Membershipworks and Powerpress

  • So… we have been dealing with authentication issues for months on our feed, which is password protected.

    We use Membershipworks for member management and they do insert themselves into the login process. However, they update the WordPress database with the correct password.

    I do not believe that it is related to server setup (i.e, .htaccess issues). I have concluded this because I can use my Administrator account to login/logout of the website as well as authenticate the feed. When I use a “normal” account (Premium Subscriber role) the feed does not authenticate.

    Some months back I emailed with y’all about these authentication issues. We came up with this code that goes in the file powerpress-feed-auth.php:

    // old code
    // $userObj = wp_authenticate($user, $password);

    // if( !is_wp_error($userObj) )
    // {
    // Check capability…
    // if( $userObj->has_cap( $FeedSettings[‘premium’] ) )
    // return; // Nice, let us continue…
    // powerpress_feed_auth_basic( $FeedSettings[‘title’], __(‘Access Denied’, ‘powerpress’) );
    // exit;
    // }

    // new code
    $userObjID = get_user_by( ’email’, $user );
    if( !is_wp_error($userIDObj) )
    {
    $userObj = wp_authenticate($userObjID->user_login, $password);
    if( !is_wp_error($userObj) )
    {
    // Check capability…
    if( $userObj->has_cap( $FeedSettings[‘premium’] ) )
    return; // Nice, let us continue…
    powerpress_feed_auth_basic( $FeedSettings[‘title’], __(‘Access Denied’, ‘powerpress’) );
    exit;
    }
    } else {
    powerpress_feed_auth_basic( $FeedSettings[‘title’], __(‘Access Denied’, ‘powerpress’) );
    exit;
    }

    I thought this had fixed us up, but when I add it to the latest update, no go. BTW, we made this change because Membershipworks wanted the email to be verified. In any case, I can login/out using the standard WordPress login page (using the email address as the username) so I would think that PowerPress would do the same.

    Now, I am wondering if that coding “fix” ever worked. The fact that Adminstrators can login but Premium Subscribers cannot is confusing.

    What capabilities would my Administrator role have that the Premium Subscriber role does not have that is affecting this?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Angelo Mandato

    (@amandato)

    I don’t think the code fixed your issue. We tweaked the code to look for an @ sign in the login address before using your logic, that way otherwise regular wordpress plogin names would still also work.

    ref in powerpress-feed-auth.php in recent versions:

    				if(  strpos( $user, '@', 1 ) !== false ) {
				$userObjID = get_user_by( 'email', $user); // Get the user by email
				if( !is_wp_error($userIDObj) )
					$user = $userObjID->user_login; // Use the user's login (not email) to authenticate
			}

    I personally looked into this and I thought I emailed you the final changes based on your feedback. We tweaked it to use the get_user_by() function but only if we found an @ sign in the username.

    I am still not sure this code was ever needed. If you look at the code in wp_authenticate in WordPress it uses the “get_user_by” function call. I just re-studying this with WordPress 5.2.2 to confirm…

    The wp_authenticate() function calls filters including: wp_authenticate_username_password and wp_authenticate_email_password. The filter wp_authenticate_email_password uses get_user_by with email passed as a parameter. So as long as the username is the user’s email address, the 2nd filter will be handled. From my testing this is the case as well. The only reason this may not be working is if you have a plugin manipulating these filters. In this case the logic we added for you should work, again as long as the username has an @ sign in it which is required for an email address.

    When you use the current logic in PowerPress, do you get the error: ERROR: Invalid username, email address or incorrect password.

    If you do, then something is manipulating the filters mentioned above. If you do not, then things are working correctly as far as the wp_authenticate() being able to locate the account by email or username. This code in wp_authenticate() can be found in file wp-includes/pluggable.php, line 521-562.

    One other thought, your membership plugin may be replacing the pluggable.php with their own wp_authenticate() function. You may want to grep/search the code in the membership plugin to confirm this. If this is the case, you should be able to add this logic you are referencing in the membership plugin’s wp_authenticate() function.

    Thanks,
    Angelo

    Thread Starter tedstur

    (@tedstur)

    Angelo,

    Thanks for the prompt reply. Well, you are probably right about updating the code from what I pasted. I remember that conversation but can’t find that email in my user stream.

    I will check with membershipworks about pluggable.php although I rather doubt they do.

    When we do this in powerpress, the error is Wrong Password on the Activity Log plugin that we are using.

    • This reply was modified 5 years, 4 months ago by tedstur.
    Thread Starter tedstur

    (@tedstur)

    So, I have confirmed that they do not modify wp_authenticate() and the server is not using FASTCGI.

    Plugin Author Angelo Mandato

    (@amandato)

    Hello @tedstur,

    Did you say some logins work and some do not? If some accounts work then there is not an issue with the server, the issue is with the roles and capabilities.

    Thanks,
    Angelo

    Thread Starter tedstur

    (@tedstur)

    Still a problem for me…

    Here is my status:

    No logins are working at all. Not even admins.
    I have disabled all Plugins that affect member access. There were four of them that I could find. Still no luck.
    The regular, unprotected feed works fine.
    Under “Protect Content”
    Require user to be signed-in to access feed. <– Checked
    User must have the following capability: Premium Content
    Under User Role Editor:
    Premium Subscriber Role exist and has premium_content, read, read_feed, and read_feed_source checked

    What can I check to debug this??

    Thread Starter tedstur

    (@tedstur)

    I have to get this fixed. How can I sign up for some paid assistance with this?

    Thread Starter tedstur

    (@tedstur)

    Please help.

    I have turned off the Membershipworks plugin. I cannot log into password protected feeds.

    Plugin Support Shawn

    (@shawnogordo)

    Please go here:
    https://www.blubrry.com/contact/
    Click the Select link underneath All Other Inquiries and choose Technical Support. Fill out the form with your questions and someone will get back to you with assistance.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Membershipworks and Powerpress’ is closed to new replies.