Support » Plugin: Remote Content Shortcode » Can't Get Contents Protected by a Membership Plugin like Wishlist

  • Resolved ricky_diancin

    (@ricky_diancin)


    I have a site that is protected by a membership plugin (Wishlist Member). I am not able to get the content of that site. I have set the proper credetials on the shortcode, any idea on whats happening here?

    Here is the shortcode:

    [remote_content url=”http://socialmediatrainingfordirectselling.com/members/social-media-strategy-templates” method=”GET” timeout=”10″ userpwd=”username:password” htmlentities=”false” strip_tags=”false” decode_atts=”false” selector=”#post-4882″ remove=”img” cache=”true” cache_ttl=”3600″]

    Note: For security reason, I removed the username and password.

    Kindly help me with this conern, thank you!

    https://wordpress.org/plugins/remote-content-shortcode/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author doublesharp

    (@doublesharp)

    Hi @ricky_diancin this plugin is only able to apply the credentials for HTTP Basic Auth. It takes the username and password and passes it Base64 encoded in the headers to do this, which means that unfortunately it doesn’t work for form based authentication which is what your membership plugin is providing.

    One way I can think of to get around this (assuming you have access to the source code of the site) is to use a token to automatically log in as a particular user. As long as you append the token to the URL it will use an action to log in as a particular user. Get a UUID for the token from: https://www.uuidgenerator.net/

    function log_on_user(){
        $token = ""; // https://www.uuidgenerator.net/
        if ( !is_user_logged_in() && isset( $_REQUEST['user_token'] ) && $_REQUEST['user_token'] == $token ){
            $user_login = "username"; // whatever you want the user to be
    
            //get the user
            $user = get_userdatabylogin( $user_login );
            $user_id = $user->ID;
    
            //login
            wp_set_current_user( $user_id, $user_login );
            wp_set_auth_cookie( $user_id );
            do_action( 'wp_login', $user_login );
        }
    }
    add_action( 'init', 'log_on_user' );

    Thank you for the response. I did you suggested. But it is still not working.

    On my function.php file, I added the function you stated above with the token generated from the uuid generator.

    Then I added the token to my request url:

    [remote_content url=”http://socialmediatrainingfordirectselling.com/members/social-media-strategy-templates?user_token=e5d59189136147ceb3b4d5e2968af8a4″ method=”GET” timeout=”10″ userpwd=”username:password” htmlentities=”false” strip_tags=”false” decode_atts=”false” selector=”#post-4882″ remove=”img” cache=”true” cache_ttl=”3600″]

    Note: For security reason, I removed the username and password.

    Is my process correct? Kindly let me know. Thanks.

    Plugin Author doublesharp

    (@doublesharp)

    You don’t need to pass in the username/password, so I would try just using [remote_content url="http://socialmediatrainingfordirectselling.com/members/social-media-strategy-templates?user_token=THE_TOKEN" method="GET"] to see if that works. I’ve had some issues with the PHP css selectors so YMMV.

    I did verify that the code I provided is working, the link in your URL logs you in as yourself, so an admin account. This is a huge security risk since the link is on the Internet in your comment. I would change the token in your code ASAP to make sure someone doesn’t do anything nefarious. That token is like a username+password so you need to make sure it is protected.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can't Get Contents Protected by a Membership Plugin like Wishlist’ is closed to new replies.