S2Member stats error

Just saw this. Reviewing.

Is your site HTTPS at all?

Would you be able to give me mild tinkering access?

Because the stats nonce works fine for me and for other users I’ve corresponded with who are using stats with s2member.

Is your admin HTTPS while your front-end is HTTP?

Do an error_log in fileaway_stats ajax() method at the very top, before the wp_verify_nonce

Log the $_POST['nonce'] to your error log then compare it to the js var from your page’s source code:

var fileaway_stats = {"ajaxurl":"http:\/\/www.yourdomain.com\/wordpress\/wp-admin\/admin-ajax.php","nonce":"763eacf3fb"};

Ok. Will do. Thanks for the pointers.

I sheepishly admit that this website is a mixed mode website. It’s http with secured s2member links to secure content. So when someone presses a link for secure content they are prompted to login. For performance on this low-powered site the page is re-shelled as http even though the user is logged in. A no-no I know. I’m in the process of re-working the site to try to support https in a more sprightly fashion and remove the mixed mode. WordPress operates so sluggishly without caching that it’s difficult to support logged in users on a low-powered host.

You’re right to suspect it. I will do some more testing on a few other multi-sites I manage that don’t operate in mixed mode and see how that goes.

Give me a day and I’ll update this issue report with the testing results from some other multi-sites.

Cheers for now ??

If your admin is HTTPS and your front-end is HTTP, then the nonce will fail, because the ajax() method is handled in the admin, and the nonce is created on the front-end. This is a WordPress limitation.

Before you go, let’s try one thing:

On class.fileaway_stats.php line 22, move this:

add_action('wp_ajax_nopriv_fileaway-stats', array($this, 'ajax'));

to just outside the if(is_admin()) check. See if that fixes it.

Damn. Scratch that. That action needs to be in admin. Just ignore it, and my personal email. I was right the first time. It’s a full on WP limitation with mixed environments.

You’re right on. Mixed mode is the likely culprit. I’ll test on other non mixed mode sites and report back so we can close this off. Based on your feedback it’s unlikely to be a plug-in issue.

Sounds good, man. Thanks for all your feedback and for working through it with me. I appreciate it because I want File Away to be the best it can be.

Problem solved. You were 100% on the money…as soon as I forced my page to HTTPS to match the HTTPS base nonce-related errors went away.

Well spotted and much appreciated ??

Mark this one closed with a satisfied customer.