Community Support Forums

Hi All,

I am testing the s2member plugin for a project done for a client.

I cancelled the test accounts using non sandbox registrations and have the following two problems.

If the registration was paid with google checkout, s2member does not delete the user from wordpress after the transaction is cancelled in the account receiving the funds. I suspect s2member wants to delete them after the period has lapsed, so its not a fatal bug just an imprecise one. Anyone know what is going on? s2member logs do appear to receive the information from google and it is setup for 2.5 (the version documented in the google options section of s2member) of the reporting back version, though google checkout recommends version 2.0.

Everything else works. the payer receives the emails, gets the links to create a username etc and cancelled paypal subscriptions do delete the username completely and push that accounts posts into the trash status.

I thought to test if the registration for username links work after a purchase is cancelled and guess what...it can register a new unauthorised user even when the transaction ID is no longer valid. I do not like this. Anyone else aware of this or know a work around? This was tested using a register link for a paypal paid confirmation email. I also fear that registration link can be used again and again to register new users.

Thanks,
Rauli

rauli wrote:I suspect s2member wants to delete them after the period has lapsed

That's correct. From the cancellation documentation:

*Understanding Cancellations* It's important to realize that a Cancellation is not an EOT ( End Of Term ). All that happens during a Cancellation event, is that billing is stopped, and it's understood that the Customer is going to lose access, at some point in the future. This does NOT mean, that access will be revoked immediately. A separate EOT event will automatically handle a (demotion or deletion) later, at the appropriate time; which could be several days, or even a year after the Cancellation took place.

*Some Hairy Details* There might be times whenever you notice that a Member's Subscription has been cancelled through ClickBank®... but, s2Member continues allowing the User access to your site as a paid Member. Please don't be confused by this... in 99.9% of these cases, the reason for this is legitimate. s2Member will only remove the User's Membership privileges when an EOT ( End Of Term ) is processed, a refund occurs, a chargeback occurs, or when a cancellation occurs - which would later result in a delayed Auto-EOT by s2Member. s2Member will not process an EOT ( End Of Term ) until the User has completely used up the time they paid for. In other words, if a User signs up for a monthly Subscription on Jan 1st, and then cancels their Subscription on Jan 15th; technically, they should still be allowed to access the site for another 15 days, and then on Feb 1st, the time they paid for has completely elapsed. At that time, s2Member will remove their Membership privileges; by either demoting them to a Free Subscriber, or deleting their account from the system ( based on your configuration ). s2Member also calculates one extra day ( 24 hours ) into its equation, just to make sure access is not removed sooner than a Customer might expect.

I'll check about the rest.

Regarding the registrations, did you test if you could use the same registration link over and over or was it a link that had not been used before cancelling? If the latter, it could still be active because of the same thing explained about related to the EOT.

Thanks for your inquiry.
~ and thanks for bringing this to my attention Cristián.

rauli wrote:s2member logs do appear to receive the information from google and it is setup for 2.5 (the version documented in the google options section of s2member) of the reporting back version, though google checkout recommends version 2.0.

Google Documentation States:
Please review the release notes below before selecting your API version.
If you are using a third-party shopping cart, please consult your shopping cart provider on which API version to use. If you are unable to confirm which version to use with your shopping cart provider, using Version 2.0 is safest.

So Google does NOT recommend v2.0, it recommends using 2.0 as a last resort, when you're not sure what version to use, or if your software has not documented which version you should use. In the case of s2Member Pro, please use API Callback v2.5.

---

rauli wrote:s2member does not delete the user from wordpress after the transaction is cancelled in the account receiving the funds.

Every Google® Recurring Subscription can be modified by the Customer, or even cancelled by the Customer through Google® Checkout. It's very simple. A Member clicks a Modification/Cancellation Button. This brings the Customer to a "Purchase History" screen inside their Google® Checkout account. Here they'll have easy access to make any changes they like. When important changes occur ( such as a cancellation ), information regarding this event will be relayed back to s2Member through Google's API Callback service. s2Member will react appropriately at that time.

*Understanding Cancellations* It's important to realize that a Cancellation is not an EOT ( End Of Term ). All that happens during a Cancellation event, is that billing is stopped, and it's understood that the Customer is going to lose access, at some point in the future. This does NOT mean, that access will be revoked immediately. A separate EOT event will automatically handle a (demotion or deletion) later, at the appropriate time; which could be several days, or even a year after the Cancellation took place.

