separate CSS file.
We have also incorporated this solution into a WordPress plugin for users who prefer not to add code to their website or do not have a child theme.
This is the link to the plugin, but you can also use the piece of code described above.
https://wordpress.org/plugins/awcf7-stop-spinning/