Jason (Lead Developer)

Thanks for reporting this important issue.

How is the Authorize.net process suppose to work? Is there suppose to be a redirect or just a message?

In the scenario you’ve described, a customer should receive a message stating, “Thank you. Your account has been updated. – Please log back in now.”. You can modify this by setting up your success="" attribute and redirecting the customer to a message of your choosing.

By default, there is no separate Thank-You page, we handle this dynamically. The Thank-You page, is that message, “Thank you. Your account has been updated. – Please log back in now.”. This is also where s2Member displays your Signup Tracking Codes (or Modification Tracking Codes) in the scenario you described.

See: Dashboard -› s2Member® -› API / Tracking -› Signup Tracking Codes
See also: Dashboard -› s2Member® -› API / Tracking -› Modification Tracking Codes

If you setup a success="" attribute, your Signup/Modification Tracking Codes will be displayed at the bottom of your custom Post or Page, as indicated by the value of your success="" attribute. If these are not working as expected, please remove the Auto-Login hack that you’ve implemented with custom code. Also, please verify that your theme is performing the wp_footer action which is standardized by WordPress. This is what s2Member uses to display your Signup/Modification Tracking Codes.

How can we disable the message (it doesn’t apply anyway, users are already logged in) and get the user to be redirected to a thank you/summery/etc page? success=”” atr doesn’t work because of the auto login hack.
How are other s2M Authorize.net SAS users getting this to work?

This is what the success="" is for. If you’re dealing with a Pro Form for Billing Modifications, then each User/Member will already be logged in, so you could set your success="" attribute to the Login Welcome Page URL, if you like. This way they are taken back to their “My Account” page (aka: Login Welcome Page). Please see also: Knowledge Base » Customizing Your Login Welcome Page

Your log file indicates that s2Member is also having trouble verifying $_POST vars. This could indicate that you have an invalid and/or expired Secret MD5 Hash configured with s2Member®. Please see: Dashboard -› s2Member® -› Authorize.Net® Options -› Account Details -› Secret MD5 Hash

Please let us know if problems persist :-)

Thanks for the follow-up :-)

Looks good from my end. Have you verified what WPLANG is equal to?

– The upgrading and downgrading are automatic, right? I don’t need to worry about this.

Yes, that is correct. If you’ve implemented a Free Registration Form that provides access for X number of days/week/months/years, then a demotion would occur automatically. This is accomplished with the tp="" and tt="" attributes in your Free Registration Pro Forms.

Example: tp="1" tt="W" would provide 1 week free. After the 1 week, they’ll lose access automatically, unless they’ve upgraded during that time. See also: Video » s2Member (Free Registration On Multiple Levels?)

See also: Dashboard -› s2Member® -› PayPal® Pro Forms -› Shortcode Attributes (Explained)

– I don’t have Paypal Pro. But I am still able to use this Free Registration Form, right?

Yes, that is correct.

– But because I don’t have Paypal Pro, I can’t use the other Pro Forms. I instead need to generate a Paypal button in order for people to purchase my Level 2 subscription.

Correct. Actually, you can use Pro Forms even without having a PayPal Pro account.
See: Pre Sale FAQs » To use s2Member® Pro Forms, will I have to use PayPal® Pro?

Thanks for your inquiry. ~ We appreciate your patience :-)

I’m sorry, but at this time, Registration/Profile Fields configured with s2Member® are validated through JavaScript alone. If you’d like to implement server-side validation for one or more custom fields, you could use Hooks/Filters provided by s2Member®. Please see this article for further details.

Knowledge Base » Hacking s2Member® Via Hooks/Filters

Thanks for the follow-up :-)

It sounds like your hosting rep is referring to this PHP configuration option. Located in your php.ini file.
See: http://php.net/manual/en/info.configuration.php#ini.max-input-vars

In your conversation, did you mention Mod Security? HostGator runs Mod Security, and it’s possible for Mod Security to block you, but not block them; just due to the nature of Mod Security. Please try the suggestions posted here, or ask your hosting company about Mod Security tweaks.

See: http://www.s2member.com/kb/mod-security-random-503-403-errors/

If problems persist, I would also try to reproduce this on a clean installation of WordPress, just to rule out the possibility of this being related to a plugin conflict or a rogue script contained by one your plugins/themes in WordPress®.

