MG Member Control

Support for MG Member Control, a WordPress plugin.  Shortcodes, styles, and settings are documented below.

Shortcodes

[mgmc_userform]

If not logged in, displays a login form with options to register or reset your password.  If logged in, can optionally display user name and/or avatar.  Display can be controlled through the MGMC settings, or through shortcode parameters.

Argument Useage
showavatar If ‘yes’, users avatar is shown if logged in.
showusername If ‘yes’, users name is shown if logged in.
showlogout If ‘yes’, then a ‘logout’ link is shown if user is logged in
hidepasswordreset If ‘yes’, then the password reset option is hidden when user is not logged in
hideregister If ‘yes’, then register link is hidden if user is not logged in.

[mgmc_usercontent]

Displays content based on whether user is logged in or not, or based on their role. Example:

[mgmc_usercontent logged-in=yes]
 you are logged in
 [/mgmc_usercontent]
 [mgmc_usercontent logged-in=no]
 you are not logged in
 [/mgmc_usercontent]

Parameters:

Argument Useage
Logged-in If ‘yes’, show content if user is logged in, defaults to ‘no’.
role Will only show content to specific user role (must be logged in).

[mgmc_terms]

This simply displays the terms and conditions setup in the MGMC setting for ‘Terms and conditions’.

[mgmc_userkey]

This outputs the current users user key for sharing users. You wuld typically only use it to build a link to another website, and only do that when the user is logged in. A typical example would also use the mgmc_usercontent shortcode:

[mgmc_usercontent]
 Visit <a href="http://www.demo2.com/?mgmc_act=userkey&mgmc_userkey=[mgmc_userkey]">Demo2</a>
 [/mgmc_usercontent]

Styles

The MGMC component use several styles that you can adapt with the ‘Custom CSS’ feature of WordPress and themes. In general, the components should match your theme, but these classes allow simple adjustments to your preferences.

Class mgmc-userform
This class wraps the output from the mgmc_userform shortcode.

Class mgmc-usercontent
This class wraps the content from the mgmc_usercontent shortcode.

Class mgmc-error
This class wraps the output of MGMC error messages.

Settings

Access

Disable Adminbar for non-admin users?
When checked, the admin bar is hidden if a non-admin is logged in:

Disable dashboard access for non-admin users?

If checked, users will be blocked from accessing the dashboard or their profiles. Instead, they will be redirected to the home page.

Override WordPress registration policy?

When checked, the ‘Register’ options on MGMC forms and widgets are enabled, even if the WordPress option ‘Anyone can register’ is turned off. Normally, if you disable WordPress ‘Anyone can register’, then MGMC will hide all of its registration options.

Hide register form

If checked, none of the registration options in MGMC forms and widgets will be hidden from visitors. Visitors can still register through WordPress if the WordPress option ‘Anyone can register’ is on.

Hide password reset form

If checked, then the ‘reset password’ options will be hidden from MGMC forms and widgets.

Implement ability to disable users (edit users profile to disable)

Allows you to disable users without deleting them (so they can’t just re-register). If checked, then a new ‘Disabled User’ checkbox is displayed on user profile screens (only visible to site admins). Checking this box will stop the user from being able to login. They will not be able to reset their password or register again.

Implement simple captcha for registration

If checked, then a simple captcha image is implemented in registration forms for additional validation:

If the user doesn’t enter the correct text, the registration is declined. If checked, then Google reCaptcha option is hidden.

Google reCAPTCHA

reCAPTCHA Site Key:

reCAPTCHA Secret Key:

Enable reCAPTCHA for registration by filling in site and secret keys. This feature cannot be used with the simple Captcha. Visit https://www.google.com/recaptcha/intro/ for more information on how to setup your account and create your keys.

Appearance
Replacement footer (may not work on all themes)

You can place HTML in this field to have it replace the footer on most themes. For example, to replace ‘Powered by’ text.

Hide titles in mgmc_userform shortcode

If checked, then the MGMC forms like login and register will not show their titles.

Hide ‘By Author’ text in posts and pages.

Check this to hide the author name in pages and posts. May not work in all themes.

Disable post title link

Checking this option will disable the link displayed on posts and pages when viewing that page. May not work on all themes. The text is still visible, just the link is disabled.

Hide avatar in Widget
Hide username in Widget

If checked, these options hide the user’s avatar or user name in the widget. They are displayed by default.

Show avatar in MGMC logged-in form
Show username in MGMC logged-in form

If checked, these options show the users avatar and username in the mgmc_userform short code. They are hidden by default

Widget URLS

URL to Login page:
URL to Register page:
URL to Password Reset page:

These URLs are the links used by the widget. If blank, then the users current page is used. The desired pages should contain the [mgmc_userform] shortcode. Once set, the MGMC widget displays links to the page:

Note that if they are blank, then you will see no links for Log In, Register, or Lost Password in the widget. These are useful if you implement a dedicated login page, instead of providing a login form on any page.

