June 21, 2017: Improved support for automatically showing required form if no required message is specified.
March 2, 2017: Updated submitted forms cookie to be persistent by default. Added new "is_persistent" option to disable this.
March 1, 2017: Added support for "gwsa_requires_submission_redirect" option to allow automatically redirecting to a specific page if the user requires access.
March 23, 2016: Added support for requiring a form to be submitted before any page can be accessed. Added support for storing submitted forms in user meta.
March 3, 2015: Added support for shortcodes in "gwsa_requires_submission_message" custom field. Fixed issue where json_decode() did not return an array.
| <?php | |
| /** | |
| * Gravity Wiz // Gravity Forms // Submit to Access | |
| * | |
| * Require that a form be submitted before a post or page can be accessed. | |
| * | |
| * @version 1.7 | |
| * @author David Smith <david@gravitywiz.com> | |
| * @license GPL-2.0+ | |
| * @link https://gravitywiz.com/submit-gravity-form-access-content/ | |
| * | |
| * ### WordPress Plugin Headers ### | |
| * | |
| * Plugin Name: Gravity Forms Submit to Access | |
| * Plugin URI: https://gravitywiz.com/submit-gravity-form-access-content/ | |
| * Description: Require that a form be submitted before a post or page can be accessed. | |
| * Author: Gravity Wiz | |
| * Version: 1.7 | |
| * Author URI: http://gravitywiz.com | |
| */ | |
| class GW_Submit_Access { | |
| public function __construct( $args = array() ) { | |
| // set our default arguments, parse against the provided arguments, and store for use throughout the class | |
| $this->_args = wp_parse_args( $args, array( | |
| 'requires_submission_message' => __( 'Oops! You do not have access to this page.' ), | |
| 'bypass_cache' => false, | |
| 'loading_message' => '', // set later so we can use GFCommon to get URL to GF spinner, | |
| 'enable_user_meta' => false, | |
| 'is_persistent' => true, | |
| ) ); | |
| // do version check in the init to make sure if GF is going to be loaded, it is already loaded | |
| add_action( 'init', array( $this, 'init' ) ); | |
| } | |
| public function init() { | |
| // make sure we're running the required minimum version of Gravity Forms | |
| if( ! property_exists( 'GFCommon', 'version' ) || ! version_compare( GFCommon::$version, '1.8', '>=' ) ) { | |
| return; | |
| } | |
| // setting later so we can use GFCommon::get_base_url() to get GF's spinner URL | |
| if( empty( $this->_args['loading_message'] ) ) { | |
| $this->_args['loading_message'] = '<span class="gwsa-loading">Loading content... <img src="' . GFCommon::get_base_url() . '/images/spinner.gif" /></span>'; | |
| } | |
| add_action( 'wp', array( $this, 'check_global_requirements' ), 5 ); | |
| add_action( 'admin_init', array( $this, 'check_global_requirements' ), 5 ); | |
| add_action( 'wp', array( $this, 'check_for_access_redirect' ) ); | |
| add_action( 'gform_pre_submission', array( $this, 'add_submitted_form' ) ); | |
| add_filter( 'the_content', array( $this, 'maybe_hide_the_content' ) ); | |
| add_action( 'wp_ajax_gwas_get_content', array( $this, 'ajax_get_content' ) ); | |
| add_action( 'wp_ajax_nopriv_gwas_get_content', array( $this, 'ajax_get_content' ) ); | |
| add_shortcode( 'gwsa', array( $this, 'do_gwsa_shortcoee' ) ); | |
| } | |
| public function check_global_requirements() { | |
| if( current_user_can( 'administrator' ) && is_admin() ) { | |
| return; | |
| } | |
| $global_posts = $this->get_global_posts(); | |
| if( empty( $global_posts ) ) { | |
| return; | |
| } | |
| // if we're already on a global post, don't do anything | |
| $object = get_queried_object(); | |
| if( is_a( $object, 'WP_Post' ) && in_array( $object->ID, wp_list_pluck( $global_posts, 'ID' ) ) ) { | |
| return; | |
| } | |
| foreach( $global_posts as $global_post ) { | |
| if( ! $this->has_access( $global_post->ID ) ) { | |
| wp_redirect( get_permalink( $global_post ) ); | |
| exit; | |
| } | |
| } | |
| } | |
| public function get_global_posts() { | |
| $query = array( | |
| 'post_type' => 'any', | |
| 'meta_query' => array( | |
| 'relation' => 'or', | |
| array( | |
| 'key' => 'gwsa_require_submission', | |
| 'value' => 'global' | |
| ), | |
| ), | |
| ); | |
| if( is_user_logged_in() ) { | |
| $query['meta_query'][] = array( | |
| 'key' => 'gwsa_require_submission', | |
