Multisite client login restriction

  • Resolved therabidmonk

    (@therabidmonk)


    9 months, 4 weeks ago

    Hi! Firstly, incredible plugin!

    I am running B2BKing on a multisite setup – multiple storefronts, each has their own separate B2B customer. Everything works perfectly, but it has recently come to my attention that they can log in to other shops in the multisite network with full B2B access. For example:

    B2B customer for Shop 1 can visit Shop 2, log in with the same credentials and get B2B prices for Shop 2.

    Is there a way to lock each customer to their own site? I understand user login across multisites is a core WordPress “feature”, so is there a way to only give them B2B status on their own site?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author WebWizards

    (@webwizardsdev)

    Hi there,

    Thanks for using our plugin,

    This is a bit difficult to achieve unfortunately.

    Something that can be possible is to give each customer a different group on each site. That can be introduced by adding this code snippet https://pastecode.io/s/32my713s . After adding it, all customers will lose their groups and groups have to be added again. Groups then become unique to each site (so on site A the customer can have group X and on site B the customer can have group Y).

    However there is currently no option to have actually different B2B / B2C statuses.

    Probably you could lock each site and force customers to register a different account for each subsite, although it may be a bit not friendly for users.

    Thread Starter therabidmonk

    (@therabidmonk)

    Thanks for the reply. My main aim is to not let the b2b customer on Shop 1 have b2b access on Shop 2. Otherwise b2b customer from Shop 1 can buy stuff from Shop 2 at b2b prices when they shouldn’t be able to, which would be a big problem.

    None of the users actually need access to other shops in the network – in fact ideally they should only be able to log into the site they register with – so maybe locking each subsite could be the way to go? Do you have any idea how to do this?

    Plugin Author WebWizards

    (@webwizardsdev)

    Hi again,

    Thank you for your patience on this,

    I think that indeed locking each subsite is the way to go as it seems the easiest / most reliable solution. I think it may be achieved by adding a code snippet to the site:

    add_action('template_redirect', 'restrict_site_access_multisite');

function restrict_site_access_multisite() {
    if (is_user_logged_in()) {
        $user_id = get_current_user_id();
        $blog_id = get_current_blog_id();
        
        if (!is_user_member_of_blog($user_id, $blog_id)) {
            wp_logout();
            wp_redirect(home_url());
            exit;
        }
    }
}

    This may be able to help logout users if they try to access a site to which they were not added – I was not able to check it though as I don’t have a local multisite setup for tests.

    Thread Starter therabidmonk

    (@therabidmonk)

    Thanks for the reply. I couldn’t get that to work straight away but it seems like the right idea. I will see if there’s anything that will make it work.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Multisite client login restriction’ is closed to new replies.