Hide menu items

Select menu items to hide from non-logged in users

If you have a menu implemented, this option will allow you to select pages that will be hidden from non-logged in users. Access to the pages is still possible if the visitor knows the URLs, so you can protect their content with other shortcodes, like [mgmc_usercontent].

Password complexity

Enable password complexity?

Check to force new users to register with complex passwords. Passwords must be eight characters or more, with at least one uppercase letter, lowercase letter, digit, and special/symbol character. Passwords should not contain username or email. Existing users will not be affected.

Terms and conditions

Accept terms / conditions in the registration form?

Check this option to display a ‘Terms and condition’ checkbox that new users must click in order to register.

Checking this option makes 2 edit fields visible:

Terms and conditions message

Enter the message to be displayed along with the checkbox. In the second edit box, enter the full text to the site terms. This should be html-formatted text, and you can use {sitename} to refer to the name of your site.

Registration

Validate user registration through an email?

If checked, new user registrations will receive an authentication email with a link to activate their account. If unchecked, then new users can immediately login to the site.

Validation email subject and message:

Enter the subject and message body to be sent for activation. The message can contain HTML, and both can contain special macros:

Macro Replaced with
{sitename} Site name
{url} Homepage url
{admin_email} Administrative email contact
{description} Site description
{activationlink} Link to activate account

Send welcome email to new users
If checked, a welcome email is sent to users when the register or activate their account.

Welcome email subject and message:

Enter the subject and message body to be sent to new users. The message can contain HTML and the same macros as the validation email.

Use email as username?

If checked, then new registrations will not be prompted for a user name, only an email. Their login will be their email.

Send email to admin for new registrations?

If checked, an email is sent to the admin contact for each new registration.

Redirection

Change url for wp-login.php

If checked, users will not be able to login through the normal wp-login.php page of WordPress. They will be redirected to the home page if they try to access that page.

New slug for login

Enter a unique slug or name here to allow access to the WordPress wp-login.php page, for example, secretlogin. This will then permit users or admin to login using the WodrPress login page by visiting the unique URL.

Redirect user after registration?
Redirect user after login?
Redirect user after logout?

Each of these options give you the chance to redirect a user after they have registered, logged in, or logged out of your site. If you will be placing login forms on specific pages with the [mgmc_userform] shortcode, then you probably don’t want to redirect user after login.

User Sharing

User sharing provides a way for you to authenticate user information on your site to other sites. This includes, but is not limited to other WordPress sites using the MGMC Membership control. The users email address is the common link between the sites.

Enter salt string to encrypt user id for sharing

The salt value is a random and secret value used to encrypt your users email addresses into a secxret key. Enter a string of at least 8 alphanumeric characters. This value is used internally. If you change this value, then secret user keys generated with the previous salt will be considered invalid.

Validation Client IP list (who can ask this site for validation)

In order for another web server or computer to validate a users secret key you must add it’s IP address here. Dynamic IP addresses or domain names are not supported. Separate IP addresses with a semicolon. Any IPs attempting to validate a secret user key will be rejected unless their IP is listed here.

The retrieval url shows what URL should be queried by the other web server to validate an account.

User Validation Server

Enter the URL for the server that will be used to authenticate user keys.  This indicates that the current WordPress server will be authenticating secret user keys against another WordPress server running MGMC.

For other wordpress sites to validate a user key, you must put the retrieval url from the main site here.

Example:

Setup demo.com as the main site, insuring you have a salt value and the IP address of the second server:

Xxx.xxx.xxx.xxx would be the IP address for our second site, demo2.com. The demo2.com site would be setup to use the indicated url:

User Sharing – How it works

Let’s say we have two sites: demo and demo2. Both have a registered user named ‘Bob’ with the same email addres. On demo, for logged-in users like Bob we want to provide links to the demo2 site that passes their user information. We would create a page similar to the following on the demo site:

[mgmc_usercontent]

Visit <a href="http://www.demo2.com/?mgmc_act=userkey&mgmc_userkey=[mgmc_userkey]">Demo2</a>

[/mgmc_usercontent]

The text appears within an mgmc_usercontent shortcode. This means that the content is only output if a user is logged in. the mgmc_act and mgmc_userkey arguments are specific to MG Membership Control.

The text contains a link to demo2, and includes two arguments: mgmc_act and mgmc_userkey. This tells another WordPress site with MG Membership Control installed to login using the passed user key. The shortcode mgmc_userkey is used to place the users shortcode in the url.

Note that any website can validate a user key. You can use the [mgmc_userkey] shortcode to pass the key to another website in a URL. That other site needs to be able to download the contents of a webpage from the main site, using the Retreival url indicated in your MG Membership control settings, with an extra mgmc_checkuserkey parameter. For example:

http://www.demo.com/?mgmc_checkuserkey=73cd0f475efed41bf5c20a3bbf1885bc

If the userkey passed back to the main demo site matches a user that is not disabled, then the response from the checkkey.php script will look like this:

OK: bob@bob.com

The calling site can then safely lookup a local user with the same email and assume valid authentication.

Failure messages returned from the page could include:

Disabled key

Missing key

Invalid