外掛說明

BigAmbitions Membership & Login Bridge for GlueUp is an independent integration tool designed for organizations using the GlueUp platform (formerly EventBank). It provides a secure, branded gateway that bridges your WordPress site with your GlueUp database, allowing members to log in using their GlueUp credentials.

This plugin is not affiliated with, endorsed by, or officially connected to GlueUp. It simply integrates with the publicly available GlueUp API.

Unlike standard login plugins, this bridge doesn’t just check passwords—it validates the user’s real-time membership status. It ensures that only members in good standing (Active, Soon-to-Expire, or in a Grace Period) can access your protected content.

Key Features:
* Real-time API Authentication: Authenticate members securely against the GlueUp API.
* Intelligent Membership Check: Automatically verify if a member is Active, Soon-to-Expire, or in a Grace Period before allowing access.
* Organization-First White-Labeling: Customize the login experience with your own company name.
* Seamless Profile Sync: Automatically synchronize user names and company details from GlueUp to WordPress.
* Security First: Built with CSRF protection, data sanitization, and compatibility with brute-force protection plugins.
* Developer Friendly: Simple shortcode integration [glueup_login_form] and a clean administration dashboard.

External services

This plugin connects to the GlueUp API to authenticate members and verify their membership status.

Authentication (Login)

When a user submits the login form, the plugin sends their email address and an MD5-hashed password to the GlueUp session endpoint to obtain an authentication token.
Endpoint: https://api.glueup.com/v2/user/session

Membership Verification

After authentication, the plugin sends the session token to the GlueUp membership endpoint to check whether the user has an active membership.
Endpoint: https://api.glueup.com/v2/membership/activeApplicationList

Data transmitted

User email address (on login)
MD5-hashed user password (on login)
Session token (on membership verification)
API public and private keys (as HMAC authentication headers)

This data is only sent when a user actively submits the login form. No data is sent passively or on page load.

Service provider

These services are provided by GlueUp (https://www.glueup.com).
* Terms of Use: https://www.glueup.com/terms
* Privacy Policy: https://www.glueup.com/privacy

安裝方式

Upload the plugin files to the /wp-content/plugins/bigambitions-glueup-bridge directory.
Activate the plugin through the ‘Plugins’ screen in WordPress.
Configure your API Keys and Organization name under ‘BA Membership Bridge’ in the WordPress admin menu.
Add the shortcode [glueup_login_form] to any page.

常見問題集

Is this an official GlueUp plugin?: No. This is an independent integration bridge developed by Big Ambitions. It is not affiliated with, endorsed by, or officially connected to GlueUp. It works with the publicly available GlueUp API.
Can I use this for free members?: Yes, as long as they have a record in your GlueUp database with an allowed status.

使用者評論

這個外掛目前沒有任何使用者評論。

參與者及開發者

以下人員參與了開源軟體〈BigAmbitions Membership & Login Bridge for GlueUp〉的開發相關工作。

divemasterza

將〈BigAmbitions Membership & Login Bridge for GlueUp〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣？

任何人均可瀏覽程式碼、查看 SVN 存放庫，或透過 RSS 訂閱開發記錄。

變更記錄

1.1.1

Bug Fix: Resolved login redirect loop on sites where other plugins (e.g. Elementor) output content before the login shortcode executes. Moved wp_signon() to the init hook so the auth cookie is set before any HTML is sent.
Added optional debug logging toggle in plugin settings to aid troubleshooting.

1.1.0

Security Hardening: Replaced manual login flow with WordPress core authenticate filter.
Account Protection: Blocked bridge login for privileged accounts (Admin/Editor) to prevent takeover.
Menu Hierarchy: Moved settings page under the standard ‘Settings’ menu.
Redirect Fix: Site lockdown redirect is now opt-in via a settings toggle (off by default).
Updated Author and Plugin URIs.

1.0.0

Initial public release.
Enforced trademark-compliant naming for WordPress.org directory.
Implemented secure script enqueuing via wp_add_inline_script().
Added strict membership status sanitization.
Full disclosure of external GlueUp API services.