PriMoThemes — now s2Member® (official notice)

This is now a very OLD forum system. It's in READ-ONLY mode.
All community interaction now occurs at WP Sharks™. See: new forums @ WP Sharks™

[SOLVED - mod_security] No Registration form after PayPal

s2Member Plugin. A Membership plugin for WordPress®.

[SOLVED - mod_security] No Registration form after PayPal

Postby kevinsperrine » August 23rd, 2011, 10:59 pm

I've read this: http://www.primothemes.com/forums/viewtopic.php?f=36&t=3151, so I'm aware of the limitations. We are offering free trials, and in most situations users get the registration form via the link in the email; however, we had a situation arise today where the email link didn't take them to the registration form. The tinyurl in the email simple redirects them back to our sign-up page--not the form.

Ideas?

Edit: I've just tried again with multiple test accounts and get the same results each time. We're using the newest version of wordpress and s2member pro. I've enabled logging and have the correct return data from paypal, but something about the registration link is broken.

Edit 2: Actually, it's failing because I'm getting a 403 Forbidden when attempting to return the page using the ?s2member_register=**ENCRYPTED_DATA_HERE**
Last edited by kevinsperrine on August 26th, 2011, 3:25 pm, edited 1 time in total.
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby Cristián Lávaque » August 24th, 2011, 12:27 am

Hi Kevin.

Could you please post the log entries related to this problem? (x'ing out any private info.) Thanks!
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010

Re: No Registration form after PayPal

Postby kevinsperrine » August 24th, 2011, 12:30 am

This is the entry from the IPN log.
WordPress® v3.2.1 :: s2Member® v110815 :: s2Member® Pro v110815
Memory 21.12 MB :: Real Memory 21.50 MB :: Peak Memory 21.24 MB :: Real Peak Memory 21.50 MB
ohdinner.com/?s2member_paypal_notify=1
User-Agent:
array (
'txn_type' => 'subscr_signup',
'subscr_id' => 'I-KBLHA8RVBW0A',
'last_name' => 'Perrine',
'option_selection1' => 'ohdinner.com',
'option_selection2' => 'XX.XXX.XXX.XX',
'residence_country' => 'US',
'mc_currency' => 'USD',
'item_name' => 'Monthly Subscription / description and pricing details here.',
'amount1' => '0.00',
'business' => 'XXXX@gmail.com',
'amount3' => '6.99',
'recurring' => '6.99',
'verify_sign' => 'An5ns1Kso7MWUdW4ErQKJJJ4qi4-AjCqCjfo66cPUqSwHPvzB4929-pa',
'payer_status' => 'verified',
'payer_email' => 'XXXX@gmail.com',
'first_name' => 'Kevin',
'receiver_email' => 'XXXX@gmail.com',
'payer_id' => '4KRSFQZ9CSP6C',
'option_name1' => 'Originating Domain',
'option_name2' => 'Customer IP Address',
'reattempt' => '1',
'item_number' => '1',
'subscr_date' => '21:52:42 Aug 23, 2011 PDT',
'custom' => 'ohdinner.com',
'charset' => 'windows-1252',
'notify_version' => '3.2',
'period1' => '2 W',
'mc_amount1' => '0.00',
'period3' => '1 M',
'mc_amount3' => '6.99',
'ipn_track_id' => '98Fsj9DAWmYY-2O48Pq7jA',
's2member_log' =>
array (
0 => 'IPN received on: Wed Aug 24, 2011 4:52:46 am UTC',
1 => 's2Member POST vars verified through a POST back to PayPal®.',
2 => 's2Member originating domain ( `$_SERVER["HTTP_HOST"]` ) validated.',
3 => 's2Member `txn_type` identified as ( `web_accept|subscr_signup` ).',
4 => 's2Member `txn_type` identified as ( `web_accept|subscr_signup` ) w/o update vars.',
5 => 'Signup Confirmation Email sent to: "Kevin Perrine" <XXXXXX@gmail.com>.',
6 => 'Storing IPN signup vars into a Transient Queue. These will be processed on registration.',
),
'subscr_gateway' => 'paypal',
'eotper' => NULL,
'ccaps' => NULL,
'level' => '1',
'ip' => 'XX.XXX.XXX.XX',
'initial_term' => '2 W',
'initial' => '0.00',
'regular' => '6.99',
'regular_term' => '1 M',
)
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby kevinsperrine » August 24th, 2011, 12:31 am

