PWAL Instant Access Users With Special URLs?

I run a newsletter on a site and I want people that have clicked from the newsletter to have full access to content.

I want casual visitors to see the PAWL lock to share the content to see it all.

Is this possible with PAWL? if so... is there a variable you can pass to bypass PAWL in the url that the users click on in the newsletter links?

Thanks
Chris

  • Jack Kitterhing
    • Code Norris

    Hi there Chris,

    Hope you're well today and thanks for your question.

    There is a workaround we could do, in Pay with a like > settings, you can allow authorized users to see full content, this is based on a WordPress role.

    You could create a new role using something like this https://wordpress.org/plugins/user-role-editor/ and then move the people who are subscribed to the newsletter into that role and then they'd have access to the content.

    Would that work for you?

    Thanks!

    Kind Regards
    Jack.

  • wpmudev75
    • The Incredible Code Injector

    Hi @Jack Kitterhing

    Thanks for replying and I hope you are having a great day too!

    The users aren't registered as part of my blog so this would not work for me.

    They are coming from an external email management system aWeber.

    I was hoping that I could use "special" urls to be able to give them a free pass to seeing full content.

    Is there any way I can make that happen?

    Thanks
    Chris

  • aristath
    • Recruit

    Hello again Chris,

    I was hoping that I could use "special" urls to be able to give them a free pass to seeing full content.

    Is there any way I can make that happen?

    I'm afraid I can't think of any way to do this... You'd have to do some extensive custom coding in order to achieve this!
    You'd basically have to fool the system into believing that users coming from these "special" URLs have a membership.
    If you're not comfortable with PHP I would suggest you post a new job in our Jobs Board on https://premium.wpmudev.org/wordpress-development/ so that a skilled developer can do that for you.

    Cheers,
    Ari.

  • wpmudev75
    • The Incredible Code Injector

    Hi @aristath

    I wasn't specifically looking to trick the wp membership system as that would be a security flaw discovery in wp.

    I am more specifically looking to bypass the regular functionality of the PWAL plugin itself by making it think that the content is already shared and in doing so allowing the users to see the full content.

    Is there any way I can pass a parameter in the page url that would tell the plugin that this user has already shared? I see that it uses cookies so there must be something that is available to enable bypassing.

    Thanks
    Chris

  • aristath
    • Recruit

    Hello again Chris,

    I have just notified the plugin developer on this post.
    Hopefully his insights will help us figure out what you want to do! :slight_smile:

    Please keep in mind thought that plugin developers have a lot of responsibilities so this could take a bit longer than a normal ticket.

    Cheers,
    Ari.

  • Paul
    • The Green Incsub

    @Chris,

    Is there any way I can pass a parameter in the page url that would tell the plugin that this user has already shared? I see that it uses cookies so there must be something that is available to enable bypassing.

    Not a special URL really. That would require too much coding logic to implement then even more to ensure only the allowed users get access. As you mentioned PWAL does use cookies. Yes, that would be the route I would take. You would need to pre-set the cookie when the user leaves from the aweber system. This is not something to be done from within PWAL

  • wpmudev75
    • The Incredible Code Injector

    Thanks @aristath and @Paul

    I will see if I can find a way to set a cookie when exiting aWeber to make this all happen.

    Without it I can't automate the hidden sections.

    Another thought I had related to this plugin is that it would be awesome if there was a way to be able to add subscribe to my newsletter and a button besides the other existing buttons to encourage people to go and sign up to see too.

    Thanks
    Chris

  • Jack Kitterhing
    • Code Norris

    Hi there Chris,

    Hope you're well today.

    Another thought I had related to this plugin is that it would be awesome if there was a way to be able to add subscribe to my newsletter and a button besides the other existing buttons to encourage people to go and sign up to see too.

    Sign up for the site do you mean to see the hidden content?

    Thanks!

    Kind Regards
    Jack.

    • wpmudev75
      • The Incredible Code Injector

      Hi @Jack Kitterhing

      Yes... that was what I was thinking... if they click off to sign up then it could open up the content ... probably a bit hard to do as it would need to work somehow with the mail sign up system of my processor.

      I will have to think a bit more on this and if it is reasonable to make happen.

      Cheers
      Chris

  • Paul
    • The Green Incsub

    @Chris,

    Hav been thinking about this more today helping out another member with some display issue.

