WooCommerce Plugin and Extensions

WooCommerce is available for free in the WordPress.org repository. The core plugin has everything needed to define products and prices and accept payment through PayPal. The Stripe Payment Gateway extension was recently made available for free and is the most popular way to accept credit cards directly on your site for WooCommerce, but extensions are available for just about any payment gateway you would want to use.

WooCommerce has dozens of free and paid extensions to enhance the core plugin, integrate with third party marketing services, introduce new product types, integrate with shipping services, or improve the store management. Two of the most popular extensions, WooCommerce Subscriptions and WooCommerce Memberships, allow you to collect recurring payments and restrict content based on membership levels respectively. The Paid Memberships Pro plugin covered below is streamlined for that exact use case, but if you are using WooCommerce already or need another feature handled well by WooCommerce, those extensions are a good way to go.

Customizing WooCommerce Through Hooks

WooCommerce (like any good WordPress plugin) has an incredible number of action and filter hooks to use to customize how the plugin is working on your site. You can find their full action and filter hooks reference online here.

Below, we will go through some examples to give you an idea of what’s possible using a few typical WooCommerce hooks.

Setting a Sitewide Sale

There are plugins you can use to set a sitewide sale for your WooCommerce store, but since you’re an awesome developer, you might like to do it yourself through custom code. The code below will apply a 10% sale to any product that doesn’t already have a sale price.

// Set sale price to 10% of regular price if not already on sale
function my_get_sale_price($sale_price, $product) {
	if(empty($sale_price)) {
		$sale_price = $product->get_regular_price() * .9;
    $product->set_price($sale_price);
	}

	return $sale_price;
}
add_filter('woocommerce_product_get_sale_price', 'my_get_sale_price', 10, 2);
add_filter('woocommerce_product_variation_get_sale_price',
  'my_get_sale_price', 10, 2);

WooCommerce products have both a “regular” price and a “sale” price. The final calculated price is just called “price”. The hook to set the sale price is woocommerce_product_get_sale_price, however we have to use the woocommerce_product_get_variation_sale_price hook as well to handle products with variations (e.g. Small, Medium, Large T-Shirts).

Note also the line where we call $product->set_price($sale_price). The calculated price isn’t updated automatically after the sale price is returned from this call back, so we have to do it manually. The $product parameter is passed into the callback by reference; updating the product object here updates it outside of the filter as well.

Autocompleting Orders

By default, when a new order is created at checkout, the order is put into “pending” status. A site admin then needs to process the order. For typically shipped goods, process means putting the order items into a box and shipping it out. Once that is done, the order is placed into “completed” status.

For virtual goods, you might want to automatically move the items into “completed” status. Besides saving you a click, many WooCommerce plugins fire when an order goes into completed status. The sooner an order goes into completed status, the sooner those plugins can send their emails, hit their APIs, or whatever else they are doing. The following code will loop through the cart items after checkout and automatically mark the order as completed if all of the items in the cart are virtual.

function autocomplete_virtual_orders($order_id) {
	//get the existing order
	$order = new WC_Order($order_id);

	//assume we will autocomplete
	$autocomplete = true;

	//get line items
	if (count( $order->get_items() ) > 0) {
		foreach ($order->get_items() as $item) {
			if($item['type'] == 'line_item') {
				$_product = $order->get_product_from_item( $item );
				if(!$_product->is_virtual()) {
					//found a non-virtual product in the cart
					$autocomplete = false;
					break;
				}
			}
		}
	}

	//change status if needed
	if(!empty($autocomplete)) {
		$order->update_status('completed', 'Autocompleted.');
	}
}
add_filter('woocommerce_thankyou', 'autocomplete_virtual_orders');

EDD Code Examples

Below are a couple code examples showing how to use the EDD functions and hooks in your larger WordPress app.

Check if a user has purchased a specific download

The edd_has_purchased() function can be used to check if a user has purchased a specific EDD download. If you are using EDD to sell downloads on your site already, this function can be used to restrict access to other WordPress pages or features of your app.

