Updated: I found that add_action('wp_login', 'c_ws_plugin__s2member_login_redirects::login_redirect', 10, 2);
is causing this bug. If I remove this action subscribers are logged in just fine.
I have a custom login page template at www.localhost.com/login. It’s a basic form with two inputs for email and password on the page. The form is submitted with AJAX to a custom REST end point.
The end point checks the user pass against the user object and signs the user in. I then return the blog URL in a JSON blob and redirect client side.
This does not work when I try to login with a user with a Subscriber role or s2 Member levels. However I am in fact able to login with a Contributor role.
...
$user_obj = get_user_by('email', $email);
if ( $user_obj && wp_check_password( $password, $user_obj->data->user_pass) ){
$user_blogs = get_blogs_of_user( $user_obj->ID );
$first_blog = array_pop(array_reverse($user_blogs));
$first_blog_id = $first_blog->userblog_id;
...
$user_signon = wp_signon( $info, false );
When trying to login with a Subscriber or s2Member level I get a CORS error on console. The http response is including a Location
header with the URL of the blog of the user. If I disable the s2member plugin my login page works for all users including Subscribers.
My multi site s2 option is to have open registrations.