I just found a way to skip paying and still get full access

Aug 26, 2008 at 2:19 PM
While playing around with this plugin on my own website I just discovered that it is fairly easy to get logged in without paying. All I has to do was login and as soon as it gave me the options to pay I pressed the back button or retyped the website URL, refresh the browser and I was still logged in and did not pay. Does anyone have a way around this? I was thinking it might be possible to clear the $user_ID field and then fill it back in again when they returned from paypal. I have not tried it yet, but wondered if it would work.
Aug 26, 2008 at 5:01 PM
One way to overcome this issue is to code your pages/posts so that hidden content isn't released unless the user's meta info indicates they have paid access.  This is what I've been doing with my variant of this plugin and it seems to work okay so far. 

 - PDR
Aug 27, 2008 at 11:30 AM
I read this post with some concern (to say the least!), but after playing around on my site for about 20 mins, creating new users, "losing" passwords etc., I have been unable to re-create this problem - my content is hidden with [pay] tags, and stays hidden until a paid member or a "bypassed" member logs in.

When I stopped panicing I realised that I am using a modded EPP with IPN that came with a WordPress membership package, and I have no idea who modded it, but it led me to wondering whether it is in fact yours, PDR? (back in a June 7th thread we both posted asking similar questions... and shortly after that the WP package became available)

In any event the real reason I was reading the discussions was to find out if anyone is using/modding EPP for different levels of membership (not simply different payment periods but different content displayed depending on payment amount) and so far I have drawn a blank....

Any input will be much appreciated!
Aug 27, 2008 at 3:51 PM
JohnEdgley:  Which WP membership package/mod are you using?  I don't think I've shared my version of EPP yet - though I plan to once its finished.  The mod I'm using is really only useful for my site as its tied to a second database and the mods I've made to my theme.

But, my version of EPP uses the version of the IPN which came with EPP 2.3, as that was the last version of EPP with an IPN.  I have had no problems with the PayPal IPN or anything of the sort.  I would be very interested in seeing how our two IPN files differ.

Aug 27, 2008 at 5:24 PM
@PDR; The mod came as part of a package which included setup videos and other plug-ins. If you pm your email address to me (I have email contact turned on in my profile at the moment), I will attach and reply.

Sep 3, 2008 at 5:24 PM
Thanks for the reply, but using the pay tag is not an option for me. I want all my content to be free, but I have extra featrues that are available only to members. So it is very important that when a person logs in I can guarantee that they are a paying member to the site and not just to the posts. For example I have surrounded all my ads with some code so that they are hidden when a person logs in. I need to block a person from loggining in unless they have paid.
Jan 2, 2009 at 12:28 PM
@ryanmc Hi, did you ever resolve this issue? Your set up seems similar to mine (not using the pay tag) so I would love to know if you found a way to resolve this. Thanks in advance.
Jan 21, 2009 at 12:26 PM
Ok, I am getting a lot of subscribers who are somehow managing to register without paying thus allowing them to access my restricted page for free. So far, if I see they have joined but not paid I send them Paypal payment requests and if they don't pay after a few days I bump them off the list...but this is far from ideal. I have sent a couple of emails to Shannon for support but so far no response from him. Does anyone else have any ideas? Here's my site: www.inonehour.net
Thanks in advance.
Jan 21, 2009 at 12:41 PM
Edited Jan 21, 2009 at 12:52 PM
I have just been to your site and registered, and you are certainly correct that you can decline to pay, yet when you go back to "Members Library" it lets you in.

I am registered as "johne" if you wish to delete me.

Could you confirm the code you are using to protect the members page, ie is it via the [pay] [/pay] tags as we discussed here ;


which I thought had already resolved this particular problem, or is it one of Shannons other methods (which I am not very familiar with as I only currently use the pay tags). I will also revisit this issue on my own site as a matter of some urgency as I was unable to reproduce the problem when it was first reported.

Jan 21, 2009 at 4:22 PM
Which versions are you using?  I suspect this is probably more of an issue with EPP v3.5 and not so much with EPP v3.2.

Thank you,

Jan 21, 2009 at 4:45 PM
Having just looked back at this I realise they are two separate issues - you can register without paying (on all versions I think) but you shouldn't be able to see protected content... so it's a "protected content issue" not a registration issue...
Jan 21, 2009 at 4:58 PM
@johnedgley You were right about my not using the [pay] [/pay] tags correctly. I have now protected each section with the tags and this is certainly hiding the content...so thank you for making me think about that sensibly! The new issue I have is that I have set up people who have access to the page but who are not required to pay (for a range of reasons), but now if they login, they are excluded from the protected material unless they follow through to Paypal and pay! This could be most embarrassing in some cases :) Is there a way I can enable them so that they have the same viewing priveleges as paid members?
Jan 21, 2009 at 5:03 PM
@PDRather I am using EPP v3.51 Thanks, msolsyd
Jan 21, 2009 at 5:04 PM
I think what you are now experiencing is down to the user levels you have defined - you have to grant the users that you wish to be able to see the content a status that enables that. I'll have to remind myself how I did that in the first place as I can't remember the exact settings I used! I'll post as soon as I've checked.
Jan 21, 2009 at 5:08 PM
You're a star! I am looking into it myself now but if you have any suggestions, I would be most grateful! Thanks heaps.
Jan 21, 2009 at 5:16 PM
I should have said that you can do it by entering them into the exceptions list in the "Settings" page, and it's probably the best way... but I still can't find the bit (which I'm pretty sure I didn't imagine) that defines which user levels are restricted - eg obviously admin level isn't restricted, but you don't want to give everyone admin level.... I shall keep looking - Shannon - if you're still online - I'm sure you can put us both right instantly!
Jan 21, 2009 at 6:12 PM
I have tried changing the levels of my complementary users in 'edit user' and the only one which allows them to access the restricted material is the admin level. I have temporarily changed them all to this new level, but this is definitely NOT a solution for the long term!

Jan 21, 2009 at 6:19 PM
I know, that's why I'm suggesting you add them to the exceptions list, at least for now...
Jan 21, 2009 at 7:05 PM
Totally, but I can't find the exception list on the 'Settings' page. All I seem to have the option to do on this page is to determine the 'New User Default Role' - which I have, naturally, set as 'subscriber'. There is every chance I am being stupid, but I promise I have scoured the pages looking for it! Hence, my opting for now with the admin option which it the only way I can find so far to address this issue.
Jan 21, 2009 at 7:09 PM
In case it makes a difference, I am using WP 2.7
Jan 21, 2009 at 7:18 PM
In the navigation down the left hand side, go to "Settings">"Easy PayPal Configuration"> towards the bottom between "LogIn Message" and "Categories" (at least - it is for me!)
Jan 21, 2009 at 7:22 PM
OK, now it seems I have to hang my head in shame. I just found the exception list on the 'Easy Paypal Configuration' page and it worked. Yay! Thanks so much for your help johnegley! If you are interested, I can validate your login...it's the least I can do :)
Jan 21, 2009 at 7:27 PM
No problem... and yes, please do... after this it'd be good to see how you've put it all together!
Jan 21, 2009 at 8:16 PM
@ johnedgely Super - I have sent you an email with details.
@ Shannon Whitely - The email I sent you yesterday on this matter has just bounced back as a Delivery Status Notification (Delay) ...just so that you know.