Problems adding licens to plugin about wp-update-server HOT 10 CLOSED

All right, here's an example that should work:

class SecureUpdateServer extends Wpup_UpdateServer {
    protected function filterMetadata($meta, $request) {
        $meta = parent::filterMetadata($meta, $request);

        $licenseKey = $request->param('license_key');

        //Only include the download URL if the license is valid.
        if ( $licenseKey && $this->isValidLicense($licenseKey) ) {
            //Append the license key or to the download URL.
            $args = array('license_key' => $licenseKey);
            $meta['download_url'] = self::addQueryArg($args, $meta['download_url']);
        } else {
            //No license = no download link.
            unset($meta['download_url']);
        }

        return $meta;
    }

    protected function checkAuthorization($request) {
        parent::checkAuthorization($request);

        //Prevent download if the user doesn't have a valid license.
        $licenseKey = $request->param('license_key');
        if ( $request->action === 'download' && ! ($licenseKey && $this->isValidLicense($licenseKey)) ) {
            if ( empty($licenseKey) ) {
                $message = 'You must provide a license key to download this plugin.';
            } else {
                $message = 'Sorry, your license is not valid.';
            }
            $this->exitWithError($message, 403);
        }
    }

    protected function isValidLicense($licenseKey) {
        return ($licenseKey === 'totallyvalid');
    }
}

This example only shows the download link when the update request includes a &license_key=totallyvalid parameter. When someone tries to download an update, it only allows the download if the download link also includes the same query parameter.

from wp-update-server.

Check the PHP error log, it might have more information about the error. If it doesn't, see if there's anything in the web server's own error log.

from wp-update-server.

PHP Warning: Missing argument 1 for SecureUpdateServer::__construct(), called in /var/www/mysite.com/htdocs/index.php on line 3 and defined in /var/www/mysite.com/htdocs/includes/SecureUpdateServer.php on line 5

from wp-update-server.

The SecureUpdateServer class in that post is just an example. It's not a complete solution, and it is not intended to be used as-is; it won't work.

If you need to extend the Wpup_UpdateServer class, you can use the example code as a guideline, but you'll have to write your own implementation.

from wp-update-server.

Is there a possibility you can make a simple example that works ?

from wp-update-server.

Why do we have to check the license at two places? checkAuthorization and filterMetadata.
Isn't it enough to check in filterMetadata?

from wp-update-server.

I check in two places because I want to show update notifications to all users, even those who don't have a license key or whose key has expired. If you don't need that, you could check only in checkAuthorization and reject any request that doesn't include a valid key.

from wp-update-server.

Thanks for the quick reply.
Since we want to show update notifications to every one, can we not skip checkAuthorization?
filterMetadata already takes care of restricting the updates to users without a valid license, I don't see the purpose of checkAuthorization. What am I missing?

from wp-update-server.

filterMetadata already takes care of restricting the updates to users without a valid license [...]

Not quite. If you skip checkAuthorization, anyone who knows how the update server works will be able to download any update by easily guessing the download URL. All download URLs have the same general structure:
https://example.com/update-server/?action=download&slug=plugin-slug

Even if you don't show the user the URL, they can figure it out based on this.

from wp-update-server.

Makes sense. Thanks a lot.
My update server is finally working as expected :)

from wp-update-server.