Mismatched PayPal and Registration Emails

I’m testing out s2 – is it the case that if a user signs up for one of the paid levels but their paypal and s2/wordpress user emails don’t match, then they will be set as ‘unconfirmed’ and won’t be given the correct access permissions?

This is what I’m seeing when I test things out. If however the user uses the same email for paypal and registering, then all works fine and the user is granted permissions correctly as per the level they subscribed for.

Is this how s2 should be behaving? I guess it makes sense from a security standpoint, but I wasn’t sure if this was the intended behaviour?

Hello Bruce,

I’m not sure about this myself, I’ll ask Jason for his opinion. Don’t think he’ll post here, but I’ll tell you what he tells me. ;)

Thanks Eduan, I’m looking forward to hearing as it may be a conflict with another plugin that integrates with s2….

No problem, just don’t wait too much, cause Jason checks his email once or twice a week only (usually less). ;)

Ok, thanks for letting me know…

Hi guys, is there any news on this? I’ve got another plugin developer not playing ball as they claim that the problem of not matching paypal and s2 emails resulting in the user not being confirmed and assigned no permissions in wordpress is a bug with s2…

Hello Bruce,

No news on this yet, I’m gonna send him another email.

Many thanks Eduan…

Hello Bruce,

Thanks for the heads-up on this thread, Eduan. We appreciate all bug reports.
And thanks for your patience.

I’m testing out s2 – is it the case that if a user signs up for one of the paid levels but their paypal and s2/wordpress user emails don’t match, then they will be set as ‘unconfirmed’ and won’t be given the correct access permissions?

Within s2Member’s IPN/PDT processes there are no processes that validate the user email inside WordPress with the email passed by PayPal. s2Member uses this email address only for sending users their passwords via wp_mail() if you have s2Member configured that way. s2Member uses the user ID passed by PayPal for updating profiles.

However, if you are filtering the variables PayPal is receiving, and replacing the PayPal email with the subscriber’s email, this could definitely cause problems.

Are you getting an error code/message during your tests that may be causing this? If so, can you post exactly what this error is?

I’m looking forward to hearing as it may be a conflict with another plugin that integrates with s2….

Is this plugin in the WordPress plugins repository? If so, can you post the link to it?

Also, could you please post the PayPal logs from these test transactions, assuming you have logging enabled?

Thanks

Hi guys, I’m just adding a reply now…

>Also, could you please post the PayPal logs from these test transactions, assuming you have logging enabled?

Sure, logging is enabled – is it ok to insert the contents into pastebin or something like that? I’m guessing there is no sensitive info in the 3 files? The size of the 3 files is…

paypal-api – 1.2mb
paypal-ipn – 22.3kb
paypal-rtn – 30.7kb

Let me know and I’ll make them avaliable somewhere/will email them if you prefer?

>Thanks for the heads-up on this thread, Eduan. We appreciate all bug reports. And thanks for your patience.

No problem – thanks for making such a powerful plugin…

>However, if you are filtering the variables PayPal is receiving, and replacing the PayPal email with the subscriber’s email, this could definitely cause problems.

To the best of my knowledge there is no filtering of the variables PayPal is receiving. The only ‘extras’ in the plugin settings are for a Payment Notification url and a Refund/Reversal Notification url, both of which come from the premium version of the affiliates plugin (http://wordpress.org/extend/plugins/affiliates/)

I am also using some other plugins that might be conflicting?

WP-Mail-SMTP
W3 Total Cache
Hotfix
Block Bad Queries (http://perishablepress.com/5g-blacklist-2012/comment-page-8/#comment-88415)
WP Security Scan

The other thing I noticed that might be odd is that I ran through the instructions re: ideal server configuration below. The test php file I created didn’t load from the StrongTi.es domain but it loaded successfully from another site hosted on the same account. I don’t know if this is relevant or not, but I can only guess that maybe an entry in the root .htaccess file prevented this?

http://www.s2member.com/forums/topic/ideal-server-configuration-for-s2member/

>Are you getting an error code/message during your tests that may be causing this? If so, can you post exactly what this error is?

Not to my knowledge, no error messages are posted in the browser/the admin section of the site, unless they are captured in the log file?