And the entry from the RTN log

WordPress® v3.2.1 :: s2Member® v110815 :: s2Member® Pro v110815
Memory 17.92 MB :: Real Memory 18.25 MB :: Peak Memory 18.01 MB :: Real Peak Memory 18.25 MB
ohdinner.com/?s2member_paypal_return=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0
array (
'subscr_gateway' => 'paypal',
's2member_log' =>
array (
0 => 'No Return-Data. Customer must wait for Email Confirmation.',
1 => 'Redirecting Customer to the Home Page. Customer must wait for Email Confirmation.',
2 => 'Note. This can sometimes happen when/if you are offering a free Trial Period. There are times when a Payment Gateway will NOT supply s2Member with any data immediately after checkout. When/if this happens, s2Member must process the transaction via IPN only ( i.e. behind-the-scene ), and the Customer must wait for Email Confirmation in these cases.',
),
)
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby kevinsperrine » August 24th, 2011, 12:32 am

Also, I do not get a 403 error when attempting to access ?s2member_register with a fake id. For example, ?s2member_register=1 will give me the "Link expired error" as it should.
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby Cristián Lávaque » August 24th, 2011, 12:46 am

Thank you.

I'll email Jason so he looks at this. If you find any more information related to the problem, please update the thread as you've been doing. :)
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010

Re: No Registration form after PayPal

Postby kevinsperrine » August 24th, 2011, 12:49 am

Will do. Thanks Cristián.
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby kevinsperrine » August 24th, 2011, 1:39 pm

I don't know exactly where it's backing out, but after logging the progress I've determined that the hooks run, but the action c_ws_plugin__s2member_register::register is never run.

Edit: Actually, it does run, but it thinks the $_GET["s2member_register"] is empty, even though it is not and thus the registration form is never presented. So somewhere the $_GET variable is being emptied.


Edit: I don't think this post is helpful, as the more I've tried it the $_GET is empty because of the 403 error and subsequent loading of the s2member sign-up page. However, I cannot find any cause for the 403 error, and as i said above, I get the appropriate "link has expired" error if I simply use a fake url (ie. s2member_register=1212). I've disabled other plugins and checked file permissions on all s2member files (folder: 755, files: 644).
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby kevinsperrine » August 24th, 2011, 6:58 pm

So, basically by accident I realized that the registration url generated by s2Member has an additional "~" on the end of it. I removed this tilde from the url and it redirected me to the registration form as its supposed to. WTH?

Edit: And I have tested that this is the problem, because if I remove the tilde and register using the form it links the registration to the correct subscriber id.
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby Cristián Lávaque » August 25th, 2011, 2:52 am

Thanks for the updates, Kevin. Does that mean you solved it, then? :)
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010

Re: No Registration form after PayPal

Postby kevinsperrine » August 25th, 2011, 1:26 pm

Cris, I've determined the reason for the error, but I have not tracked down where the additional ~ is coming from in the S2Member code.
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby kevinsperrine » August 25th, 2011, 10:04 pm

Can anyone else out there verify this behavior for me? I'm unable to load *any* url containing the s2member_register variable that ends in a ~. It always returns a silent 403 error and seemless redirect back to my sign-up page. You can only see the 403 error by tracking the http headers with chrome dev tools or firebug.

http://ohdinner.com/?s2member_register=fnIyOmVSQUJWekRhelQyTGdHQWE5SE5CTDZVUVpJcndWN2NsfDU_Jq2Quo-jO1su185HXxFULgIjdx9CUDOxQhrqOgSdNReRCXoRwxq0YztCGkQcJI-F2LOZyX~

http://ohdinner.com/?s2member_register=1~
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: No Registration form after PayPal

Postby kevinsperrine » August 26th, 2011, 3:23 pm

The problem has been resolved. The hosting provider, HostGator, had a mod_security rule that caused the 403 error. The query needed to be added to the whitelist in order for everything to work properly.