    There is a filter hook within the plugin just as it starts to process the content. You could write some code to check this filter and determine if the user should see the full content or the buttons. This is an override for you.

    The filter is 'pwal_display_buttons' and you would call it like the following.

    add_filter('pwal_display_buttons', 'my_pwal_checker', 10, 2);
    function my_pwal_checker($display_buttons, $post_id) {
       // some logic where you check some internal value to determine if the user can see the hidden content. The second function argument $post_id is the post ID of the post being viewed.
    
      // Return true to show the buttons. Return 'false' to show hidden content.
    
    }
    • wpmudev75
      • The Incredible Code Injector

      Hi @Paul

      Thanks for that hook.

      I will see if I can figure this out to make it happen.

      I am not that strong on coding at this level although I am good at figuring out hacks to make things happen usually.

      If I get a working solution that will help others I will come back and share it here.

      Cheers
      Chris

  • wpmudev75
    • The Incredible Code Injector

    @Paul

    I see that you have the option to show everything to 'bots'.

    I am wondering if there is a way one could pass ?uas=bot through on the url to make PWAL think this is a bot and it's ok?

    I tried switching useragent on my browser to test if bots were allowed on through and I couldn't get it to work ... what methods do you use to test useragent=bot for a pass?

    Cheers
    Chris

  • wpmudev75
    • The Incredible Code Injector

    Ooops!

    @Paul

    I think I may have found something by accident.

    I don't want to assume that I know anything although when looking deep into the code I noticed what may be a fault in functionality and thought it best to report it.

    I was looking to fool the PWAL functionality to make it see me as a search bot by passing something via GET.

    As part of that I set up a user agent spoofer to make me look like I am Baiduspider for testing.

    I then went to a test url I had set up with one section open to viewing and another that you have to pay to see... and hit it with the ?PWAL_DEBUG tagged on the end to see what you see when debugging.

    I noted in pay-with-a-like.php at line 563 you are getting the current user ID and then if that ID doesn't exist then you are setting this user is NOT a logged in user.

    That is all fine however the code for checking for the user agent = bot is in the logged in user section and as I understand it all bots will not be logged in so this code will never trigger.

    I had a play with this copying the exact code for checking bots ( line 584 - 591 ) and pasted that at 624 and re-tested ...

    Test 1 - spoofed uas bot and buttons NOT displaying as to be expected.

    Test 2 - User agent = default and tested expecting the buttons to DISPLAY and they did.

    I think this might be a small coding error and thought it best to report it.

    I hope this report is well received.

    Thanks
    Chris

  • Paul
    • The Green Incsub

    @Chris,

    Excellent! Yes, that is indeed an error. The bot logic obviously needs to be outside of the condition for the logged in user. I'll probably just move that to the top of the function since it will save some other checks. About to release a new version of PWAL in the next 24 hours. Will make sure I have included.

    So are you solved then on your secret URL issue?

  • wpmudev75
    • The Incredible Code Injector

    Hi @Paul

    Great!!... I look forward to the new update.

    I haven't solved the secret URL issue as yet.

    I got stuck on what to put where in the function and then return that true to make it work so far.

    Is there any way to add in a YES/NO box for being able to check whether we have a secret url being pinged?

    Ideally if I could pass ?pwalpass for example on the end of a url it would be so simple to implement.

    I am sure other users like @Carlos Ramos would love to see this if it isn't too hard to add in to the new code being released.

    I think the main thing to consider with this is that savvy users seeing the special addition to the url will figure out how to bypass all pwal locks in a moment and I am good with that as I don't mind if people are smart.

    I will keep on with my experiments here in the meantime to see if I can figure out how to write this function the right way as I am not super strong in php.

    Cheers
    Chris

  • wpmudev75
    • The Incredible Code Injector

    Hi @Paul

    I have been looking at the code and noticed that line around 805 where you have the hook for pwal_display_buttons doesn't seem to get run at all.

    this line : $display_buttons = apply_filters('pwal_display_buttons', $display_buttons, $post->ID);

    I put an echo before and after and tried it in DEBUG and normal mode to no avail so I figure that trying to pass something into that hook will mean that it isn't even processed.

    Am I missing something here?