//Restrict access to a page if a user hasn't purchased a specific download yet
function my_template_redirect_check_edd()
{
	global $current_user;

	//Set to slug of page to protect.
	$protected_page_slug = 'customers-only';

	//Set to ID of download to check for.
	$required_download_id = 184;

	//Only protecting one specific page.
	if(!is_page($protected_page_slug))
		return;

	//Redirect if no user or missing purchase.
	if(!is_user_logged_in() ||
		!edd_has_user_purchased($current_user->ID, $required_download_id)) {
		wp_redirect(get_permalink($required_download_id));
		exit;
	}
}
add_action('template_redirect', 'my_template_redirect_check_edd');

In the example above, we use the template_redirect hook in WordPress. If users haven’t purchased the download we are checking for, they are redirected to the frontend page for that download. This is a good way to block access to an entire page. That page could contain content or could contain a shortcode for a contact form or any kind of WordPress content you want to keep non-customers from accessing.

You could do a similar check as a wrapper around any of your PHP code. If you do this often, it would help to abstract the edd_has_user_purchased() check into another function. The following examples includes a helper function to check if a user has purchased a specific download and then uses that function to add a support link to the primary menu.

//Helper function to check if a user is a plugin customer
function is_plugin_customer($user_id = null)
{
	$plugin_download_id = 184;	//update this

	//default to current user
	if(empty($user_id))
	{
		global $current_user;
		$user_id = $current_user->ID;
	}

	return edd_has_user_purchased($user_id, $plugin_download_id);
}

//Add a support link to primary menu for users who purchased
function add_support_link_to_menu($items, $args)
{
	if($args->theme_location == 'primary' && is_plugin_customer())
	{
		$items .= '<li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-support">';
		$items .= '<a href="/support/">Support</a>';
		$items .= '</li>';
	}

	return $items;
}
add_filter('wp_nav_menu_items', 'add_support_link_to_menu', 10, 2);

The is_plugin_customer() function applies a handy trick with the $user_id parameter. You can pass a specific $user_id to check or optionally leave the parameter blank and the function will default to the current user’s ID. The plugin’s download ID (the post ID when editing that download in the dashboard) is hardcoded into the function and used in the edd_has_user_purchased() call that is returned.

The last bit of code uses the wp_nav_menu_items filter to add an additional link to the support page if the user is a plugin customer.

Let’s cover some genreal ecommerce concepts below before diving into more examples on how to setup a SaaS with WordPress.

Lock down a specific page

Paid Memberships Pro adds a Require Membership box to the sidebar of the edit post and edit page pages in the WordPress dashboard. An example of the Require Membership box is shown in Figure 14-8. To lock down a page for a certain membership level, check the box next to that level.

If more than one level is checked, members of either level will be able to view that page. If no levels are checked, anyone (including nonusers) will be able to view that page.

Figure 14-8. Check which levels are required to view this page

Lock down a page by URL

Sometimes it may be easier to restrict access to a page or group of pages by checking the page’s URL. For example, to keep nonmembers out of certain BuddyPress groups, you could add the following code to a custom plugin:

//lock down our members group
function my_buddy_press_members_group()
{
  $uri = $_SERVER['REQUEST_URI'];
	if(strtolower(substr($uri, 0, 16)) == "/groups/members/")
	{
		//make sure they are a member
		if(!pmpro_hasMembershipLevel())
		{
			wp_redirect(pmpro_url("levels"));
			exit;
		}
	}
}
add_action("init", "my_buddy_press_members_group");

The workhorse here is the pmpro_hasMembershipLevel() function. This function can take two parameters. The first is the ID or name of a membership level to check for. The second parameter is the user ID of the user you want to check. If no parameters are set, the function will check if the current user has any membership level.

You can also do negative checks by passing, for example, “-1” as the level ID. pmpro_hasMembershipLevel(-1) will return true if the current user doesn’t have level 1. If you pass a zero specifically, the function will check that the user has no level at all. So pmpro_hasMembershipLevel(0) will return true if the current user does not have a membership level. (You could also do !pmpro_hasMembershipLevel().)

