too easy to bypass

May 9, 2008 at 1:00 AM
Hi there
I've been testing with wp 2.5.1 and easypaypal 3.1. I've tested using the sandbox and live. I'm struggling to get things working and haven't successfully got a user logged in yet but hopefully I'll figure it all out eventually.

However, along the way, I've noticed that it's very simple for a new user to bypass the payment stage and get access to the site. All one has to do is register, login, refuse the paypal secure-page redirect then edit the address bar to the blogsite and presto, one has unrestricted access without having paid. The only thing one can't then do as a user is go to the users admin page, since that will redirect to paypal.

I would guess that where easypaypal tags are used to restrict content then this isn't an issue but if one's using easypaypal just for sitewide user subscription then it's a problem.

Vee
May 9, 2008 at 10:36 PM
I just checked this and easypaypal tags are infact working to restrict content despite being able to login and browse without having paid. I was hoping that easypaypal was going to work with some of the other plugins that can automatically insert tags restricting content to logged-in users. Unfortunately this isn't the case while one can still sign up and get round easypaypal. Is there any chance this could be easily fixed? Thanks.

That aside, I still can't get a successful new user signup with this plugin. Everything else works, paypal, tags etc - just no user subscription in wp. Help!

Thanks again
Vee
May 12, 2008 at 9:35 PM
Hi Vee.

That's right.  Your site is still a public site.  EasyPayPal allows you to hide text within your site that only subscribers can access.  They must subscribe to view your hidden content.
May 15, 2008 at 8:33 AM
Hi Shannon

Yep, understood.  However, I can't get the script to sucessfully subscribe anyone!  I'm not an inexperienced user and I've tried versions 3.1 & 3.2 with wp 2.3, 2.5 & 2.5.1 all with only partial success.  Problem is described here:
http://www.codeplex.com/easypaypal/Thread/View.aspx?ThreadId=27300

Also  think someone else just started a thread about the same thing: 'Yikes, infinite loop of problems'.  You responded to that by saying it was probably Paypal that was wrongly configured.  I've checked that out and as far as I can see my Paypal sandbox is correctly configured and working ok.

I can say for sure that the user info page in Easypaypal definatly doesn't work.  It returns no user information at all.  Help!

Thanks
Vee
May 16, 2008 at 6:18 PM
What address did you provide in the IPN setup in the PayPal sandbox?  The URL has to point back to your IPN file as identified on the EasyPayPal Options page. 
May 17, 2008 at 9:32 AM
Hi Shannon

OK - I have wp 2.5.1 installed on a local server.  The local server is powered by xampp and I've configured a virtual domain address http://xyz.com.  My wp site homepage is therefore http://xyz.com/wp2.5.1

The notification url provided by the link on the Easypaypal config page is therefore:
http://xyz.com/wp2.5.1/wp-content/plugins/easypaypal/paypal_ipn.php

I'm using a paypal sandbox and have set up a test business account.  In Instant Payment Notification preferences IPN is turned ON and the url is as noted above.

My Paypal test business account has received payments from test users and shows an in-credit balance.  However, these test-users have not been subscribed to the wp site by Easypaypal.

The procedure I'm using for testing Easypaypal with test-users is as follows.  I access wp admin and create a user.  I logout of wp admin and log back in as the test-user.  I get redirected to paypal (sandbox).  Having already logged in to the sandbox I now enter the email address and password of a previously created Paypal Sandbox Personal User.  That takes me through the paypal system where I can confirm payment then click on the "return to seller" button.  That then takes me back to the wp registration page and starts the loop back to paypal.
   At this point one sees that Easypaypal has not subscribed the user even though payment has been successful.

If I then log back into wp as admin and go to the Easypaypal config page there is a "user manager" button.  Clicking that takes me to the "get user info" page.  If I enter the username of the test-user that I manually created... nothing happens.  No information is returned and all boxes remain empty.

Thus, for me, Easypaypal
  a) doesn't recognise the wp user information in the first place
  b) doesn't subscribe wp users to receive Easypaypal content even after successful payment.

(This is the same result with wp 2.3, 2.5 & 2.5.1 using both Easypaypal 3.1 & 3.2)

Easypaypal does, however, work to hide content - as explained above.

The only thing I haven't done yet is set up Easypaypal on a 'live' wp site.  I guess I'll have to try that next - though I can't see why it should make a difference.

Thanks for your help, Shannon - much obliged.  I'll be more than happy to donate if you get this working for me.

Vee
May 17, 2008 at 1:09 PM
Hi Shannon

OK, so I spent the morning setting up a 'live' online wp test site with new paypal sandbox user/seller accounts.  I get exactly the same results.
http://vacation-rent.freehostia.com/wordpress/

IPN is set for http://vacation-rent.freehostia.com/wordpress/wp-content/plugins/easypaypal/paypal_ipn.php in the paypal sandbox seller account.

you can poke about if you wish... admin/admin
or as a user: vee/shannon

Thanks
Vee
May 19, 2008 at 5:58 PM

Regarding the "local server."  That server would have to have been accessible to PayPal over the internet.  If it truly was local and wasn't visible on the Internet, then PayPal couldn't send the information to the site.

Regarding the vacation-rent.freehostica.com site.  One thing to check.  Make sure that the email address: seller_1211024692_biz@free.fr is the one that is setup in the PayPal sandbox as the master test account.  That is the account that requires the IPN setup.

 

May 19, 2008 at 7:46 PM
Edited May 20, 2008 at 1:19 AM

Hi Shannon

I decided to try Easypaypal 2.1 instead and it works for me on the local server setup with wp 2.5.1.  Not sure whether that indicates Paypal can or can't access the local server since there's no IPN setup or script page for it to access, right?

Anyway, the only thing I can find that's not working properly in ver 2.1 is the paypal redirection message which isn't displayed properly.  Otherwise the paypal process works, user is successfully subscribed and redirected to either dashboard or frontpage.  User info is also properly accessed and displayed within admin.

So the problem seems to be with versions 3.1 & 3.2.  I'll check the IPN setup but I'm pretty sure it's right.  Even if it was the wrong address though, how could that affect the user info page? 

Regarding the display issue in ver 2.1, it was the div not displaying correctly.  To bring it to the front, I just used 'z-index: 1; position:absolute;....' and that cures the issue.

Thanks for your help
Vee