latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

About: Fitted Web Design

Sorry, I've not written a description yet. I'll get to it soon!

My Latest Replies (From Various Topics)

Viewing 15 replies - 1 through 15 (of 15 total)
Author Replies
Author Replies
Posted: Thursday Oct 25th, 2012 at 4:09 pm #29693

Thank you!

Posted: Thursday Oct 25th, 2012 at 12:28 pm #29655

Thanks Cristián. Could you give me a clue about how to get the ccap of the current post? I think I can figure the rest out.

Posted: Tuesday Aug 28th, 2012 at 3:51 am #23242

Not quite. Here’s the explanation from the plugin I’m trying to use. It’s called Next/Previous Post Link Plus for WordPress.

Indicates whether or not the next/previous post must have the same custom field value as the current post. You must pass the name of the custom field to be matched. For example, if you had a custom field named ‘publisher’, and you wanted the next/previous links to lead to titles from the same publisher:

<?php next_post_link_plus( array('in_same_meta' => 'publisher') ); ?>
Posted: Monday Aug 6th, 2012 at 8:55 pm #21287

Thanks Eduan–I think I should tweak my question slightly:

I need the code to fetch the next page link within the same category that IS accessible by the current member, whether via membership level or CCAP. If there’s nothing accessible, then don’t show any link. It’s not a simple can/cannot. That’s why I’m guessing it’s a filter of some sort and not a conditional.


Posted: Wednesday Jun 6th, 2012 at 3:59 am #15662

Thanks for the follow-up, Cristian.

The hack did not work when a refund was issued. That’s the problem.

I’ve tested the hack against very short term subscriptions and the accounts were demoted without losing ccaps, as intended. The problem then, it seems, is with refunds.

Here’s what happened:

1. Refund issued for subscription
2. Triggers EOT (or something else gets triggered?)
3. Account is demoted and loses all ccaps

Goal: Account should get demoted, but not lose ccaps (the ccaps were purchased independently and therefore need to stick around forever).

  • This reply was modified 4 years, 7 months ago by  Fitted Web Design. Reason: I forgot to say thank you!
Posted: Tuesday Jun 5th, 2012 at 1:18 pm #15549

I don’t want any EOTs to erase ccaps, ever.

But EOTs do need to demote users as usual (as configured in the admin).

I should have just said that :)

Posted: Friday Jun 1st, 2012 at 4:54 pm #15200

Here’s a step possibly in the right direction. But I’m not sure how we’d detach/reattach s2member’s security. Unfortunately, there aren’t a lot of bbPress code examples around. Thoughts?

From the bbPress code:

 * The main forum loop.
 * WordPress makes this easy for us.
 * @since bbPress (r2464)
 * @param mixed $args All the arguments supported by {@link WP_Query}
 * @uses WP_Query To make query and get the forums
 * @uses bbp_get_forum_post_type() To get the forum post type id
 * @uses bbp_get_forum_id() To get the forum id
 * @uses get_option() To get the forums per page option
 * @uses current_user_can() To check if the current user is capable of editing
 *                           others' forums
 * @uses apply_filters() Calls 'bbp_has_forums' with
 *                        bbPres::forum_query::have_posts()
 *                        and bbPres::forum_query
 * @return object Multidimensional array of forum information
function bbp_has_forums( $args = '' ) {
	global $bbp;

	// Make sure we're back where we started

	// Setup possible post__not_in array
	$post_stati[] = 'publish';

	// Super admin get whitelisted post statuses
	if ( is_super_admin() ) {
		$post_stati = array( 'publish', 'private', 'hidden' );

	// Not a super admin, so check caps
	} else {

		// Check if user can read private forums
		if ( current_user_can( 'read_private_forums' ) )
			$post_stati[] = 'private';

		// Check if user can read hidden forums
		if ( current_user_can( 'read_hidden_forums' ) )
			$post_stati[] = 'hidden';

	// The default forum query for most circumstances
	$default = array (
		'post_type'      => bbp_get_forum_post_type(),
		'post_parent'    => bbp_get_forum_id(),
		'post_status'    => implode( ',', $post_stati ),
		'posts_per_page' => get_option( '_bbp_forums_per_page', 15 ),
		'orderby'        => 'menu_order',
		'order'          => 'ASC'

	// Parse the default against what is requested
	$bbp_f = wp_parse_args( $args, $default );

	// Filter the forums query to allow just-in-time modifications
	$bbp_f = apply_filters( 'bbp_has_forums_query', $bbp_f );

	// Run the query
	$bbp->forum_query = new WP_Query( $bbp_f );

	return apply_filters( 'bbp_has_forums', $bbp->forum_query->have_posts(), $bbp->forum_query );
Posted: Friday May 25th, 2012 at 2:28 pm #14615

Yep, verified. And using Version 120517.

Posted: Thursday May 24th, 2012 at 4:26 am #14425

I guess I’m not understanding Jason’s example. Would it be possible for you to provide a quick example of how I would use the shortcode (and therefore the encryption) in raw php and not the wp post editor? If you could include a variable, like my example below, that would be awesome.

The code I’m using outputs a standard form tag in the html, which is editable via Firebug. I don’t see anything encrypted about it at all.

