Too Many IP Addresses and multiple users

I am trying to give away a paid for download, (no membership required). Obviously, I want this page protected and the link is given out in an email. I also want to link to expire after 24 hours once the page is accessed.

So I manually generated a Paypal post/page access link, and set the expiration to a “year” – then took that link and placed it in an autoresponder email that the customer gets after ordering.

Problem is now they are getting the “Too many IP addresses accessing one secure area! s2member”.

I ASSUME it’s because too many different customers have tried to access the same link? Correct?

Obviously, I want this on auto-pilot. Need the download protected, need protection from hackers and sharing, and dont want to manually created a link for every customer.

Can you please advise what is the best way to handle this? (no membership is required, a protected FREE download, not going through Paypal)

thanks

Hello Vincent,

This error you’re getting is caused by the settings under Dashboard -› s2Member® -› Restriction Options -› Unique IP Access Restrictions. It’s when several IPs login to the same account, and in this case when they all use the same unique page/post link.

– Eduan

Hi Eduan
I already understand WHY I am getting that error. There are NO ACCOUNTS. I believe it’s because too many different “people” are using that same link I generated. What I am trying to do is find a better approach. I know s2member can handle it, just curious as to the “best route” to go

Here is a summary of scenario:

Customer goes through our shopping cart (not paypal) and orders a digital download
Upon approval, they get send an EMAIL with a secure link to download.

They are not members, this is a one time download for them. Currently, I created a link, but too many people are using it, causing the error. Plus I want the link to be somewhat secure.

What I am trying to avoid is having to manually generate a link everytime someone places an order.

Is this scenario possible?

Hi Vincent.

I’m afraid that other than removing the Unique IP restriction, there won’t be a way to use the same Specific Post/Page Access link for all your customers the way you set it up. And removing the Unique IP restriction, giving that special link is pretty much the same as just using a hidden page with no protection. Users won’t be prevented very much from sharing the link and non-paying users getting to download.

You basically need to have a way to tell each user apart if you want to protect the download properly.

What I suggest is that you have them register on your site to get to the protected download. But this too would be a problem, because you’re selling outside of what s2Member controls, so you’d need to give them an access link to register on your site, but it’d only be good to register once.

You’ll have to integrate the sales process with s2Member so each user gets his own unique registration link or Specific Post/Page link.

You can sell with s2Member’s buttons/pro-forms. This would be the best, because it doesn’t require a special integration with s2Member. But you would need to alter your sales process a bit, since you’re using a cart to sell now.

You could integrate your current process so the return after payment is to s2Member’s URL with the variables it needs, to process the sale and send a unique link to the user. You can use the PayPal IPN with Proxy Key. The guide to create buttons over at PayPal will also help see the variables needed by s2Member.
[hilite path]Dashboard -› s2Member® -› PayPal® Options -› PayPal® IPN Integration -> Proxy Key[/hilite]
Knowledge Base » Using Buttons Generated @ PayPal.com

Or, using the Remote Operations API you can have your system create a account for the user after he purchases. [hilite path]Dashboard -› s2Member® -› API / Scripting -› Remote Operations API[/hilite]

Or create a customization so that after purchase in your cart, an s2Member Specific Post/Page access link is generated for that specific user and send the email with it from your customization, not the autoresponder service.

I hope that helps. :)

Christian, you guys and s2member are amazing. I didn’t think I could do this, but I’ve made some headway on this and we’re 90% there. There are 2 issues that I have to resolve.

I implemented this code in the “thank you page”

<?php
 
$op["op"] = "create_user"; // The Remote Operation.

$op["api_key"] = "**************************************"; // Check your Dashboard for this value.
   // See: `s2Member -› API / Scripting -› Remote Operations API -› API Key`

$op["data"] = array (
   "user_login" => "$name", // Required. A unique Username. Lowercase alphanumerics/underscores.
   "user_email" => "$email", // Required. A valid/unique Email Address for the new User.

   // These additional details are 100% completely optional.

   "modify_if_login_exists" => "1", // Optional. Update/modify if ``user_login`` value already exists in the database?
       // A non-zero value tells s2Member to update/modify an existing account with the details you provide, if this Username already exists.

   "user_pass" => "", // Optional. Plain text Password. If empty, this will be auto-generated.

   "first_name" => "$firstname", // Optional. First Name for the new User.
   "last_name" => "$lastname", // Optional. Last Name for the new User.

   "s2member_level" => "1", // Optional. Defaults to Level #0 (a Free Subscriber).
   "s2member_ccaps" => "nextgen", // Optional. Comma-delimited list of Custom Capabilities.

