phpBB logon not logging into Simple Membership paywall

[pennymachines]

Hi again.

OK this isn't really a problem with WP_w3all, more a plugin compatibility issue.

I have some paywalled content on a subsite (arena) which is protected by the Simple Membership plugin. I use Simple Membership as the registration gateway for all members of my site, free or paid. Until recently, if a paid member logged in via phpBB, they were also automatically logged into the paid content. Sadly something changed and paid members have to log in via one of the WP subsites. Logging in via phpBB still logs into WP as expected.

It also stopped working from other WP subsites, so I guess something in the SM plugin changed. To fix that, I updated my modal login code from action=<?php echo site_url('wp-login.php'); ?> to action="<?php echo esc_url($arena_login_url); ?>.

I appreciate as this is a plugin compatibility issue, this may be asking too much for a support question

Regards,
David

[axew3]

Going to give it a try asap!
So the scenario of the problem to be reproduced is:

they were also automatically logged into the paid content. Sadly something changed and paid members have to log in via one of the WP subsites. Logging in via phpBB still logs into WP as expected.

to create a paid content, and check if legit users are able to see it, without having to login into subsites?
Where it is located the paid content?
Into the main WP or another subsite?

Which plugin exactly you use?
A search into available plugins return several named with Paywall

[pennymachines]

Thank you!

to create a paid content, and check if legit users are able to see it, without having to login into subsites?

Correct. Legit users logged in via phpBB should be able to access it.

Where it is located the paid content?

All links to paid content are from arena homepage (/arena). This is actually a subsite, but I thought (parhaps wrongly) it has a higher status than the other subsites? The normal user account I PM'd you has paid access to arena content.

The plugin (for paywalled content) is Simple Membership: https://simple-membership-plugin.com/

[axew3]

Hello David.
About that you reported, i am over coming 2.9.7 (that will surprise you looking on how it has been little changed so to have great benefits in term of simplicity and understand how the code is organized) and i noted this:
viewtopic.php?p=6971#p6971

The user "seem" logged out but in true is logged in, but redirected to the wp-login page where it seem to be logged out because the login form display.
So i am asking myself if it could be linked to the same problems you reported?

[pennymachines]

Hi Alessio,

Thanks for your response. My apologies for being so slow seeing it.

I don't think it's related to that previous logout issue.

I think the problem is that Simple Membership uses a cookie that the standard WP login does not.

If, for example, a user logs in from https://mywebsite.com/subsite2/wp-login.php, they are logged into phpBB, WPs, but not Simple Membership content (even when they have a Simple Membership subscription).

Likewise, if they log in from https://mywebsite.com/phpbb/index.php, they are logged into phpBB, WP, but not WP Simple Membership content.

If, on the other hand, they log in from https://mywebsite.com/subsite1/wp-login.php, (the subsite where Simple Membership is activated) they are logged into phpBB, WP, and WP Simple Membership.

Currently I solve the problem with an awkward hack. I modified the phpBB login modal so that it is an iframe of subsite1 which contains the https://mywebsite.com/subsite1/wp-login.php login form.

[axew3]

So, as you describe the behavior, it could be this the reason, and maybe two because i noted also another thing but i have to return over into a MUMS and test it, if you are not against it, and since many years ago you gave me the possibility to access to your test environment, i will maybe ask you again to look and definitively fix reversing the issue. So i will not become crazy on re-create your scenario. Promised that this time we will not fail on detect and fix in minutes
Let me please finish with snippets i am preparing for phpBB so to make it like Discourse in some aspect, and we will go for 3.0.0 that aim to be absolutely perfect, i hope into any scenario and plugin. I am going crazy on looking these days how phpBB could much better in few easy steps.

Anyway, returning to your issue and MUMS with Simple Membership, and what you say about cookie... the plugin code work like this so we could argue maybe, maybe not, but it would be the first thing i would go to see, if the history about cookie is true, probably this happen?...(so maybe you can test)

WHEN a login is DONE in phpBB, phpBB release the session cookie. AT this time the user is only logged in phpBB.
If you are on iframed phpBB, the WP page reload, so it seem all happen at same time, login phpBB and WP but the true obviously is, that the parent WP page containing the iframed phpBB reload, the phpBB released the cookie, so the plugin WP code recognize the cookie through , and login him into WP.
If you are not in iframe, WHEN the user so navigate to WP, if there is a presented cookie uid > 2 and a session cookie, then as above, the plugin code check the session cookie, and if there is a match it login the user again THROUGH the
private static function verify_phpbb_credentials(){
on file class.wp.w3all-phpbb.php

exactly here, if the login in WP happen not due to an user login action in a WP form, but because a phpBB valid session cookie is presented, the code into the private static function verify_phpbb_credentials(){ do this:

Code: Select all

    $remember = ( empty($phpbb_k) ) ? false : 1;
    wp_set_current_user( $wpuID, '' );
    wp_set_auth_cookie( $wpuID, $remember, is_ssl() );

     if(!defined("PHPBBAUTHCOOKIEREL")){
      define("PHPBBAUTHCOOKIEREL",true);
     }

       if ( !defined( 'WP_ADMIN' ) ) // or throw Fatal error: Uncaught TypeError: call_user_func_array(): Argument #1 ($callback) must be a valid callback, function "wp_w3all_phpbb_login" not found or invalid function name ...
       {
        #do_action( 'wp_login', $user->user_login, $user ); # removed
       }

into this, NOTE this commented line of code:

Code: Select all

#do_action( 'wp_login', $user->user_login, $user ); # removed

change into

Code: Select all

do_action( 'wp_login', $user->user_login, $user );

try to restore it

Could you please check if it is the reason of the problem?
Because when a login is done via a presented session cookie, the private static function verify_phpbb_credentials(){ here, do not "propagate" informing all the other code, that the user is being logged in, SO MAYBE, SImple Membership in this case, DO NOT RELEASE his cookie, because has not been noticed of a successful user login?
what inform all others plugins that there is a login is this line:

Code: Select all

do_action( 'wp_login', $user->user_login, $user );

I remember that i removed it probably, because until latest fixes about to make the code running fine into any scenario, because if an hooked function is called before the init, the code anyway instantiate a db connection and do not fail like before, probably now can be restored so to have a more correct flow.

When a login is done in WP, the plugin code release a phpBB cookie AFTER the WP login flow finished, so maybe if the problem is coming out also when logging into WP side, but only in certain MUMS subsites, probably again it is given by something that the Simple Membership do not recognize but the behavior of why this is caused, is a little bit more complicate to explain, even if easy to be fixed in necessary.
Please check if the above fixed as i hope/think!

Let know!