Multiple level IDs and names can be passed in an array. For example, to check for members with level 1 or 2, use this code:

if(pmpro_hasMembershipLevel(array(1,2)))
{
    //do something for level 1 and 2 members here
}

Lock down a portion of a page by shortcode

Another way to restrict access to content is to use shortcodes in your post body content. The following is an example of some page content that will show different messages to different membership levels:

Welcome to SchoolPress!

[membership level="1"]Thanks for your continuing membership.[/membership]

[membership level="-1"]Sign up your school now![/membership]

The [membership] shortcode is fairly simple. It takes one parameter level that, similar to the parameter for the pmpro_hasMembershipLevel() function, can take a level ID, name, or a zero or negative level ID. Any content within the shortcode will be shown based on the stated level. Multiple level IDs can be passed separated by commas.

Lock down a portion of a page by PHP code using the pmpro_hasMembershipLevel() function

When locking down the BuddyPress members group, we used the pmpro_hasMembershipLevel() function. You can also use this function within your page templates or other code to restrict access to content or portions of code. For example, you might find code like this in your header:

<?php if(is_user_logged_in()) { ?>
<div class="user-welcome">
  Welcome
  <?php if(function_exists("pmpro_hasMembershipLevel")
    && pmpro_hasMembershipLevel()) { ?>
	<a href="<?php echo pmpro_url("account"); ?>">
    <?php echo $current_user->display_name;?>
    </a>
  <?php } else { ?>
	<a href="<?php echo home_url("/wp-admin/profile.php"); ?>">
    <?php echo $current_user->display_name;?>
    </a>
  <?php } ?>
</div> <!-- end user-welcome -->
<?php } ?>

The preceding code will show members a link to the PMPro account page. Users without a membership level are shown a link to their WP profile page.

Restricting nonmembers to the homepage

By default, Paid Memberships Pro does not lock down any part of your site unless you specifically tell it to. For some sites, you will want very limited public access (just the sales, about, and contact pages). You can do this by redirecting nonmembers away from any nonapproved page. Use the following code:

function my_template_redirect()
{
	$okay_pages = array(
        pmpro_getOption('billing_page_id'),
        pmpro_getOption('account_page_id'),
        pmpro_getOption('levels_page_id'),
        pmpro_getOption('checkout_page_id'),
        pmpro_getOption('confirmation_page_id')
    );

	//if the user doesn't have a membership, send them home
	if(!is_user_logged_in()
		&& !is_home()
		&& !is_page($okay_pages)
		&& !strpos($_SERVER['REQUEST_URI'], "login"))
	{
	    wp_redirect(home_url('wp-login.php?redirect_to='.
            urlencode($_SERVER['REQUEST_URI'])));
	}
	elseif(is_page()
			&& !is_home()
			&& !is_page($okay_pages)
			&& !pmpro_hasMembershipLevel()
	{
		wp_redirect(home_url());
	}
}
add_action('template_redirect', 'my_template_redirect');

In the preceding code, we set up an array of post IDs for pages that nonmembers should be able to see. We use the pmpro_getOption() function to get the IDs of the pages generated by PMPro and also allow access to the home page by using the WordPress is_home() function. We also allow access to any page with the word “login” in the URL, which on our setup will just the login page.

Locking down files

Some of the pages you are locking down may have images or other files attached to them. If the page is locked down, the link or image will not show up on the site for your users. However, users who know the direct URL to the file will be able to download to the file without first being logged in as a member.

This is because when Apache processes a URL like http://schoolpress.me/wp-content/uploads/logo.png, it serves the file directly to the user without checking with PHP or WordPress first.