| 'value' => 'global_logged_in' | |
| ); | |
| } | |
| $query = apply_filters( 'gfsa_get_global_posts_query', $query ); | |
| $global_posts = get_posts( $query ); | |
| return $global_posts; | |
| } | |
| public function check_for_access_redirect() { | |
| global $post; | |
| if( is_admin() ) { | |
| return; | |
| } | |
| if( ! $post || ! $this->requires_access( $post->ID ) || $this->has_access( $post->ID ) ) { | |
| return; | |
| } | |
| $url = $this->get_requires_submission_redirect( $post->ID ); | |
| if( $url ) { | |
| wp_redirect( $url ); | |
| exit; | |
| } | |
| } | |
| public function maybe_hide_the_content( $content ) { | |
| global $post; | |
| if( ! $this->requires_access( $post->ID ) ) { | |
| return $content; | |
| } | |
| if( $this->_args['bypass_cache'] ) { | |
| $content = $this->cache_bypass_content( $content ); | |
| } else if( ! $this->has_access( $post->ID ) ) { | |
| $content = $this->get_requires_submission_message( $post->ID ); | |
| } | |
| return $content; | |
| } | |
| function cache_bypass_content( $content ) { | |
| global $post; | |
| ob_start(); | |
| ?> | |
| <div id="gwsa-content"> | |
| <?php echo $this->_args['loading_message']; ?> | |
| </div> | |
| <script type="text/javascript"> | |
| var ajaxUrl = '<?php echo admin_url( 'admin-ajax.php' ); ?>'; | |
| ( function( $ ) { | |
| $.post( ajaxUrl, { | |
| action: 'gwas_get_content', | |
| post: <?php echo $post->ID; ?>, | |
| }, function( response ) { | |
| $( '#gwsa-content' ).html( response ); | |
| } ); | |
| } )( jQuery ); | |
| </script> | |
| <?php | |
| return ob_get_clean(); | |
| } | |
| function ajax_get_content() { | |
| $post_id = rgpost( 'post' ); | |
| if( $this->has_access( $post_id ) ) { | |
| $post = get_post( $post_id ); | |
| $GLOBALS['post'] = get_post( $post_id ); | |
| setup_postdata( $post ); | |
| remove_filter( 'the_content', array( $this, 'maybe_hide_the_content' ) ); | |
| // use the_content() so we get the content exactly as WP would have originally displayed it | |
| ob_start(); | |
| the_content(); | |
| $content = ob_get_clean(); | |
| } else { | |
| $content = $this->get_requires_submission_message( $post_id ); | |
| } | |
| die( $content ); | |
| } | |
| function get_requires_submission_message( $post_id ) { | |
| $requires_submission_message = get_post_meta( $post_id, 'gwsa_requires_submission_message', true ); | |
| $contains_form_merge_tag = strpos( $requires_submission_message, '{form}' ) !== false; | |
| if( ! $requires_submission_message || $contains_form_merge_tag ) { | |
| $form_ids = $this->get_form_ids( $post_id ); | |
| if( ! empty( $form_ids ) ) { | |
| ob_start(); | |
| $form = GFAPI::get_form( $form_ids[0] ); | |
| require_once( GFCommon::get_base_path() . '/form_display.php' ); | |
| GFFormDisplay::print_form_scripts( $form, true ); | |
| gravity_form( $form_ids[0], false, false, false, array(), $this->_args['bypass_cache'] ); | |
| $form_markup = ob_get_clean(); | |
| $requires_submission_message = $contains_form_merge_tag ? str_replace( '{form}', $form_markup, $requires_submission_message ) : $form_markup; | |
| // Replace form's action URL. | |
| if( defined( 'DOING_AJAX' ) && DOING_AJAX ) { | |
| $search = remove_query_arg( 'gf_token' ); | |
| $replace = get_permalink( rgpost( 'post' ) ); | |
| // get_permalink() defaults to whatever protocol the site url is configured for; we need to be sure | |
| // if the form is being loaded on an https page, that our action url is also https. | |
| if( is_ssl() ) { | |
| $replace = str_replace( 'http://', 'https://', $replace ); | |
| } | |
| $requires_submission_message = str_replace( $search, $replace, $requires_submission_message ); | |
| } | |
| } | |
| } | |
| if( ! $requires_submission_message ) { | |
| $requires_submission_message = $this->_args['requires_submission_message']; | |
| } | |
| return do_shortcode( $requires_submission_message ); | |
| } | |
| function get_requires_submission_redirect( $post_id ) { | |
| return get_post_meta( $post_id, 'gwsa_requires_submission_redirect', true ); | |
| } | |
| function has_access( $post_id ) { | |
| if( ! $this->requires_access( $post_id ) ) { | |
| return true; | |
| } | |
| $form_ids = $this->get_form_ids( $post_id ); | |
| $submitted_forms = $this->get_submitted_forms(); | |
| // if not form-specific and at least one form is submitted, user has access | |