   "s2member_registration_ip" => "", // Optional. User's IP Address. If empty, s2Member will fill this upon first login.

   "s2member_custom" => "www.mysite.com", // Optional. If provided, should always start with your installation domain name (i.e. $_SERVER["HTTP_HOST"]).

   "s2member_notes" => "Administrative notation. Created this User via API call.", // Optional. Administrative notations.

   "opt_in" => "1", // Optional. A non-zero value tells s2Member to attempt to process any List Servers you've configured in the Dashboard area.
       // This may result in your mailing list provider sending the User/Member a subscription confirmation email (i.e. ... please confirm your subscription).

   "notification" => "1", // Optional. A non-zero value tells s2Member to email the new User/Member their Username/Password.
       // The "notification" parameter also tells s2Member to notify the site Administrator about this new account.
);

$post_data = stream_context_create (array ("http" => array ("method" => "POST", "header" => "Content-type: application/x-www-form-urlencoded", "content" => "s2member_pro_remote_op=" . urlencode (serialize ($op)))));

$result = trim (file_get_contents ("http://www.pianowizardacademy.com/campus/?s2member_pro_remote_op=1", false, $post_data));

if (!empty ($result) && !preg_match ("/^Error\:/i", $result) && is_array ($user = @unserialize ($result)))
   echo "Success. New User created with ID: " . $user["ID"];
else
   echo "API error reads: " . $result;
?> 

It successfully created the user and generated the email admin and the user. Wondeful! That said,

1. For the test, i used custom capability, which I can use to deliver the protected content. But that’s not really how I want to deliver it. I want the give access to the protected Specific Post/Page link. Is there a line I can add in there for that?

2. Orders are coming in through our shopping cart (1shoppingcart). The script above generates a user name with their FULL NAME. Problem is if the “email account already exists” as a member, it says API error, email already exists. In other words, the customer may ALREADY have an account, but under a different username (other than their full-name) with the same email.

One possible solution to this may be creating a custom field in the shoppingcart, but I’d have to figure that out and see if I can pass that value. However, this may not be realistic since the membership option is product specific. So another solution may be needed.

Thank you again for you help.

Thanks for the kudos! :)

2. Orders are coming in through our shopping cart (1shoppingcart). The script above generates a user name with their FULL NAME. Problem is if the “email account already exists” as a member, it says API error, email already exists. In other words, the customer may ALREADY have an account, but under a different username (other than their full-name) with the same email.

You could first check by email address if the user is already registered.

1. For the test, i used custom capability, which I can use to deliver the protected content. But that’s not really how I want to deliver it. I want the give access to the protected Specific Post/Page link. Is there a line I can add in there for that?

You can use s2Member’s method to generate an access link dynamically. http://www.s2member.com/codex/stable/s2member/sp_access/c_ws_plugin__s2member_sp_access/#src_doc_sp_access_link_gen%28%29

Here’s an example: http://www.s2member.com/forums/topic/giving-my-level-1-customers-a-12-hour-link/#post-41816

The code there is all spread out so it’s easier to learn, you can obviously write it like this:

[hilite pre_code]

[/hilite]

Since you already register the user, though, I think custom capabilities are a much better way to go, because you can manage his access better. Access links can’t be cancelled, once you gave it, you can’t remove it before it expires, or without changing the protection itself (which would remove access for every other user too). With ccaps you can just edit his profile and that’s it, but ccaps don’t have individual expirations, so that’s a disadvantage.

Well, there’s a plugin that I think adds ccap expiration… http://www.s2member.com/forums/topic/ccap-drip-timer-drip-multiple-courses/

---

I hope that helps.

Chritian
The code above works well and I will use it in conjunction with CCAPS. That’s good enough for me.
Thanks

I’m almost there. I just didn’t understand the first part
“You could first check by email address if the user is already registered.”

That’s the biggest part of this. This might not be feasable…or require really advanced programming,
but the scenarios are

1. If user does not have an account at all, create it at level 1
2. If user has account, and both email and username match, check LEVEL – if 0, upgrade to 1. If 1, we’re set
and no new account is required.
3. If email account exsists, but username is different…UGG, what do we do here?

Any final help on this subject would be appreciated

I’m almost there. I just didn’t understand the first part
“You could first check by email address if the user is already registered.”

http://codex.wordpress.org/Function_Reference/get_user_by

3. If email account exsists, but username is different…UGG, what do we do here?

An email match would be enough to know it’s the same user, right?

An email match would be enough to know it’s the same user, right?

Yes Christian, an email match may be enough to know. Unfortunately, this coding is beyond my capabilites.

I’ll have to adandon this little project. But thanks for the help anyway

Vin