How to kill/delete a specific generated link

We use S2member to have single page access for PPV video (sporting events). Is there a way to kill a link that S2member has generated for a user. The page url generates the…
?s2member_sp_access=635v545d52504p4i4q5v645n5c3j313e5f3c3u493t3d3h3d323d5e4a3t3v3a3c3737373b49483m3h3j313e5f3c3u493n3d
after it specific to each buy. Would like to know if there is a way to kill that specific link for a user if they abuse the use of it…. ie emailing it out to others so they don’t have to pay the PPV fee.

Hello Ian,

I am pretty sure those URLs are user specific, in other words, they cannot be shared, it will only work with the client, computer, IP etc. that the user bought it with.

Hope this helps. :)

No, I can take any link with that string and open it on another computer or email to someone and they can open it. Hopefully I can find a solution to this loophole as I have one person sending a PPV link out to others and we have people watching our video for free.

This is for specific post page access correct? Or is it for a download link?

specific post page access, correct.

Hello Ian,

That certainly is strange, are the people that are trying to access it using different IPs? Or are the using the same IP?

Different IP’s. I can even go to the Single-Page Link Generator ( for Customer Service ) under Single Page “Buy Now” Access and generate a link and then send that to 10 people in 10 different places and they will all get to view that page with the same link. Works the same way when someone buys it and then gets redirected to the restricted page. That user can then just copy the generated url string and send it to other people.

That certainly is strange, it’s the first time I’ve seen it reported.

Have you tried making compatibility checks with your theme and your plugins?

I’m having this same issue. I found that when I went from google checkout to authorize.net, that the link became less secure and s2 is allowing the link to be opened anywhere from any ip address.

I have the same question.
s2member_file_download_key is unique, but s2member_sp_access is not and can be used by anyone. I’m wondering if it’s stored in database somewhere. What tables s2member uses to store its data?

A client of mine just asked the same thing. I guess they had someone pay and then file a chargeback — now they want that person’s access links disabled/removed.

Was hoping for a quick answer, but I guess I’ll be digging through the database looking for matching links.

I’ll send Jason an email and see what he has to say about this, as this may be a bug. :)

Folks, in rereading this thread, there are two issues: 1) do the access links allow more people to use them than they should, and 2) regardless, how does one remove an access link once it is created.

Both are important questions, but right now, my client is only concerned with issue #2 — how to remove an access link once it is created.

Brian, that is correct on the two issues.

I have my settings set at 1 IP with a punishment of a year. I’m up to 9 different IP’s from the link I sent out. I’ve tried this from the purchase standpoint an the customer service link. Both scenarios, no lock out.

It seems that I lost all control over that when I transitioned to Authorized.net. When we used google checkout, the client would breath and lock themselves out. Now I have people forwarding links and using them as they wish.

Thanks for the heads up on this thread.

The topic being discussed here is related to two separate questions.

1. Do the access links allow more people to use them than they should.

Specific Post/Page Access Links are controlled by your configuration of Unique IP Restrictions under: Dashboard -› s2Member® -› Restriction Options -› Unique IP Access Restrictions. So the answer to this question, is that a single user will be able to share his link with as many unique IP addresses as you’ve configured to allow, after which other users will start being denied. This is designed to allow a single customer access from multiple IP addresses (i.e. a personal computer, a laptop on the road, etc), but to give a site owner control over what they deem acceptable. After a customer exceeds the number of unique IP addresses that you’ve decided to allow, the link will be blocked automatically (i.e. for whatever punishment period you configure).

See: Dashboard -› s2Member® -› Restriction Options -› Unique IP Access Restrictions

2. Regardless, how does one remove an access link once it is created.

The current release of s2Member creates Specific Post/Page Access Links in a way which places all of the autorization details in the link itself (i.e. in the encrypted string which appears in the link, and it is NOT contained in any database table). This makes it possible for Specific Post/Page Access to remain disconnected from any membership or registration on the site. However, while this does provide for some great advantages, it also poses a serious problem for site owners that wish to revoke access for one reason or another, with respect to Specific Post/Page Access.

In the current releases of s2Member, it is NOT possible to revoke access to a Specific Post/Page Access Link. At least, not in any simple way (i.e. via any UI panel in the Dashboard). The only way to revoke access to a Specific Post/Page Access Link is by blocking the customer’s IP address conditionally, through code of your own.

We recognize this as a problem, and efforts have been underway for some time to resolve this in the next generation of s2Member, which has been accomplished, and a beta release will be available soon.

maybe food for future thought: give admins the option to REQUIRE level 0 (free) membership and tie the single post/page purchase to that member account.

downside is that users are required to register (many sites do that) but at least it’s free.
upside is that the link is tied to their membership account so that can be revoked.

also, I wouldn’t mind allowing paid membership levels to be an option even for specific posts/pages. I understand the current logic which prevents that but I wouldn’t mind up-selling specific posts/pages on top of paid memberships.

I am still unclear after reading this.

Does the unique IP restriction work as stated by Jason, or are there problems with its implementation, as outlined by Ian, Max and TechNinja above. Please clarify as I am about to implement the Specific Post/Page feature into my site.

Thanks for your responses.

Ganaxi

Hello Ganaxi,

They work as Jason stated, he just came to tell us the exact reason why we can share links etc.

Hope this helps. :)

thanks, eduan

Ganaxi

You’re welcome Ganaxi!

Glad I was able to help. :)

Jason, thanks I think this is exactly what I need for limiting the number of IP’s allowed to access a specific page. Should stop the ability of people sharing the link if I limit to 1 IP.

Since I am doing new live events pretty much each week and I create a new specific page for each event and then restrict it, would I need to change the time period to less then the 30 days or would that not matter since it is not the same page that the specific IP would be trying to access the next week?

Look forward to the next version of S2 and getting the ability to revoke access immediately if necessary.

Next on my list is getting a way to ban certain people from buying. I do not think PayPal has a way to block certain email addresses from buying. I know they then can just use another email address, but at least it would be a start.

Ian

Jason, Thanks for taking to time to clarify this. I can now advise my client accordingly, although not in the way they were hoping for…

I’m not a developer, and it sounds like you already have a solution in the works, but it seems that one solution might be to record each generated access link in a table; then, before providing access to the page, verify that there’s a matching record in that table. Admins could then remove the record, and effectively kill the link. Just thinkin’ out loud…

In any event, thanks for a great and well-supported product!

Has there been any progress on the ability to revoke links?

I am looking at the ‘buy specific pages’ process as a why to integrate cubepoints.

I can add custom code to the page to add points to a users when the visit the link but i want to be able to revoke the link so they can’t use it again to get points they haven’t paid for.