>Is this plugin in the WordPress plugins repository? If so, can you post the link to it?

I’m using the premium version of the affiliates plugin. The author has been helping me test this and I’m sure he’ll be able to help if necesarry.

Wordpress version http://wordpress.org/extend/plugins/affiliates/
Premium version http://www.itthinx.com/plugins/affiliates-s2member/

>Also, could you please post the PayPal logs from these test transactions, assuming you have logging enabled?

Sure, logging is enabled – is it ok to insert the contents into pastebin or something like that? I’m guessing there is no sensitive info in the 3 files? The size of the 3 files is…

paypal-api – 1.2mb
paypal-ipn – 22.3kb
paypal-rtn – 30.7kb

Sure, logging is enabled – is it ok to insert the contents into pastebin or something like that? I’m guessing there is no sensitive info in the 3 files? The size of the 3 files is…

Actually there is private/personal info from the account that paid, so I suggest you simply X out any private info (email etc.).

You can paste the logs inside the <code></code> tags, one for each log.

– Eduan

I hope this helps…

paypal-api

http://pastebin.com/Hjbmpm3m

paypal-ipn

http://pastebin.com/zjiAMUgA

paypal-rtn

http://pastebin.com/HaFnKtUY

p.s. pasting in the raw logs didn’t work too well with one of them being over 1mb…

Hi Bruce,

Thanks a lot for all of the information. I’m going to investigate this and get back to you soon.

Many thanks….

i can not work with S2MEMBER after payment there is no mail sended to the subcriber

is there any way to get my qeustions answered or do i need to search another plugin

when do i get an answer i need urgent

Hello Kevin,

I suggest you search the forums (use the search bar at the top right of the website), there have been many cases of this and I’m sure one of those solutions will work for you.

Also, I suggest you make your own thread, so that people can pay attention to it specifically. And one more thing, you’re not gonna get fast answers (or any at all, maybe) if you don’t have the pro version of s2Member and post it on the customer support forums.

Hope this helps. :)

Hi Bruce,

Sorry for the delay

As far as your logs are concerned, everything is going smoothly. None of the plugins deal with s2Member directly. However something I did notice is that the plugin Block Bad Queries you have installed may be interfering with the queries from PayPal, so that if the email PayPal passes through is not equal to that of the user’s, the plugin simply disregards the query and s2Member never even gets the data.

The fact that none of the data that was received from PayPal was for Profile Modification makes the likelihood of this even higher.

I would try disabling this plugin and seeing if that helps. I do believe that the plugin actually edits your .htaccess file, so even if you disable it, it may still give you problems. If that’s the case, you should be able to get a new .htaccess file from a copy of WordPress.

s2Member’s functionality does not deal with validating email addresses sent from PayPal to those from user emails, so this is almost definitely a plugin conflict, and is not how s2Member is designed to work.

Hi Bruce,

Yes, you’re right – disabling ‘Block Bad Queries’ has sorted it – thank you for your help!

Out of interest and given that the majority of s2 users are deploying the plugin on a commercial site, do you have any recommendations re: additional (but compatible!) security measures site admins might take?

Would you suggest anything else over and above keeping plugins up to date and doing regular backups?

Thanks again,

Bruce

p.s. this looks like the successor to Block Bad Queries but I suspect it won’t work with s2 and paypal right?

http://perishablepress.com/5g-blacklist-2012/

its working now with the shortcode

Hi Bruce,

Glad to hear you’ve got it fixed.

p.s. this looks like the successor to Block Bad Queries but I suspect it won’t work with s2 and paypal right?

http://perishablepress.com/5g-blacklist-2012/

I would suspect that this would cause similar errors as it exists now. If you can add a whitelist within the plugin then it may be okay. Just whitelist requests from PayPal.

Otherwise, you may want to find the add_action() hooks for the plugin and add a conditional such as:

if($_GET['s2member_paypal_notify'] !== NULL) { # If s2member_paypal_notify is not set / is not the PayPal IPN response URL
	# Hooks and filters
}

Doing that would allow the plugin only to function when s2Member is not getting directly queried from PayPal.

---

Closing thread. If you have any further issues please create a new thread.

• This reply was modified 4 years, 3 months ago by  Bruce.