| if( empty( $form_ids ) && ! empty( $submitted_forms ) ) { | |
| return true; | |
| } | |
| // has specifically required form been submitted? | |
| $matching_form_ids = array_intersect( $form_ids, $submitted_forms ); | |
| if( ! empty( $matching_form_ids ) ) { | |
| return true; | |
| } | |
| return false; | |
| } | |
| function requires_access( $post_id ) { | |
| return get_post_meta( $post_id, 'gwsa_require_submission', true ) == true; | |
| } | |
| function get_submitted_forms() { | |
| // always check the cookie first; will allow user meta vs cookie to be set per page in the future | |
| $submitted_forms = (array) json_decode( stripslashes( rgar( $_COOKIE, 'gwsa_submitted_forms' ) ) ); | |
| // if user meta is enabled, merge forms stored there as well | |
| if( $this->_args['enable_user_meta'] ) { | |
| $user_meta_forms = (array) wp_get_current_user()->get( 'gwsa_submitted_forms' ); | |
| $submitted_forms = array_merge( $submitted_forms, $user_meta_forms ); | |
| } | |
| return array_filter( $submitted_forms ); | |
| } | |
| function add_submitted_form( $form ) { | |
| $submitted_forms = $this->get_submitted_forms(); | |
| $form_id = $form['id']; | |
| if( ! in_array( $form_id, $submitted_forms ) && ! headers_sent() ) { | |
| $submitted_forms[] = $form_id; | |
| if( $this->_args['enable_user_meta'] && is_user_logged_in() ) { | |
| update_user_meta( get_current_user_id(), 'gwsa_submitted_forms', $submitted_forms ); | |
| } else { | |
| $expiration = $this->_args['is_persistent'] ? strtotime( '+1 year' ) : null; | |
| setcookie( 'gwsa_submitted_forms', json_encode( $submitted_forms ), $expiration, '/' ); | |
| } | |
| } | |
| } | |
| function get_form_ids( $post_id ) { | |
| return array_filter( array_map( 'trim', explode( ',', get_post_meta( $post_id, 'gwsa_form_ids', true ) ) ) ); | |
| } | |
| } | |
| # Configuration | |
| new GW_Submit_Access(); |
You have a post or page you’d like to protect but you don’t want to require the user to sign up for a user account and you just don’t need a full-blown membership system. All you want to do is collect a few details about the user for your mailing list or CRM.
This plugin provides an easy way to accomplish this. Any post-based content (that includes pages and custom post types) that support custom fields can be locked down. You set a few special custom fields and the Gravity Forms Submit to Access plugin takes care of the rest.
Getting Started
Check requirements
- Make sure you have Gravity Forms installed and activated.
- Already have a license? Download Latest Gravity Forms
- Need a license? Buy Gravity Forms
- Make sure you have Gravity Forms installed and activated.
Install the plugin
- Click the “Download Code” button above and save the file to your Desktop.
- Drop the file into your WordPress plugins folder via FTP – or – zip the file up and upload it via WordPress plugin uploader.
Configure the plugin
- Read on for step-by-step instructions
Locking Down a Page
- Navigate to the Edit screen for any post, page, or any custom post type.
- Enable “Custom Fields” via the “Screen Options” at the top of the page. There is a good chance they are already enabled.
- Add a custom field named gwsa_require_submission with a value of
1.
- Add a custom field named gwsa_form_ids and set the value to the ID of whichever form the user should submit to gain access to this page.
That’s it! For a complete list of the available options, read on.
Custom Field Options
gwsa_require_submission (int) (required)
Add this custom field with a value of
1to require a Gravity Form to be submitted to gain access.gwsa_form_ids (bool) (optional)
Add this custom field and set the value to the ID of the form which must be submitted to gain access to this page. If there are multiple forms that can be submitted to gain access, you may include them as a comma-delimited list (i.e.
1,2,3). If any form can be submitted to gain access to this page, do not add this custom field option.gwsa_requires_submission_message (string) (optional)
Override the default message that is displayed when the user does not have access to view the content of this page.
gwsa_requires_submission_redirect (string) (optional)
Provide a URL to which the user will be redirected if they do not have access to view the content of this page.