Here’s the code I’m using on the dev site in sandbox mode:

$var = do_shortcode('[s2Member-PayPal-Button level="*" ccaps="' echo $autoccap '" desc="Test Description" ps="paypal" lc="" cc="USD" dg="0" ns="1" custom="" ra="29" rp="1" rt="L" rr="BN" image="default" output="button" /]'); 
echo $var;

And here’s the output:

<form action="" method="post">
 <input name="business" value="" type="hidden">
 <input name="cmd" value="_xclick" type="hidden">
 <!-- Instant Payment Notification & Return Page Details -->
 <input name="notify_url" value="" type="hidden">
 <input name="cancel_return" value="" type="hidden">
 <input name="return" value="" type="hidden">
 <input name="rm" value="2" type="hidden">
 <!-- Configures Basic Checkout Fields -->
 <input name="lc" value="" type="hidden">
 <input name="no_shipping" value="1" type="hidden">
 <input name="no_note" value="1" type="hidden">
 <input name="custom" value="" type="hidden">
 <input name="currency_code" value="USD" type="hidden">
 <input name="page_style" value="paypal" type="hidden">
 <input name="charset" value="utf-8" type="hidden">
 <input name="item_name" value="Master Class Access " type="hidden">
 <input name="item_number" value="*:test" type="hidden">
 <input name="amount" value="29" type="hidden">
 <!-- Configures s2Member's Unique Invoice ID/Code  -->
 <input name="invoice" value="4fbdefa74f519~" type="hidden">
 <!-- Associates Purchase With A User/Member ( when/if applicable ) -->
 <input name="on0" value="Referencing Customer ID" type="hidden">
 <input name="os0" value="274" type="hidden">
 <!-- Identifies The Customer's IP Address For Tracking -->
 <input name="on1" value="Customer IP Address" type="hidden">
 <input name="os1" value="" type="hidden">
 <!-- Displays The PayPal® Image Button -->
 <input src="" style="width:auto; height:auto; border:0;" alt="PayPal®" type="image">

I can easily inspect that element in Firebug, change the value of the “amount” and click the button to submit it. The transaction works fine but uses the hacked amount.

Thank you!

Posted: Thursday May 24th, 2012 at 3:04 am #14410

Thanks for continuing to follow up. I’ve posted a couple of times at the bbPress forums without luck. :(

Posted: Thursday May 24th, 2012 at 2:27 am #14402

Thanks Cristian! Controlling error pages is an important part of keeping users involved in the brand, even if their intentions are sneaky, but mostly for when it’s a glitch or an accident. Both of these hooks will help cover the bases.

Posted: Thursday May 24th, 2012 at 2:17 am #14398

Thank you, Jason. That’ll help keep the error page on brand and editable by the client. I’m using the restriction to help prevent credential sharing.


Posted: Wednesday May 23rd, 2012 at 7:38 am #14310

I dived into using a shortcode for the button in order to encrypt it, but it’s not working out for me. Transactions run smoothly, but I can still use Firebug to easily edit the button’s amount before sending, which doesn’t raise any red flags during the transaction and the user account receives the correct ccaps assigned in the button.

On a sandbox site, I have:

  1. enabled sandbox mode, button encryption, and routine logging via Paypal options > Paypal account details
  2. set the sandbox paypal seller account to block unencrypted transactions
  3. run transactions smoothly using the shortcode generated by the s2member buy now button generator, using do_shortcode() in my page template
  4. using the same button, hacked the “amount” field using Firebug, and submitted the transaction smoothly for the altered price, without errors

Here’s what I’m using, placed directly into one of my WP page templates. I haven’t gotten so far as to incorporate variables, which was the original goal:

$var = do_shortcode('[s2Member-PayPal-Button level="*" ccaps="test" desc="Test Description" ps="paypal" lc="" cc="USD" dg="0" ns="1" custom="" ra="29" rp="1" rt="L" rr="BN" image="default" output="button" /]'); 
echo $var;

I’m a little confused by Jason’s example in the post:

Because he references two things: (1) a link and (2) the shortcode. Isn’t the point of the shortcode to create a button, thereby not needing a link?

Or do I need to create a link, which is processed/confirmed by whatever the shortcode generates?

I’m doing all of this in php directly inside a custom page template because everything needs to be automated, so I’d appreciate your help in those terms (as opposed to what to do inside the WP post editor).


Posted: Tuesday May 22nd, 2012 at 10:37 pm #14237

Thanks Cristian. I’m using the full HTML/PHP form code instead of a shortcode because I’m sending in a few php vars and the button is super customized visually. Though, I’m a little worried about security. Here’s a page with one of the buttons…what do you think, security wise?

As for the ccaps, I’ll try it without the plus signs and hope for the best. Thanks again!

Posted: Tuesday May 22nd, 2012 at 10:29 pm #14235

Thanks, Cristian.

Good idea with the MORE tag, but I’m already using that to secure specific parts of posts, so it would be confusing to add another MORE tag at the tops of posts. (Instead of securing the entire post with a ccap, I secured everything after the MORE tag. That allows for the client to tease some of his content to the public and gives a simple command in the wp editor to lock a portion of his content.)

Looking into it, I think it might be solved by running a custom bbPress loop and filtering it to show only items the user canNOT access. Since the current loop outputs what they CAN access, I’d end up with two listings, but all-in-all showing all of the possible forums. Grouping them by access might even end up being visually helpful. But I don’t know if the s2member filters can be detached from a bbPress query. Come to think of it, I don’t even know how to make that query. (I think it has something to do with BB_Query() or bbp_get_forum(). )

Though, the perfect solution is still to simply show the whole list together in the original loop, since my action to display the lock icon next to secure forums is working just fine.

BTW, you can see this all working at

Viewing 15 replies - 1 through 15 (of 15 total)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.