Hopefully, this helps someone in the future.
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: [SOLVED - mod_security] No Registration form after PayPa

Postby Cristián Lávaque » August 27th, 2011, 1:54 am

Wow, thanks a lot for sharing that. I'm sure other HostGator users will be really happy you did. Great job! :)
Cristián Lávaque http://s2member.net
Is s2Member working for you? Please rate it Image at WordPress.org. Thanks! :)
User avatar
Cristián Lávaque
Developer
Developer
 
Posts: 6836
Joined: December 22, 2010

Re: [SOLVED - mod_security] No Registration form after PayPa

Postby Jason Caldwell » August 29th, 2011, 1:05 pm

Thank you for reporting this.
I'll see what we can do to prevent this in a future release. Some hosting companies make attempts to prevent attacks via mod_security, and in the process they create many false positives like this. I'm not sure we can work around them all, but I'll check with HostGator to see what their default configuration is like.
~ Jason Caldwell / Lead Developer
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/

Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here Image
.
User avatar
Jason Caldwell
Lead Developer
Lead Developer
 
Posts: 4045
Joined: May 3, 2010
Location: Georgia / USA

Re: [SOLVED - mod_security] No Registration form after PayPa

Postby joedante » August 31st, 2011, 10:46 am

Hi,

i ' am a hostgator client and still have this problem.

Could you please help? The hint "to be added to the whitelist for mod_security rule" is not very clear.

What do i have to do exactly with my hostgator.

Thank you
Joe
User avatar
joedante
Registered User
Registered User
 
Posts: 2
Joined: August 31, 2011

Re: [SOLVED - mod_security] No Registration form after PayPa

Postby kevinsperrine » August 31st, 2011, 1:16 pm

Hi Joe,

You'll need to open a support ticket with HostGator and they need to make the whitelist change. You can explain the problem to them and maybe referrence this forum post. I had to get to the second tier support before the person understood what I needed. To "prove" the problem I had to send screenshots of the 403 error from my firebug/chrome devtools console. Hope this helps.
User avatar
kevinsperrine
Registered User
Registered User
 
Posts: 13
Joined: August 23, 2011

Re: [SOLVED - mod_security] No Registration form after PayPa

Postby Jason Caldwell » August 31st, 2011, 8:26 pm

FYI: Also see this article, as it pertains specifically to s2Member and Mod Security.
viewtopic.php?f=36&t=14787
~ Jason Caldwell / Lead Developer
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/

Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here Image
.
User avatar
Jason Caldwell
Lead Developer
Lead Developer
 
Posts: 4045
Joined: May 3, 2010
Location: Georgia / USA

Re: [SOLVED - mod_security] No Registration form after PayPa

Postby Jason Caldwell » September 13th, 2011, 4:25 pm

Thanks for the great feedback.

Yes, tildas ( ~ ) seem to be an issue on HostGator. I'll see what we can do about this in a future release. However, mod_security works on heuristic filters, so while removing a tilda might fix the problem for some, it may not in another case. Ideally, HostGator would back down on the paranoia just a bit overall.

I've contacted HostGator about this. The issue is in the process of being resolved.
See my conversation here: viewtopic.php?f=36&t=14787#p35892

Until then, I recommend writing to HostGator about this, and send them the URL which is failing on your server. They can whitelist the URL to allow it to function properly in the short term.
~ Jason Caldwell / Lead Developer
& Zeitgeist Movie Advocate: http://www.zeitgeistmovie.com/

Is the s2Member plugin working for you? Please rate s2Member at WordPress.org.
You'll need a WordPress.org account ( comes in handy ). Then rate s2Member here Image
.
User avatar
Jason Caldwell
Lead Developer
Lead Developer
 
Posts: 4045
Joined: May 3, 2010
Location: Georgia / USA


Return to s2Member Plugin

Who is online

Users browsing this forum: No registered users and 2 guests

cron