Global Parameters
requires_submission_message (string) (optional)
Define the default message that is displayed if the user does not have access to the content. This value will be overridden if a post-specific message is set via the gwsa_requires_submission_message custom field option. Defaults to
'Oops! You do not have access to this page.'.bypass_cache (bool) (optional)
Enabling this option will allow the script to bypass any page/cookie caching by fetching the post content via AJAX. Defaults to
false.loading_message (array) (optional)
If bypass_cache is enabled, this option allows you to control the loading message which is visible while the post content is being fetched via AJAX.
is_persistent (bool) (optional)
The cookie that stores which forms have been submitted for the visitor is persistent by default. Set this to
falseto make the cookie session-based.enable_user_meta (bool) (optional)
Set this to
trueto save submitted forms in the user meta rather than a cookie. Only works for logged-in users.
Any questions?
This is a bare bones plugin. It uses WordPress’ custom fields UI to handle setting the options and advanced configuration should happen in the plugin.
If this proves to be a popular resource, I’ll be happy to enhance it to be even easier to use.
Did this resource help you do something awesome with Gravity Forms? Then you'll absolutely love Gravity Perks; a suite of 31+ essential add-ons for Gravity Forms with support you can count on.
Hi there, Thank you for posting this plugin.
I have a few questions: 1-Should the Gravity form be redirecting to itself, so it shows the gated content? If not, what’s the recommended settings in the form itself?
2-I noticed that I made the page “private” as soon as I saved it the CF fields. As a result, users not logged in can’t access the page anymore (they get a 404. Not even able to see the form)
3-Making the page public seems to have fixed the issue. Howeever, after submitting the form it won’t show the gated content at all. Have I missed anything?
It’s hosted on Pantheon (with Redis caching). I’m using bypass_cache=true, gwsa_require_submission=1, is_persistent=true.
Thank you so much.
Hello Diego, 1) gwsa_requires_submission_redirect is a completely optional string, so this would be up to you if you want to use it.
2) The main page will be locked and require a secondary form to gain access to the page. Add a custom field named gwsa_form_ids and set the value to the ID of whichever form the user should submit to gain access to this page. 3) You will need a way for users to access the page, so make sure the second form the user will submit to gain access to the page is set up correctly.
Hi Ryan: Thank you for the prompt response of my last request. I do have one other question. I am getting an error that my form page is not secure. Would this be due to me not employing a Captcha? If I use Captcha validation on the form (put the functionality on the form page), would this make the page secure? Or do I need to do something else? Thank you again. Kevin
Hello, That is a strange error. Could you link the page in question? Is this a pop up error or is this happening on the backend? Let us know.
Hi Ryan: http://avenuecx.com/whitepaper/ We have our site configured for HTTPS, but for some reason the form is not being recognized as secure.
Hi, I do see that https://avenuecx.com/whitepaper/ is active but the link you sent is with HTTP access which is not secure. I think the main site is still configured to use the HTTP URL. Have you configured your site to only use HTTPS access? I would make sure your site is properly redirecting to HTTPS as that seems to be the issue.
I am trying to use this functionality. Currently, I am developing the pages. Quick question: I noticed that if I have the actual link to the download (PDF) that I can access it regardless if I fill out the form or not. Is it possible to make it so that the user can’t put in the hard link to the PDF file and access the PDF? (I don’t want them sharing out the PDF) link on social, without filling out the form.) Kevin
Hello, Thanks for writing in. Sadly, we do not have a direct way of accomplishing this. If you wish to block a URL as well as block a file, you could use a membership plugin to completely limit who and what is seen by each user or you could use another plugin that specifically blocks only uploads.
Wpengine support chat needs to do that, and they’re asking what to exclude.
They are used to excluding pages. What do I tell them exactly?
I couldn’t get this to work. Maybe because I’m on Wp Engine?
No matter what, after submission of form on page 1, followed by redirection to second page, shows the no access message.
Hey Adam, This may be caused by WP Engine cacheing the forms. Could you please exclude your forms from the cache and see if this resolves your issue? Thanks! 😃
Hello Andy,
The “is_persistent” is a global parameter and needs to be set in the plugin file.
new GW_Submit_Access( array( ‘is_persistent’ => false ) )
Let us know if you have any other questions. :)
Hello David,
Nice tutorial, I want to ask if there is a way to set these values globally for specific Custom Post Type so there is no need to manually add all these fields on every new post.
Thanks, Dragan
Hi Dragan, you could use Advanced Custom Fields to manage your custom fields. With it you can bind custom fields to specific custom post types, and you can even set default values for those fields.
