Help

<== Update Gallery

WordPress Link

Note that these are setup instructions. The actual login process when this is set up is initiated from the member's WordPress site.

This option allows you to configure your own WordPress site so that other members can use their membership of this Member's Area to login to your WordPress site with whatever access level you want to give them all. Instead of creating a login on your site, members can use a special link that you will add to your site to login to your site via their login here. Note that this setup will automatically register members of this site as members of your site the first time they use the special login link.

To set this up you need to do several things.

  1. Optional but recommended. Install a plugin on your WordPress site that limits access to the back end to prevent members from changing their profile information. This will prevent anyone who ceases to be a member of this site from changing their password at your site so as to allow them to continuing to access your site as if they were still a member. The "Remove Dashboard Access" plugin is one option for doing this. If you don't care about this then skip this step.
  2. If you want to give members a special role then install a plugin that allows you to create that role. One plugin that can do this is 'WPFront User Role Editor'.
  3. You need to set up the configuration on this site so that it knows where your WordPress site is located and what level of access you want to provide to members. You set this up using the form below. The URL is the address of where your site is located (you can copy this from the address bar of your browser when you access your site), the role is the one you want members to be assigned when they access your site (either one of the standard ones or a custom one you create via a plugin), and the Page is the page of your site you want them to see when they are logged in (leaving this field blank will default to the home page of your WordPress site). Note that saving this information will create a special security token that will be needed by the login processing in order to access your site.
  4. The next step is to download a file and install it in the main folder of your WordPress site (the location you entered in the URL field). This file will be dynamically generated specifically for your site with values set at the top of the file that specify the information needed to make the login request secure as well as to identify what role you want to give to members and what page they should end up on once they login.
  5. You will need to add a link to your site that members of this site can use to login. The link to add to provide a login request is http://memsite.club/rxfr.php?m= (note that your membership number on the end identifies this as a link to login to your WordPress site rather than some other member's WordPress site.

The process that this setup uses to allow members of this site to securely login to your site involves the following steps. This particular series of steps make it extremely unlikely that anyone other than the member who logged in to this site will be able to use the script added to your site to be able to login - it would be easier for them to hack your existing WordPress code.

  • The member clicks the link on your site that you added in the last step above.
  • The script checks if they are logged in to this site already. If they are not then it redirects them to the login page and only returns to the script once they are logged in.
  • The script then saves a special entry in the database that identifies who is trying to log in to your site and the address of the computer they are trying to login from.
  • That script then calls the script you added to your site passing a token that identifies the member who is currently logged in.
  • The script on your site does a special callback to another script on this site, passing your member number, the special token that identifies your site and the address of the member's computer.
  • The script on this site checks that the information passed matches the information saved just before the script on your site was called and if it does then it passes the member's membership number, first name and branch back to the script on your site along with a special token that is based on this information and other information that only the two sites know.
  • The script on your site rebuilds the special token from the information it has and compares it to the one passed to it. If they match and member info was provided then it adds the string 'mem' to the front of the member number and tests to see if that username is already registered on your site.
  • If the username isn't registered then the script registers the member with the specified role and generates a hard to guess password (that the member will never see if you block their access to update their profile - so that they can't login to your site directly as they don't know their password for the normal login).
  • Finally, the member is logged in and redirected to the page you want them to be on when they first login successfully.

Club Officials ==>