I am at my wits' end trying to protect this content. Here's the situation: I have Amember 3.1.8 + 1ShoppingCart + Invision Board. They're all working well together. I have a mixture of membership durations, but the access levels to the content in the Invision Board is controlled by the Board. I have a folder OUTSIDE the Amember tree and outside the Board where I've put subfolders containing pages with embedded video stored on Amazon S3. I also tried putting the folders INSIDE the Amember tree, same result. I've set up protection on the top level folder that has the home page for this set of videos. This video home page is a PHP file that also happens to make a database call to retrieve and display information. That folder is protected with .htpassword. Each subfolder also has .htpassword protection on it. Naturally, I CHMod'd the folders from 755 to 777 and back when prompted. I have tried using .htpassword, new_rewrite, mod_rewrite, php_include, and php_include+autoprepend to protect the video folders. If I type in the path to the protected top-level directory (containing the "video home page" ) when .htpassword is enabled, it prompts for a U&P, and lets me in. When using when using php_include, Always Remember IS set to No. If I dismiss the browser window and type the video home page URL again, it lets me in immediately, no prompting. And this happens whether I am logged in or logged out. My expectation is that I would be prompted each time for a U&P, so I'm a little freaked out that it's not "logging out" when the browser is dismissed. Preferred scenario: users will log into the Invision forum (which is integrated with Amember), click on the link to the top-level folder's home page that I embedded in the navigation, and be taken to the video home page without being prompted again for a U&P. If they click the Back-to-Forum link I provide and then log out of the forum, they shouldn't be able to immediately type the video home page URL and see the home page without being prompted again for a U&P. Not everyone is going to remember the URL to the video home page, but if they bookmark it, the way things stand now, they'll be able to pass that bookmark around. I worked WAY too hard on this content to just let it out there for free. If I can type the URL to the video home page and the page comes up despite the presence of the .htaccess file to the contrary, then the folder protection isn't working and I don't know why. I get the same behavior whether I use .htpassword, new_rewrite, mod_rewrite, php_include, or php_include+auto_prepend. I tried inserting the recommended lines in the video home page and using php_include, and that didn't work either. When I tried mod_rewrite, it would prompt for U&P, but then not display any content on the page. I need to get this content released to my members -- they paid for it! So what am I missing here? Toolie
Trying clearing all of your browser cache and cookies and restart your browser. I've seen the scenario you are describing where admins have logged in with various test accounts, etc. in setting things up and the result is odd behavior like you describe and is not what a typical user scenario would ever see. Clear browser cache / cookies and restart and follow a typical user scenario and see if you have the same issue.
Hi Skippy, I cleared the cache, deleted ALL of my cookies, even rebooted my computer. What you said about using test accounts got me to thinking; I was using a test account with "permanent" status, so I borrowed a paying client's credentials and tried logging in that way. Currently I have php_include+auto_prepend enabled, and if I try to go directly to the video home page URL (not having logged into Amember admin or the forum) with my paying client's credentials, I am directed to the Amember login screen, and then I see the video home page. If I click the back-to-forum link, I see that I'm logged into Invision as my client, and can access the board there. If I log out from there then try typing the video home page URL, I can see access it immediately without being prompted with an Amember login screen again. So it appears to log me in the first time I access the video home page, and never log me out. Does the fact that I'm skipping over to the Forum to log out make Amember forget to subsequently prevent access to the video home page? Should I make the video home page NOT accessible from my Invision Board and just provide the video home page URL the only way to access the that page? Help?! Toolie
I'll preface this with the fact that I don't know anything about the Invision plugin functionality, I'm going to make some assumptions. The invision logout only logs you out of invision, not aMember. You need to modify your Invision template to have the logout link point to \amember\logout.php which should log you off of both aMember and Invision.
It seems that there is a problem with logout. Try to access /amember/member.php after logout, do you see login page again?
@alexander: can you comment on whether the Invision plugin does anything to Invision to force the logout of aMember when you logout of Invision (or change the link to point to aMember logout?) The way he describes it suggests it just logs you out of Invision and not aMember (ie. default Invision behavior)
If I log out from Invision and type in the path to amember/member.php, I find that I am still logged into Amember; I see the member area displaying the payment history and subscriptions. In which file would I make alterations to solve this not-logged-out-of-Amember problem? Thank you both! Toolie
Plugin does not do anything with Invision logout link. But that link should be changed to /amember/logout.php then logout will work. If you need help to make this modification contact us in helpdesk .
Thank you Alexander. Should I also change the log-IN point to aMember instead of Invision? or leave well enough alone? Toolie
@Toolie, are you protecting any digital files, videos, etc. via aMember or just Invision? If so, then yes you should change it to point to login as well to avoid double login for the user.
Amember not protecting folder content consistently-now root member missing Uh-oh, me again. When I changed the Invision template bit to redirect the logout to Amember, the first thing that happened is that my root admin record in Amember disappeared. When I try to re-add it through Amember, it complains that the desired username is already in use, but when I peek at the Amember MySQL database, that member record is completely gone. I can log into Invision using the Root Admin credentials, but when I try to log in through the Amember portal, I can't get in, obviously. Can I re-add that member manually? I need Invision and Amember to be in sync, especially for the Root Admin!! I can see where to add the record (assuming the member table is the only one I need to update) but there are fields where I don't know what I would enter. BTW, there is a selection in the Invision plugin that says that Amember will "never touch the Root Admin" but in this case, that may be a problem. Let's solve this missing record problem before I try changing the Invision template. I found where to do that, but I have reverted the change until I can get the missing Root Admin record replaced. Thanks guys, Toolie
You need to check allow to use admin groups. Then create hidden product and assign it to Invision admin group. Then create user in aMember with the same login/password/email as for Invision admin. Then Add lifetime subscription to admin product. After this you will be able to login into amember with your Invision admin login/password.
Amember not protecting folder content consistently-now root member missing Thank you Alexander for your reply. To be specific, do I create this hidden product and attach it to the Root Admin group? I ask because the Invision plugin by default is set to not touch the Root Admin group, and I just wanted to confirm that. I did check the box that says "Use Admin Groups." Since I'm the only admin, I don't really have a separate group for admins other than the Root Admin group. Should I create one separate from Root Admin? Thanks very much, Toolie
Thank you Alexander. I've set up the hiddent product, but when I went to create the associated Root Admin user with the original username, it complained that the username exists (it's probably checking Invision). I don't want to give up that username -- it has all of my posts and history attached to it. I created a new user with that username plus a number so that I could see what Amember creates and what Invision creates. But now I have 2 users in Invision and one in Amember. If I get into MySQL for Amember and remove the number from the new username, then the info will line up between Invision and Amember, but I'll still have the orphaned new user in Invision. What is the best way to get my original Root Admin Invision user re-aligned with Amember? Thanks, Toolie