I can confirm this works as expected in the latest release of WordPress v3.5 and s2Member v130116. Therefore, I have to assume this is an installation-specific issue. However, if you can reproduce it on a clean installation of WordPress, we’ll be happy to take a closer look for you.

Thanks for the follow-up :-)

I tested some of these tinyURL links already and they worked.

We actually received no complains about these two scenarios. I’m wondering if some users might run some antivirus software in their mailboxes and this software could be clicking these links and perhaps messing them up a bit. But I’m not an expert in antiviruses, so it’s just an idea.

I would log the $_SERVER['HTTP_REFERER'] value, along with the IP address and $_REQUEST variables so you can see a little bit more about who these odd links are coming from. You might find they’re coming from search engines hitting your site, after picking these links up somewhere across the Internet. Often times, people will attempt to share their registration links in blogs posts or in chat rooms, but they get things wrong, or they miss details, etc. Logging should reveal things like this.

Thanks for your reply :-)

You will need to rename that file to s2-o.php please. Please see:
Pre Sale FAQs » How can I prevent s2Member® Pro from loading it’s default CSS?

Also, I think the reason you’re having problems with this file, is that you’re attempting to print CSS from this file, without it being attached to any hook/filter. So what’s happening is that your CSS is printing to the screen of every page on the site, above everything else, including the <html> tag :-)

Thanks for your reply :-)

1. In trying to find the answer to this myself, I read this thread http://www.s2member.com/forums/topic/reoccurring-payments-without-paypal-account/ where support said “We normally don’t recommend ERP because it results in problems for the site owner that they simply do not (or refuse not to) foresee. One of the main issues with ERP, is that there’s no way for a customer to cancel future charges, and there’s no way for s2Member to cancel future charges.” This conversation seems to end with the confirmation that subscriptions can be done with Paypal standard or express and didn’t mention ERP again. Maybe things have changed since then but it seems very concerning that there’s no way to cancel future charges. That would be a deal-breaker for me. Are you able to confirm that?

Yes, I can confirm this. The ERP service is problematic in this respect (I don’t like recommending it). It’s not an s2Member® limitation, it’s a PayPal® limitation. If a customer pays you on a recurring basis via PayPal (and without a PayPal account, which is possible with the ERP service), the customer really has no billing account where they can log in and can cancel future recurring charges (e.g. they have no PayPal account). And… unfortunately, recurring subscriptions created under the ERP service also cannot be cancelled through the PayPal API, so this leaves a customer with one option. They must contact the site owner, and you must cancel future charges for them, by logging into your PayPal account and doing so.

2. Given that I don’t want to upgrade my PayPal account at this stae (it’s a standard Business one) and that I don’t mind the fact that users need to create an account with Paypal AND with my site, should I be using Buttons or Prof Forms for the signup? I have tried both. Buttons appear to work fine (except that I couldn’t find how to change the registration questions). However when I use forms I encounter this error: “Error #10478. Invalid Data. Recurring payments profile description must be provided if the billing agreement type is recurring payments.” Being a PayPal error, I figure the issue is with my PayPal account set up. Is this basically calling for ERP?

Either are fine to use. PayPal Standard Buttons are easiest to implement. Pro Forms will give you more control over things, and are a better way to go in our opinion. Even if you’re not going to upgrade your PayPal account right now, you might later on. If you integrate with Pro Forms now, it will be a snap to accept on-site credit card transactions once you upgrade your PayPal account in the future.

See also: Knowledge Base » PayPal® Pro (PayFlow Edition)

Thanks for your inquiry. ~ We appreciate your patience :-)

This is not something that s2Member® makes possible. However, MailChimp® makes this possible for any WordPress® driven site. Every WordPress® installation comes with an RSS/XML feed.

See: …//www.yoursite.com/feed/
If you’re powered by WordPress®, you will have this link on your site.
See also: Dashboard -› Settings -› Reading -› For each article in a feed…

You can create an RSS driven Email Campaign inside your MailChimp® account, which is tied to your blog. You create the feed-driven campaign one time, and then you’re good-to-go. You can learn more about this here.

See: http://blog.mailchimp.com/rss-to-email-tutorial/

Thanks for your inquiry. ~ We appreciate your patience :-)

s2Member® does NOT support back-end restrictions, so I can’t give detailed support on this, but I’ll throw some ideas your way. Generally speaking, you would create a new WordPress Role with the following Capabilities.