*Some Hairy Details* There might be times whenever you notice that a Member's Subscription has been cancelled through Google Checkout... but, s2Member continues allowing the User access to your site as a paid Member. Please don't be confused by this... in 99.9% of these cases, the reason for this is legitimate. s2Member will only remove the User's Membership privileges when an EOT ( End Of Term ) is processed, a refund occurs, a chargeback occurs, or when a cancellation occurs - which would later result in a delayed Auto-EOT by s2Member. s2Member will not process an EOT ( End Of Term ) until the User has completely used up the time they paid for. In other words, if a User signs up for a monthly Subscription on Jan 1st, and then cancels their Subscription on Jan 15th; technically, they should still be allowed to access the site for another 15 days, and then on Feb 1st, the time they paid for has completely elapsed. At that time, s2Member will remove their Membership privileges; by either demoting them to a Free Subscriber, or deleting their account from the system ( based on your configuration ). s2Member also calculates one extra day ( 24 hours ) into its equation, just to make sure access is not removed sooner than a Customer might expect.

After reading through the above, if you still believe something is not being handled properly, please enable logging on your installation of s2Member, and send in your log files for review. Please be as specific as possible about what you feel the problem is. Including dates/times, a copy of your Button Shortcode, and an overview of the actions leading up to the unexpected behavior.
We'll be happy to take a closer look for you.

---

and guess what...it can register a new unauthorised user even when the transaction ID is no longer valid. I do not like this. Anyone else aware of this or know a work around? This was tested using a register link for a paypal paid confirmation email. I also fear that registration link can be used again and again to register new users.

Not to worry. Registration links are valid for a maximum of 2 days after they are issued. During that 2 day period, a Customer may register exactly ONE time. Once they are registered, s2Member records the Paid Subscr. ID associated with their purchase. After that record is stored, nobody else can use the registration link. The only exception to this, is if you are stress testing s2Member and you delete accounts right away that were previously registered ( i.e. before the 2 day expiration time ). This would make it possible to re-use the registration link another ONE time, as the account belonging to the original registration no longer exists ( i.e. deleted during testing perhaps ).

Thanks for the reply.

One question, my client was concerned about the 2 day expiry, that people would pay for membership but be slow to register and wanted this increased to 14 days. I did find (or believe anyway) where this was being calculated in register-in.inc.php

Code: Select all

("-2 days")) /* Customers have 2 days to register. */ 

into

Code: Select all

("-14 days")) /* Customers have 14 days to register. */ 

This is hacking, and I do not like doing this way but can you confirm if this is safe? From what I understand the tinyurl link itself does not expire, just the registration time frame in which the link loads the registration form.

Thanks,
Rauli

For the record, the code above is no longer there. What I see is this:


{
if ($register[5] <= strtotime ("now") && $register[5] >= strtotime ("-" . apply_filters ("ws_plugin__s2member_register_link_exp_time", "2 days", get_defined_vars ())))

I changed the "2" to a "21" I hope that's ok.

- Ryan

Instead of editing the file, try using the hook to hack it.

/wp-content/mu-plugins/s2hacks.php

Code: Select all

<?php
add_filter ('ws_plugin__s2member_register_link_exp_time', 'register_link_exp_time');
function register_link_exp_time($vars = array()) {
    return '21 days';
}
?>

I haven't tested this code, let me know if it works.

That's correct. This was addressed in the last release.
This hack that Cristián provided should work in s2Member v110710+

Slight modification to his example:
/wp-content/mu-plugins/s2hacks.php

Code: Select all

<?php
add_filter ('ws_plugin__s2member_register_link_exp_time', 'register_link_exp_time', 10, 2);
function register_link_exp_time($default_time = '2 days', $vars = array()) {
    return '21 days';
}
?>

Thanks Jason. I'm still not sure what the other parameters are, but trust you.

No problem. Yea, when you add a Filter, the first argument received by your function is the value that is being filtered, and the second argument will be s2Member's array of defined variables.

Ah, thanks.

When you say to change the expire date on the registration link by:

Code: Select all
("-2 days")) /* Customers have 2 days to register. */

Where do I go to do that? I don't know php code... I want to set it to never expire. (People are trying to register months later.)

Thank you,
Bess McCarty

Did you try changing the expiration to many, many days? Like 999? Maybe that'll do it.

Where do I go to do that?