DESCRIPTION

We Built Something

We needed a way to be able to accept an incoming URL from a system that validates users subscription status to securely log them in.

 

WordPress Multisite Plugin for Subscription-Based Content Access

We developed a custom WordPress plugin designed to authenticate users via a referral link from an external subscription management system (XCIS). This solution allows only active subscribers to access specific restricted content on the WordPress site, with the following workflow:

Key Features:

  1. Referral Link Processing: The subscription management system (XCIS) sends users to the WordPress site with a unique referral link. The URL contains key parameters, such as status=ACTIVE and a subscription_id, to validate the user’s active subscription status. For example.
    https://example.com/userreturn?request-ref=66aa4c9635ecf&status=ACTIVE&subscription_id=2365100
  2. Plugin Configuration: On plugin activation, site administrators provide two key input values:
    • The base referral URL from the subscription system (e.g., https://example.com/userreturn)
    • A URL to redirect users after a successful login, allowing them to access the desired restricted content. (e.g., https://example.com/premium-content/)
  1. Validation Process:
    • When WordPress receives the referral link, the plugin checks the status parameter in the URL. If the status is “ACTIVE” and the subscription_id exists, the user is logged in or a new user is created if necessary.
    • If the validation fails, the user is redirected to an “invalid subscription” page.
  2. Redirection to Content: Upon successful validation, users are redirected to the predefined URL (entered during the plugin setup), giving them access to the restricted content.

Example Workflow:

  1. A user subscribes on the external subscription portal.
  2. The user is redirected via a link like:
    https://example.com/userreturn?status=ACTIVE&subscription_id=2365100
  3. If the subscription_id is valid and the status is ACTIVE, the plugin logs in the user and redirects them to the restricted content (e.g., https://example.com/premium-content).
  4. If validation fails, the user is sent to an invalid subscription page.

This system ensures secure access for active subscribers while being flexible enough for potential future multisite use across the WordPress network.