Hi again, sorry for the spamming!
Quick update on my previous question.
On closer inspection of the cookie via Chrome inspect, the cookie remains set to persistent, even when I try to over-ride it via the custom fields.
The only way i was able to make it session-based was to edit the plugin php file directly, by setting the default of “is_persistent” to false. This is fine, however I’m assuming this will just be overwritten again if I ever update the plugin.
Would there be any reason why the custom fields wouldn’t be overwriting the default option?
Hi there,
For my set up I am looking for the user to enter their details every-time they access a page (once per session)
I have set “is_persistent” to “true”, however when I close browser, and open page back up again, the form doesn’t show.
It only resets when I manually clear my cookies.
Any ideas?
sorry, I meant to say I’ve set it to “false”
I’d like to be able to put the form on one page and once it’s filled out take you to the page but still keep access limited to only users who fill out the form?
Hi Kemberle,
You can set the confirmation page for the form to the page you’re limiting access to.
I’ve tried to install this plugin and it fails. Is there an updated version of this plugin?
Are you getting a specific error message?
Hi,
Thank you so much for this useful article ! I was able to integrate it on my wesbite without any issue ;-).
I noticed that after a first completion of the form, if the user clear his browser’s cache, he has to complete the form again to obtain the access to the protected page. Is it possible to make it permanent so that even if the user clear his browser’s cache, he still keep his access ?
Thanks !
Hi Joe, if the user is logged-in this would be possible by enabling the “enable_user_meta” option.
Hello David,
Thank you for your answer ;-) ! Yes, I already tried that but when the logged user clears his cache/cookies and then refresh the page (or login again), he still has to fill the form again… The custom fields I used are : gwsa_form_ids | gwsa_require_submission | gwsa_requires_submission_message| enable_user_meta. What did I miss, please ? Thanks for your help !
Hi Joe, the “enable_user_meta” is a global parameter and needs to be set in the plugin file.
new GW_Submit_Access( array( 'enable_user_meta' => true ) );Thank you David (^_~) ! I didn’t know the global parameters need to be in the plugin file. However as i’m not a developer, I’m already lost. In which PHP file and where exactly I have to copy/paste your code, please ? Thanks again David !
We don’t have a great recommendation for editing plugin files other than via FTP. You can use the Plugin Editor in WordPress but you run the risk of making a typo and breaking your site. It’s much easier to undo mistakes like that when working via FTP.
I understand. I’m so sorry for my bad english David, because I misformulated my question… Actually, please allow me to rephrase : Which *.php file from gravityforms plugin’s folder do I have to edit ? And in this php file, where do I have to insert your code, please ? Thank you ;-)
Hi Joe, it would be the plugin file you downloaded from our site here (not Gravity Forms itself). Look for
gw-gravity-forms-submit-to-accessin your /wp-content/plugins/ folder. Hope that helps. 🙂Hi David, it’s done and working like a charm 🙂! I wanted to deeply thank you for your incredible help which allow me to make it work ! That was so important for my website and I’m really happy that your plugin could achieve exactly what I needed for my community. Big thank you David 🙂 !
Glad to help, Joe. 😄
Hi, i have 2 form in 2 page:
the first page “pay” with a credit card payment and the second page “mod” (hidden from the cookie) with another form
if the user pay can access to second page
now, after the second submission (page mod) how i can remove the cookie for return to lock the page and redirect to pay?
tnx and sorry for my english
Hi Domenico, you would need to modify the value stored in the
gwsa_submitted_formscookie to remove the form ID that you would like to require to be resubmitted.Hi… I love how this is supposed to work and it seems half-way there.
But as soon as I set the custom field “gwsa_require_submission” on a post, it breaks all jQuery on the page with a handful of console errors: Uncaught ReferenceError: jQuery is not defined
I see a comment before where Sam said: “was also somehow dequeuing jquery.js and jquery-migrate.min.js from WordPress /wp-includes, so I had to re-queue those both in to the plugin code.”
But I can’t seem to get those scripts queued again despite trying to add them in a few places on the init() function.
Any ideas?
Hi Keenan, I’m not able to recreate any issues with jQuery or jQuery migrate. If you check out the demo you can see that this working as expected on a basic WordPress installation. There isn’t much more we can offer pro bono; however, if you’re an Advanced or Pro Gravity Perks user, we’d be happy to dig into your specific configuration via support.
Hey David, no worries! I was able to get a version of it working after playing with it. Not as full featured as the demo, but working for what I needed. Thanks for getting back!
Glad to hear it, Keenan. 🙂