About: Fitted Web Design

Thank you!

Not quite. Here’s the explanation from the plugin I’m trying to use. It’s called Next/Previous Post Link Plus for WordPress. http://www.ambrosite.com/plugins/next-previous-post-link-plus-for-wordpress

in_same_meta
Indicates whether or not the next/previous post must have the same custom field value as the current post. You must pass the name of the custom field to be matched. For example, if you had a custom field named ‘publisher’, and you wanted the next/previous links to lead to titles from the same publisher:

<?php next_post_link_plus( array('in_same_meta' => 'publisher') ); ?>

Thanks for the follow-up, Cristian.

The hack did not work when a refund was issued. That’s the problem.

I’ve tested the hack against very short term subscriptions and the accounts were demoted without losing ccaps, as intended. The problem then, it seems, is with refunds.

Here’s what happened:

1. Refund issued for subscription
2. Triggers EOT (or something else gets triggered?)
3. Account is demoted and loses all ccaps

Goal: Account should get demoted, but not lose ccaps (the ccaps were purchased independently and therefore need to stick around forever).

• This reply was modified 4 years, 7 months ago by  Fitted Web Design. Reason: I forgot to say thank you!

Here’s a step possibly in the right direction. But I’m not sure how we’d detach/reattach s2member’s security. Unfortunately, there aren’t a lot of bbPress code examples around. Thoughts?

From the bbPress code:

/**
 * The main forum loop.
 *
 * WordPress makes this easy for us.
 *
 * @since bbPress (r2464)
 *
 * @param mixed $args All the arguments supported by {@link WP_Query}
 * @uses WP_Query To make query and get the forums
 * @uses bbp_get_forum_post_type() To get the forum post type id
 * @uses bbp_get_forum_id() To get the forum id
 * @uses get_option() To get the forums per page option
 * @uses current_user_can() To check if the current user is capable of editing
 *                           others' forums
 * @uses apply_filters() Calls 'bbp_has_forums' with
 *                        bbPres::forum_query::have_posts()
 *                        and bbPres::forum_query
 * @return object Multidimensional array of forum information
 */
function bbp_has_forums( $args = '' ) {
	global $bbp;

	// Make sure we're back where we started
	wp_reset_postdata();

	// Setup possible post__not_in array
	$post_stati[] = 'publish';

	// Super admin get whitelisted post statuses
	if ( is_super_admin() ) {
		$post_stati = array( 'publish', 'private', 'hidden' );

	// Not a super admin, so check caps
	} else {

		// Check if user can read private forums
		if ( current_user_can( 'read_private_forums' ) )
			$post_stati[] = 'private';

		// Check if user can read hidden forums
		if ( current_user_can( 'read_hidden_forums' ) )
			$post_stati[] = 'hidden';
	}

	// The default forum query for most circumstances
	$default = array (
		'post_type'      => bbp_get_forum_post_type(),
		'post_parent'    => bbp_get_forum_id(),
		'post_status'    => implode( ',', $post_stati ),
		'posts_per_page' => get_option( '_bbp_forums_per_page', 15 ),
		'orderby'        => 'menu_order',
		'order'          => 'ASC'
	);

	// Parse the default against what is requested
	$bbp_f = wp_parse_args( $args, $default );

	// Filter the forums query to allow just-in-time modifications
	$bbp_f = apply_filters( 'bbp_has_forums_query', $bbp_f );

	// Run the query
	$bbp->forum_query = new WP_Query( $bbp_f );

	return apply_filters( 'bbp_has_forums', $bbp->forum_query->have_posts(), $bbp->forum_query );
}

I guess I’m not understanding Jason’s example. Would it be possible for you to provide a quick example of how I would use the shortcode (and therefore the encryption) in raw php and not the wp post editor? If you could include a variable, like my example below, that would be awesome.

The code I’m using outputs a standard form tag in the html, which is editable via Firebug. I don’t see anything encrypted about it at all.

Here’s the code I’m using on the dev site in sandbox mode:

<?php 
$var = do_shortcode('[s2Member-PayPal-Button level="*" ccaps="' echo $autoccap '" desc="Test Description" ps="paypal" lc="" cc="USD" dg="0" ns="1" custom="www.fittedwebdesign.com" ra="29" rp="1" rt="L" rr="BN" image="default" output="button" /]'); 
echo $var;
?> 

And here’s the output:

<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
 <input name="business" value="kenny@fittedwebdesign.com" type="hidden">
 <input name="cmd" value="_xclick" type="hidden">
 <!-- Instant Payment Notification & Return Page Details -->
 <input name="notify_url" value="http://www.fittedwebdesign.com/clients/zackpetroc/?s2member_paypal_notify=1" type="hidden">
 <input name="cancel_return" value="http://www.fittedwebdesign.com/clients/zackpetroc/" type="hidden">
 <input name="return" value="http://www.fittedwebdesign.com/clients/zackpetroc/?s2member_paypal_return=1" type="hidden">
 <input name="rm" value="2" type="hidden">
 <!-- Configures Basic Checkout Fields -->
 <input name="lc" value="" type="hidden">
 <input name="no_shipping" value="1" type="hidden">
 <input name="no_note" value="1" type="hidden">
 <input name="custom" value="www.fittedwebdesign.com" type="hidden">
 <input name="currency_code" value="USD" type="hidden">
 <input name="page_style" value="paypal" type="hidden">
 <input name="charset" value="utf-8" type="hidden">
 <input name="item_name" value="Master Class Access " type="hidden">
 <input name="item_number" value="*:test" type="hidden">
 <input name="amount" value="29" type="hidden">
 <!-- Configures s2Member's Unique Invoice ID/Code  -->
 <input name="invoice" value="4fbdefa74f519~69.169.138.152" type="hidden">
 <!-- Associates Purchase With A User/Member ( when/if applicable ) -->
 <input name="on0" value="Referencing Customer ID" type="hidden">
 <input name="os0" value="274" type="hidden">
 <!-- Identifies The Customer's IP Address For Tracking -->
 <input name="on1" value="Customer IP Address" type="hidden">
 <input name="os1" value="69.169.138.152" type="hidden">
 <!-- Displays The PayPal® Image Button -->
 <input src="https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif" style="width:auto; height:auto; border:0;" alt="PayPal®" type="image">
</form>

I can easily inspect that element in Firebug, change the value of the “amount” and click the button to submit it. The transaction works fine but uses the hacked amount.

Thank you!

Thanks Cristian! Controlling error pages is an important part of keeping users involved in the brand, even if their intentions are sneaky, but mostly for when it’s a glitch or an accident. Both of these hooks will help cover the bases.

I dived into using a shortcode for the button in order to encrypt it, but it’s not working out for me. Transactions run smoothly, but I can still use Firebug to easily edit the button’s amount before sending, which doesn’t raise any red flags during the transaction and the user account receives the correct ccaps assigned in the button.

On a sandbox site, I have:

1. enabled sandbox mode, button encryption, and routine logging via Paypal options > Paypal account details
2. set the sandbox paypal seller account to block unencrypted transactions
3. run transactions smoothly using the shortcode generated by the s2member buy now button generator, using do_shortcode() in my page template
4. using the same button, hacked the “amount” field using Firebug, and submitted the transaction smoothly for the altered price, without errors

Here’s what I’m using, placed directly into one of my WP page templates. I haven’t gotten so far as to incorporate variables, which was the original goal:

<?php 
$var = do_shortcode('[s2Member-PayPal-Button level="*" ccaps="test" desc="Test Description" ps="paypal" lc="" cc="USD" dg="0" ns="1" custom="www.fittedwebdesign.com" ra="29" rp="1" rt="L" rr="BN" image="default" output="button" /]'); 
echo $var;
?> 

I’m a little confused by Jason’s example in the post: http://www.primothemes.com/forums/viewtopic.php?f=36&t=1604

Because he references two things: (1) a link and (2) the shortcode. Isn’t the point of the shortcode to create a button, thereby not needing a link?

Or do I need to create a link, which is processed/confirmed by whatever the shortcode generates?

I’m doing all of this in php directly inside a custom page template because everything needs to be automated, so I’d appreciate your help in those terms (as opposed to what to do inside the WP post editor).

Thanks!

Thanks, Cristian.

Good idea with the MORE tag, but I’m already using that to secure specific parts of posts, so it would be confusing to add another MORE tag at the tops of posts. (Instead of securing the entire post with a ccap, I secured everything after the MORE tag. That allows for the client to tease some of his content to the public and gives a simple command in the wp editor to lock a portion of his content.)

Looking into it, I think it might be solved by running a custom bbPress loop and filtering it to show only items the user canNOT access. Since the current loop outputs what they CAN access, I’d end up with two listings, but all-in-all showing all of the possible forums. Grouping them by access might even end up being visually helpful. But I don’t know if the s2member filters can be detached from a bbPress query. Come to think of it, I don’t even know how to make that query. (I think it has something to do with BB_Query() or bbp_get_forum(). )

Though, the perfect solution is still to simply show the whole list together in the original loop, since my action to display the lock icon next to secure forums is working just fine.

BTW, you can see this all working at http://www.zackpetroc.com