Community Support Forums

I've read this: http://www.primothemes.com/forums/viewtopic.php?f=36&t=3151, so I'm aware of the limitations. We are offering free trials, and in most situations users get the registration form via the link in the email; however, we had a situation arise today where the email link didn't take them to the registration form. The tinyurl in the email simple redirects them back to our sign-up page--not the form.

Ideas?

Edit: I've just tried again with multiple test accounts and get the same results each time. We're using the newest version of wordpress and s2member pro. I've enabled logging and have the correct return data from paypal, but something about the registration link is broken.

Edit 2: Actually, it's failing because I'm getting a 403 Forbidden when attempting to return the page using the ?s2member_register=**ENCRYPTED_DATA_HERE**

Hi Kevin.

Could you please post the log entries related to this problem? (x'ing out any private info.) Thanks!

This is the entry from the IPN log.
WordPress® v3.2.1 :: s2Member® v110815 :: s2Member® Pro v110815
Memory 21.12 MB :: Real Memory 21.50 MB :: Peak Memory 21.24 MB :: Real Peak Memory 21.50 MB
ohdinner.com/?s2member_paypal_notify=1
User-Agent:
array (
'txn_type' => 'subscr_signup',
'subscr_id' => 'I-KBLHA8RVBW0A',
'last_name' => 'Perrine',
'option_selection1' => 'ohdinner.com',
'option_selection2' => 'XX.XXX.XXX.XX',
'residence_country' => 'US',
'mc_currency' => 'USD',
'item_name' => 'Monthly Subscription / description and pricing details here.',
'amount1' => '0.00',
'business' => 'XXXX@gmail.com',
'amount3' => '6.99',
'recurring' => '6.99',
'verify_sign' => 'An5ns1Kso7MWUdW4ErQKJJJ4qi4-AjCqCjfo66cPUqSwHPvzB4929-pa',
'payer_status' => 'verified',
'payer_email' => 'XXXX@gmail.com',
'first_name' => 'Kevin',
'receiver_email' => 'XXXX@gmail.com',
'payer_id' => '4KRSFQZ9CSP6C',
'option_name1' => 'Originating Domain',
'option_name2' => 'Customer IP Address',
'reattempt' => '1',
'item_number' => '1',
'subscr_date' => '21:52:42 Aug 23, 2011 PDT',
'custom' => 'ohdinner.com',
'charset' => 'windows-1252',
'notify_version' => '3.2',
'period1' => '2 W',
'mc_amount1' => '0.00',
'period3' => '1 M',
'mc_amount3' => '6.99',
'ipn_track_id' => '98Fsj9DAWmYY-2O48Pq7jA',
's2member_log' =>
array (
0 => 'IPN received on: Wed Aug 24, 2011 4:52:46 am UTC',
1 => 's2Member POST vars verified through a POST back to PayPal®.',
2 => 's2Member originating domain ( `$_SERVER["HTTP_HOST"]` ) validated.',
3 => 's2Member `txn_type` identified as ( `web_accept|subscr_signup` ).',
4 => 's2Member `txn_type` identified as ( `web_accept|subscr_signup` ) w/o update vars.',
5 => 'Signup Confirmation Email sent to: "Kevin Perrine" <XXXXXX@gmail.com>.',
6 => 'Storing IPN signup vars into a Transient Queue. These will be processed on registration.',
),
'subscr_gateway' => 'paypal',
'eotper' => NULL,
'ccaps' => NULL,
'level' => '1',
'ip' => 'XX.XXX.XXX.XX',
'initial_term' => '2 W',
'initial' => '0.00',
'regular' => '6.99',
'regular_term' => '1 M',
)

And the entry from the RTN log

WordPress® v3.2.1 :: s2Member® v110815 :: s2Member® Pro v110815
Memory 17.92 MB :: Real Memory 18.25 MB :: Peak Memory 18.01 MB :: Real Peak Memory 18.25 MB
ohdinner.com/?s2member_paypal_return=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0
array (
'subscr_gateway' => 'paypal',
's2member_log' =>
array (
0 => 'No Return-Data. Customer must wait for Email Confirmation.',
1 => 'Redirecting Customer to the Home Page. Customer must wait for Email Confirmation.',
2 => 'Note. This can sometimes happen when/if you are offering a free Trial Period. There are times when a Payment Gateway will NOT supply s2Member with any data immediately after checkout. When/if this happens, s2Member must process the transaction via IPN only ( i.e. behind-the-scene ), and the Customer must wait for Email Confirmation in these cases.',
),
)

Also, I do not get a 403 error when attempting to access ?s2member_register with a fake id. For example, ?s2member_register=1 will give me the "Link expired error" as it should.