You can change this behavior by adding a rule to your site’s .htaccess file that will redirect any URL like the preceding one through a special script bundled with Paid Memberships Pro. Add the following code to the top of your .htaccess file, above the other rewrite rules:

RewriteEngine On
RewriteBase /
RewriteRule ^wp-content/uploads/(.*)$ \
    /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]

How does this work? In WordPress, images and files can be uploaded to a post or page. These files, called attachments by WordPress, are all stored in the /wp-content/uploads/ folder, but they are also associated with the post they were attached to via an entry in the wp_posts table.

Attachments are stored in the wp_posts table with the post_status set to “attachment” and the post_parent set to the ID of the post they are attached to.

The getfile.php script will find the corresponding entry in the wp_posts table for the requested file; and if the attachment’s parent requires membership, it will check to make sure a valid member is logged in before serving the file.

Change user roles based on membership levels

For most of the examples in this section, we assume that members only have access to the frontend application of your site. However, sometimes you may want to give members access to the WordPress dashboard, give them the “author” role so they can post to the blog, or otherwise assign a role other than “subscriber” to them.

This code will add the author role to any new member of a particular level. It will also downgrade the member to a subscriber role if her membership level is removed:

function my_pmpro_after_change_membership_level($level_id, $user_id)
{
  if($level_id == 1)
	{
		//New member of level #1.
    //If they are a subscriber, make them an author.
		$wp_user_object = new WP_User($user_id);
		if(in_array('subscriber', $wp_user_object->roles))
			$wp_user_object->set_role('author');
	}
	else
	{
		//Not a member of level #1.
    //If they are an author, make them a subscriber.
		$wp_user_object = new WP_User($user_id);
		if(in_array('author', $wp_user_object->roles))
			$wp_user_object->set_role('subscriber');
	}
}
add_action(
    'pmpro_after_change_membership_level',
    'my_pmpro_after_change_membership_level',
    10,
    2
);

More information on users and roles is in Chapter 6.

International and long-form addresses

By default, the Paid Memberships Pro checkout form will show address fields with the city, state, and postal code formatted on their own lines. A dropdown to choose the country will be shown below.

Figure 14-9. Paid Memberships Pro international billing address

You may want to change the default country, change the list of countries, or make some of the address fields not required. Here is some example code doing that:

/*
    Change the Default Country from US to GB (Great Britain)
*/
function my_pmpro_default_country($default)
{
	return 'GB';
}
add_filter('pmpro_default_country', 'my_pmpro_default_country');

/*
	Add/remove some countries from the default list.
*/
function my_pmpro_countries($countries)
{
	//remove the US
	unset($countries['US']);

	//add The Moon (LN short for Lunar?)
	$countries['LN'] = 'The Moon';

	//You could also rebuild the array from scratch.
	//$countries = array('CA' => 'Canada', 'US' => 'United States',
    //  'GB' => 'United Kingdom');

	return $countries;
}
add_filter('pmpro_countries', 'my_pmpro_countries');

/*
	(optional) You may want to add/remove certain countries from the list.
    The pmpro_countries filter allows you to do this.
	The array is formatted like
    array('US'=>'United States', 'GB'=>'United Kingdom');
    with the acronym as the key and the full
	country name as the value.
*/
function my_pmpro_countries($countries)
{
	//remove the US
	unset($countries['US']);

	//add The Moon (LN short for Lunar?)
	$countries['LN'] = 'The Moon';

	//You could also rebuild the array from scratch.
	//$countries = array('CA' => 'Canada', 'US' => 'United States',
    //  'GB' => 'United Kingdom');

	return $countries;
}
add_filter('pmpro_countries', 'my_pmpro_countries');

/*
	Change some of the billing fields to be not required.
	Default fields are: bfirstname, blastname, baddress1, bcity, bstate,
    bzipcode, bphone, bemail, bcountry, CardType, AccountNumber,
    ExpirationMonth, ExpirationYear, CVV
*/
function my_pmpro_required_billing_fields($fields)
{
	//remove state and zip
	unset($fields['bstate']);
	unset($fields['bzipcode']);

	return $fields;
}
add_filter('pmpro_required_billing_fields', 'my_pmpro_required_billing_fields');