Multiple CCAPs on a paypal button in php

Hi guys, got the client to finally joined the ranks of paying users :) Thanks for all of your amazing help before now.

I’ve created a buy now button that auto-populates one of the ccaps based on a custom field in the current post. But now, I need it to add more than one ccap, which is hard-coded.

I’ve read the documentation, but it didn’t seem clear to me:

You can specifiy a list of Custom Capabilities that will be (Added) with this purchase. Or, you could tell s2Member to (Remove All) Custom Capabilities that may or may not already exist for a particular Member, and (Add) only the new ones that you specify. To do this, just start your list of Custom Capabilities with `-all. So instead of just (Adding) Custom Capabilities: music,videos,archives,gifts You could (Remove All) that may already exist, and then (Add) new ones:-all,calendar,forums,tools')

I also referenced this thread: http://www.primothemes.com/forums/viewtopic.php?f=4&t=2346, which helped fill in the gap in the documentation about using the plus sign, but I can’t find the right syntax for more than one ccap.

I need the ccaps to ADD to the user’s profile but NOT overwrite existing ccaps. I’ve tried both of the following without success:

<input type="hidden" name="item_number" value="*:+<?php echo $classCode;?>,masterclass" />

and

<input type="hidden" name="item_number" value="*:+<?php echo $classCode;?>,+masterclass" />

What would be the correct syntax/markup?

Thank you!

Thanks,
Kenny

Hi Kenny. Thanks for the kudos! :)

In your shortcode for the button or pro-form, just list the ccaps you want to add. If you have a PHP execution plugin, you can use PHP in the shortcode too:

[hilite pre_code]
ccaps=",masterclass"
[/hilite]

The thread you linked to is over a year old, when the default was to replace the ccaps with the new ones, but that’s different now and the default is to add them, which is why you’d need to have [hilite mono]-all[/hilite] if you want to remove the existing ones first.

I hope that helps. :)

• This reply was modified 4 years, 7 months ago by  Cristián Lávaque.

Thanks Cristian. I’m using the full HTML/PHP form code instead of a shortcode because I’m sending in a few php vars and the button is super customized visually. Though, I’m a little worried about security. Here’s a page with one of the buttons…what do you think, security wise?

http://www.zackpetroc.com/erasmus-design-sculpt-ztl/

As for the ccaps, I’ll try it without the plus signs and hope for the best. Thanks again!

Ah, I see.

Yeah, it’s not as secure, because you can modify the amount to pay. It’s better to encrypt the button. [hilite path]Dashboard -› s2Member® -› PayPal® Options -› Account Details -› Encryption[/hilite]

You can use variables in the shortcode for the button, not just in the HTML code for it. http://www.primothemes.com/forums/viewtopic.php?f=36&t=1604

I hope that helps!

I dived into using a shortcode for the button in order to encrypt it, but it’s not working out for me. Transactions run smoothly, but I can still use Firebug to easily edit the button’s amount before sending, which doesn’t raise any red flags during the transaction and the user account receives the correct ccaps assigned in the button.

On a sandbox site, I have:

1. enabled sandbox mode, button encryption, and routine logging via Paypal options > Paypal account details
2. set the sandbox paypal seller account to block unencrypted transactions
3. run transactions smoothly using the shortcode generated by the s2member buy now button generator, using do_shortcode() in my page template
4. using the same button, hacked the “amount” field using Firebug, and submitted the transaction smoothly for the altered price, without errors

Here’s what I’m using, placed directly into one of my WP page templates. I haven’t gotten so far as to incorporate variables, which was the original goal:

<?php 
$var = do_shortcode('[s2Member-PayPal-Button level="*" ccaps="test" desc="Test Description" ps="paypal" lc="" cc="USD" dg="0" ns="1" custom="www.fittedwebdesign.com" ra="29" rp="1" rt="L" rr="BN" image="default" output="button" /]'); 
echo $var;
?> 

I’m a little confused by Jason’s example in the post: http://www.primothemes.com/forums/viewtopic.php?f=36&t=1604

Because he references two things: (1) a link and (2) the shortcode. Isn’t the point of the shortcode to create a button, thereby not needing a link?

Or do I need to create a link, which is processed/confirmed by whatever the shortcode generates?

I’m doing all of this in php directly inside a custom page template because everything needs to be automated, so I’d appreciate your help in those terms (as opposed to what to do inside the WP post editor).

Thanks!