Thank you.

I'll email Jason so he looks at this. If you find any more information related to the problem, please update the thread as you've been doing.

Will do. Thanks Cristián.

I don't know exactly where it's backing out, but after logging the progress I've determined that the hooks run, but the action c_ws_plugin__s2member_register::register is never run.

Edit: Actually, it does run, but it thinks the $_GET["s2member_register"] is empty, even though it is not and thus the registration form is never presented. So somewhere the $_GET variable is being emptied.

Edit: I don't think this post is helpful, as the more I've tried it the $_GET is empty because of the 403 error and subsequent loading of the s2member sign-up page. However, I cannot find any cause for the 403 error, and as i said above, I get the appropriate "link has expired" error if I simply use a fake url (ie. s2member_register=1212). I've disabled other plugins and checked file permissions on all s2member files (folder: 755, files: 644).

So, basically by accident I realized that the registration url generated by s2Member has an additional "~" on the end of it. I removed this tilde from the url and it redirected me to the registration form as its supposed to. WTH?

Edit: And I have tested that this is the problem, because if I remove the tilde and register using the form it links the registration to the correct subscriber id.

Thanks for the updates, Kevin. Does that mean you solved it, then?

Cris, I've determined the reason for the error, but I have not tracked down where the additional ~ is coming from in the S2Member code.

Can anyone else out there verify this behavior for me? I'm unable to load *any* url containing the s2member_register variable that ends in a ~. It always returns a silent 403 error and seemless redirect back to my sign-up page. You can only see the 403 error by tracking the http headers with chrome dev tools or firebug.

http://ohdinner.com/?s2member_register=fnIyOmVSQUJWekRhelQyTGdHQWE5SE5CTDZVUVpJcndWN2NsfDU_Jq2Quo-jO1su185HXxFULgIjdx9CUDOxQhrqOgSdNReRCXoRwxq0YztCGkQcJI-F2LOZyX~

http://ohdinner.com/?s2member_register=1~

The problem has been resolved. The hosting provider, HostGator, had a mod_security rule that caused the 403 error. The query needed to be added to the whitelist in order for everything to work properly.

Hopefully, this helps someone in the future.

Wow, thanks a lot for sharing that. I'm sure other HostGator users will be really happy you did. Great job!

Thank you for reporting this.
I'll see what we can do to prevent this in a future release. Some hosting companies make attempts to prevent attacks via mod_security, and in the process they create many false positives like this. I'm not sure we can work around them all, but I'll check with HostGator to see what their default configuration is like.

Hi,

i ' am a hostgator client and still have this problem.

Could you please help? The hint "to be added to the whitelist for mod_security rule" is not very clear.

What do i have to do exactly with my hostgator.

Thank you
Joe

Hi Joe,

You'll need to open a support ticket with HostGator and they need to make the whitelist change. You can explain the problem to them and maybe referrence this forum post. I had to get to the second tier support before the person understood what I needed. To "prove" the problem I had to send screenshots of the 403 error from my firebug/chrome devtools console. Hope this helps.

FYI: Also see this article, as it pertains specifically to s2Member and Mod Security.
viewtopic.php?f=36&t=14787

Thanks for the great feedback.

Yes, tildas ( ~ ) seem to be an issue on HostGator. I'll see what we can do about this in a future release. However, mod_security works on heuristic filters, so while removing a tilda might fix the problem for some, it may not in another case. Ideally, HostGator would back down on the paranoia just a bit overall.

I've contacted HostGator about this. The issue is in the process of being resolved.
See my conversation here: viewtopic.php?f=36&t=14787#p35892

Until then, I recommend writing to HostGator about this, and send them the URL which is failing on your server. They can whitelist the URL to allow it to function properly in the short term.