Step #1.

New Role: User Manager (user_manager)
I recommend using this plugin: Enhanced Capability Manager

Give the User Manager Role these Capabilities.

read
level_0
list_users
edit_users
add_users
create_users
delete_users
remove_users
promote_users
access_s2member_level0
access_s2member_level1
access_s2member_level2
access_s2member_level3
access_s2member_level4

Step #2

We can tweak s2Member® a bit to make everything work a little more intuitively here.

Please create this directory and file:
/wp-content/mu-plugins/s2-hacks.php
(NOTE: these are MUST USE plugins, see: http://codex.wordpress.org/Must_Use_Plugins)
(See also: http://www.s2member.com/kb/hacking-s2member/)

<?php
// Don't lock the admin panel if the current User can edit_post or edit_users.
// See also: s2Member -> General Options -> Profile Modifications (in case this is enabled).

add_filter('ws_plugin__s2member_admin_lockout', 'lock_admin_panel');
function lock_admin_panel($what_s2_says)
	{
		if(current_user_can('edit_posts') || current_user_can('edit_users'))
			return FALSE;
		return $what_s2_says; // Default return value.
	}

// Don't redirect those who can edit_posts or edit_users to the Login Welcome Page.
// Instead of redirecting them to the Login Welcome Page for s2Member®, we can leave them in the Dashboard.

add_filter('ws_plugin__s2member_login_redirect', 'login_redirect');
function login_redirect($what_s2_says)
	{
		if(current_user_can('edit_posts') || current_user_can('edit_users'))
			return FALSE;
		return $what_s2_says; // Default return value.
	}

// Don't show the s2Member® administrative menu to the User Manager Role in the Dashboard.
add_filter('ws_plugin__s2member_during_add_admin_options_create_menu_items', 'create_s2_menu_items');
function create_s2_menu_items($what_s2_says)
	{
		if(current_user_is('user_manager'))
			return FALSE;
		return $what_s2_says; // Default return value.
	}

Thanks for the follow-up :-)

OK. Good. Your s2Member Shortcode looks good!

The next thing I would take a look at is caching. Is it possible that your site (i.e. another plugin maybe), is caching the HTML that is produced by this Shortcode? That’s what I would suspect at this point. The same button is being clicked by each visitor to the site (i.e. the invoice is always the same)?

s2Member generates a unique PayPal® Invoice for each customer with the following code fragment.
As seen inside: /s2member/includes/classes/sc-paypal-button-in.inc.php

$paypal_invoice_input_value = uniqid () . "~" . $_SERVER["REMOTE_ADDR"];

I don’t know if this might create an invoice conflict but we are allowing some of our special members to join for free using open registration and we are then manually upgrading them to S2member level 1.

Nope. That sounds fine to me :-) I don’t see any issue with that.

Thanks for your inquiry. ~ We appreciate your patience :-)

Are there any other hooks that we can use to be absolutely sure when an s2 user meta field gets added or updated, we add it to regular wp usermeta?

I’m sorry, I can’t offer any filters for this. This is not something that filters are designed to handle (i.e. synchronizing DB column values). Even if you found a way to capture every single possibility, it’s likely to change from one release of the software to the next.

<?php
global $wpdb;
$users = $wpdb->get_results ("SELECT `user_id` as `ID` FROM `" . $wpdb->usermeta . "` WHERE `meta_key` = '" . $wpdb->prefix . "s2member_custom_fields' AND `meta_value` REGEXP '.*\"country_code\";s:[0-9]+:\"US\".*'");
if (is_array ($users) && count ($users) > 0)
    {
        foreach ($users as $user)
            {
                $user = new WP_User ($user->ID); // Get full User object now.
                print_r($user); // Get a full list of properties when/if debugging.
            }
    }

Thanks for your inquiry. ~ We appreciate your patience :-)

I understand. I agree that a Multisite Network is probably not the right solution here. I would suggest that you keep everything on one site. After all, WordPress is very dynamic, so creating multiple variations of a single site is going to be less work, more intuitive, and probably easier to maintain going forward. Also, s2Member® can make this quite easy to accomplish. Between Membership Levels, content Restrictions, and even Conditionals that can separate content within a Post/Page, I don’t see why you wouldn’t be able to separate things nicely. We have site owners running similar things with MANY variations, more than two in many cases.

Please let us know if you have questions about the article :-)