    Cheers
    Chris

  • Paul
    • The Green Incsub

    @Chris,

    I'm not sure what you mean. The apply_filters is WordPress function which lets you create your own filter function to hook into the PWAL processing.

    For example you can setup a filter and filter function like the following and it will be called when the PWAL plugin reached that step. The filter function lets you override the $display_buttons (true/false) value.

    add_filter('pwal_display_buttons', 'my_pwal_display_buttons', 10, 2);
    function my_pwal_display_buttons($display_buttons, $post_id) {
    	echo "in ". __FUNCTION__ ."<br />";
    
    	return $display_buttons;
    }

    I'll be changing this filter slightly to pass more parameters. Mainly to include the 'content_id'.

  • wpmudev75
    • The Incredible Code Injector

    Thanks @Paul,

    I just plugged this into my localhost dev site and for some reason when I hit the site with a user agent I was testing with previously it appears that it is somehow not displaying the buttons although when in DEBUG I see that it is definitely reporting (bot) true.

    I will come back if something becomes obvious.

    I hope that you are seeing my posts as helpful as I don't want to be seen to be being difficult. I am trying to help as I want this to work for us all : )

    Cheers
    Chris

  • wpmudev75
    • The Incredible Code Injector

    Hi @Paul

    I am not sure if this is an issue or not.

    I am working with the new version of the plugin v.2.0.1 and it is working great except I tried some testing of the user agent and it seems that the plugin is recognising the UA as a search engine bot but then doesn't display the content.

    In testing I use the plugin User Agent Switcher in FF and am hitting it as if I am the Googlebot.

    Is this something I should be concerned about?

    Cheers
    Chris

  • Paul
    • The Green Incsub

    @Chris,

    The PWAL code to determine if the user is a bot was something from the original plugin developer that I've not changed. I'll need to review the function and test things to see if I have the same issue. Thanks.

    You should see the function is_bot() in pay-with-a-like.php line 3304.

    function is_bot(){
    	$botlist = array("Teoma", "alexa", "froogle", "Gigabot", "inktomi",
    		"looksmart", "URL_Spider_SQL", "Firefly", "NationalDirectory",
    		"Ask Jeeves", "TECNOSEEK", "InfoSeek", "WebFindBot", "girafabot", "crawler", "www.galaxy.com", "Googlebot", "Scooter", "Slurp",
    		"msnbot", "appie", "FAST", "WebBug", "Spade", "ZyBorg", "rabaz",
    		"Baiduspider", "Feedfetcher-Google", "TechnoratiSnoop", "Rankivabot",
    		"Mediapartners-Google", "Sogou web spider", "WebAlta Crawler","TweetmemeBot",
    		"Butterfly","Twitturls","Me.dium","Twiceler");
    
    	foreach($botlist as $bot){
    		if( strpos($_SERVER['HTTP_USER_AGENT'],$bot)!== false )
    		return true;	// Is a bot
    	}
    
    	return false;	// Not a bot
    }
  • Paul
    • The Green Incsub

    @Chris,

    I just tried the User Agent Switcher and was able to get this working. As I mentioned on your other thread the shortcode processing does not follow the same logic like the in-post shortcodes. Mainly if the post_id is not part of the shortcode parameters when used outside of the loop then if does not check for example if the user agent is a bot. I'm looking to change this but for now that is the logic.

  • Paul
    • The Green Incsub

    @Chris,

    Do you have a way to write faux cookies for testing with this plugin that is easy enough to implement?

    No, As of PWAL 2.0 the cookie logic is all moved to JavaScript just because having to support the widest number of themes you get into issue trying to set a cookie when the then has already posted some content. And eve if it did I would prefer you not use PWAL like that.

    So here is my understanding of what you are attempting. This is just from reading this thread.

    Per the first line of this post "I run a newsletter on a site and I want people that have clicked from the newsletter to have full access to content."

    Ok simply put what I would do it just set your own cookie using your own information that the user has clicked on the newsletter. Then you can use/set your own cookie validation/expiration limited and not be concerned with PWAL.

    So how does the user then get the content unlocked via PWAL? Pretty easily. I've mentioned the filter before in this thread. Using the 'pwal_display_buttons' filter from PWAL you would then within your own filter function check if the user already has your special newsletter cookie. If they do then return false (means don't display buttons). Then there is not secret URL or user agent logic to worry about.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.