URI / Custom Capabilties and mu-plugins

Hello WP Sharks,

I am starting this post in regard to an old topic which I found on s2Member old forums:
https://www.s2member.com/forums/topic/uri-and-custom-capabilties/

I am trying to use s2-hacks.php (as is described in the old forum) in order to restrict access to some specific URIs on my site based on Custom Capabilities.

I’ve uploaded the file (s2-hacks.php) to /wp-content/mu-plugins/ which immediately brakes the site. I got HTTP ERROR 500 and the following information in the error_log:

PHP Parse error: syntax error, unexpected ‘;’ in /home/path/public_html/wp-content/mu-plugins/s2-hacks.php on line 8.

This is quite strange because on line 8 in s2-hack.php we have just this:
$allowed = FALSE;

Has anyone experienced the same and do you have an idea how to make this works, since it is very important to restrict access to certain URIs based on ccaps.

Thanks in advance for your advice!

Stefan

I think the code got a bit mangled, so you lost the square brackets. In any event, the code looks a bit old and, in some places, doesn’t follow what would now be considered good WordPress practice. Try this instead:

<?php
// Only allows access to a specific URI if user has the corresponding Custom Capability
function my_custom_capabilities() {
	$allowed = TRUE;

	if ( fnmatch ( '/members/', $_SERVER["REQUEST_URI"] ) && !current_user_can( 'access_s2member_ccap_members' ) ) {
		$allowed = FALSE;
	}

	if ( fnmatch ( '/secret-area/', $_SERVER["REQUEST_URI"] ) && !current_user_can( 'access_s2member_ccap_james_bond' ) ) {
		$allowed = FALSE;
	}

	// If any of the URIs above matched, but the user did not have the necessary ccap, redirect to Membership Options
	if ( FALSE === $allowed ) {
		wp_safe_redirect( S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL );
		exit;
	}
}
add_action ( 'template_redirect', 'my_custom_capabilities' );

Hey Tim,

Thanks for the revision! Actually It worked partially - didn’t brake the site, but the functionality I am looking for is still missing…

Does anyone have working solution of how to restrict access to certain URIs based on CCAPS not on User Levels?

Best,
Stefan

Not sure what the point of bold was in your last post, but try changing fnmatch to preg_match in the above code, so that it now reads:

// Only allows access to a specific URI if user has the corresponding Custom Capability
function my_custom_capabilities() {
	$allowed = TRUE;

	if ( preg_match( '/members/', $_SERVER['REQUEST_URI'] ) && !current_user_can( 'access_s2member_ccap_members' ) ) {
		$allowed = FALSE;
	}

	if ( preg_match( '/secret-area/', $_SERVER['REQUEST_URI'] ) && !current_user_can( 'access_s2member_ccap_james_bond' ) ) {
		$allowed = FALSE;
	}

	// If any of the URIs above matched, but the user did not have the necessary ccap, redirect to Membership Options
	if ( FALSE === $allowed ) {
		wp_safe_redirect( S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL );
		exit;
	}
}
add_action ( 'template_redirect', 'my_custom_capabilities' );
1 Like

Hi Tim,

The point of bold was only eye-catching, sorry if I left any other impressions :slight_smile:

Thanks for the update, but it still doesn’t work. I even doubt that the s2-hacks.php has any impact on the site, since my last test was to change the S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL to S2MEMBER_CURRENT_USER_PROFILE_MODIFICATION_PAGE_URL just to see what would happen. Even with the string changed, when I am trying to access the restricted URI and I’m redirected to the sign up page.

Here is the code I have:

<?php
// Only allows access to a specific URI if user has the corresponding Custom Capability
function my_custom_capabilities() {
	$allowed = TRUE;

	if ( preg_match( '/product/', $_SERVER['REQUEST_URI'] ) && !current_user_can( 'access_s2member_ccap_vendor' ) ) {
		$allowed = FALSE;
	}

	if ( preg_match( '/shop/', $_SERVER['REQUEST_URI'] ) && !current_user_can( 'access_s2member_ccap_vendor' ) ) {
		$allowed = FALSE;
	}

	// If any of the URIs above matched, but the user did not have the necessary ccap, redirect to Membership Options
	if ( FALSE === $allowed ) {
		wp_safe_redirect( S2MEMBER_MEMBERSHIP_OPTIONS_PAGE_URL );
		exit;
	}
}
add_action ( 'template_redirect', 'my_custom_capabilities' );
?>

Have you recently tested this s2-hack on WordPress site and confirm that it’s working properly?

Thanks a lot!

Stefan

Stefan, I didn’t test the first bit of code originally, because all I did there was tidy it up. But when you said it still didn’t work, I did test it (and got the same result as you) so then came up with the revised version, which I tested in my theme’s functions.php file, where it does work.

I just tested it again as an mu-plugin and, again, it does work for me. (By the way, if you use it as an mu-plugin, you should leave out the closing ?> tag. I doubt it’s the cause of the problem here, but it can help to avoid some other problems.)

It appears something else is interfering with this code on your site.

1 Like

Thanks Tim!

Really appreciate your help!

Since the code didn’t work for me, I found a way around using this plugin to achieve what I needed (giving my ‘vendors’ the permissions of premium users).

Thanks again. I hope this topic would be useful to someone else who is looking for similar solution.

Best