The example he posted there with the link, is if you need to pass a var to the shortcode using GET. It can also be done with POST or with a var you get from the script itself. The important part is where he shows you can customize the shortcode attributes with PHP.

About modifying the amount with Firebug, how do you do that if the button is encrypted? Didn’t know this to be possible.

I guess I’m not understanding Jason’s example. Would it be possible for you to provide a quick example of how I would use the shortcode (and therefore the encryption) in raw php and not the wp post editor? If you could include a variable, like my example below, that would be awesome.

The code I’m using outputs a standard form tag in the html, which is editable via Firebug. I don’t see anything encrypted about it at all.

Here’s the code I’m using on the dev site in sandbox mode:

<?php 
$var = do_shortcode('[s2Member-PayPal-Button level="*" ccaps="' echo $autoccap '" desc="Test Description" ps="paypal" lc="" cc="USD" dg="0" ns="1" custom="www.fittedwebdesign.com" ra="29" rp="1" rt="L" rr="BN" image="default" output="button" /]'); 
echo $var;
?> 

And here’s the output:

<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
 <input name="business" value="kenny@fittedwebdesign.com" type="hidden">
 <input name="cmd" value="_xclick" type="hidden">
 <!-- Instant Payment Notification & Return Page Details -->
 <input name="notify_url" value="http://www.fittedwebdesign.com/clients/zackpetroc/?s2member_paypal_notify=1" type="hidden">
 <input name="cancel_return" value="http://www.fittedwebdesign.com/clients/zackpetroc/" type="hidden">
 <input name="return" value="http://www.fittedwebdesign.com/clients/zackpetroc/?s2member_paypal_return=1" type="hidden">
 <input name="rm" value="2" type="hidden">
 <!-- Configures Basic Checkout Fields -->
 <input name="lc" value="" type="hidden">
 <input name="no_shipping" value="1" type="hidden">
 <input name="no_note" value="1" type="hidden">
 <input name="custom" value="www.fittedwebdesign.com" type="hidden">
 <input name="currency_code" value="USD" type="hidden">
 <input name="page_style" value="paypal" type="hidden">
 <input name="charset" value="utf-8" type="hidden">
 <input name="item_name" value="Master Class Access " type="hidden">
 <input name="item_number" value="*:test" type="hidden">
 <input name="amount" value="29" type="hidden">
 <!-- Configures s2Member's Unique Invoice ID/Code  -->
 <input name="invoice" value="4fbdefa74f519~69.169.138.152" type="hidden">
 <!-- Associates Purchase With A User/Member ( when/if applicable ) -->
 <input name="on0" value="Referencing Customer ID" type="hidden">
 <input name="os0" value="274" type="hidden">
 <!-- Identifies The Customer's IP Address For Tracking -->
 <input name="on1" value="Customer IP Address" type="hidden">
 <input name="os1" value="69.169.138.152" type="hidden">
 <!-- Displays The PayPal® Image Button -->
 <input src="https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif" style="width:auto; height:auto; border:0;" alt="PayPal®" type="image">
</form>

I can easily inspect that element in Firebug, change the value of the “amount” and click the button to submit it. The transaction works fine but uses the hacked amount.

Thank you!

That’s weird, it should be encrypted, not like that. Could you verify that you have encryption enabled? [hilite path]Dashboard -› s2Member® -› PayPal® Options -› Account Details -› Encryption[/hilite]

Yep, verified. And using Version 120517.

• This reply was modified 4 years, 7 months ago by  Fitted Web Design.

Thanks. I’ll report this to Jason.

Something you could do, too, is change the output to url and link the button image yourself. The URL won’t be easy to tamper with. [hilite path]Dashboard -› s2Member® -› PayPal® Buttons -› Shortcode Attributes -> output[/hilite]

Button encryption does not work in Sandbox mode.

This was reported last year, and I reported it to PayPal, but they’ve never fixed it.
http://www.primothemes.com/forums/viewtopic.php?f=36&t=309&p=28461#p28461

Going into LIVE mode, should resolve button encryption issues from the Sandbox.

Don’t use the sandbox, do 1 cent live transactions for your tests instead.

100 live 1 cent transactions… 1 dollar.
Not dealing with extra, needless stupidity from PayPal… priceless.

^ That can be a Knowledge Base article on dealing with sandbox problems :P

• This reply was modified 4 years, 7 months ago by  Cristián Lávaque.