- This topic has 13 replies, 2 voices, and was last updated 13 years, 3 months ago by
.
-
Posts
-
On psri.us I have been observing a strange behavior that may be malicious and potentially dangerous (of course I may be wrong too). eMember allows registration of members with no information, and when this happens I lose admin privileges. It may be a bug, an attempt to gain control of my site, or something else. I would appreciate your thoughts on this urgently.
Thanks,
Cemal
WP eMember has validation to stop people from being able to submit empty form (certain fields must have values before the form can be submitted).
To find out what I mean go to the demo site here and try to submit the registration form with empty fields and you will see how it stops you:
http://www.tipsandtricks-hq.com/eMember-demo/members-home/registration
With that said, I believe there maybe JavaScript conflict on your site which is preventing eMember from doing this validation. I would first recommend you to get a fresh build of the plugin from here (we continuously add more conditions in our plugin to fight the JavaScript conflicts that stem from other plugins):
https://support.tipsandtricks-hq.com/update-request
Let me know how you go after that.
Thanks Amin, I downloaded and modified the file I always modify and uploaded it. After activating it I tried to register with no information and received the error pop ups. I had not tried that on the old version. My fear was, and still is, that a hacker is trying to inject some code under the radar. You do not seem to think that is the case and I am comforted by that. We’ll see how this goes.
Thanks for your help as usual.
Cemal
Amin, there is a different problem now. When a member renews membership the record is losing several key information: login ID, e-mail, password, phone number. These are the ones I care for and I have a screen capture that shows the missing fields. This is a serious problem for me since they will not be able to login to their accounts even to correct the missing pieces of information. This happened after I updated the eMember with the latest version I requested. Three people renewed memberships since and all are missing the same fields of information. I will appreciate your urgent handling of this. I can e-mail the screen capture from phpMyAdmin browse, please provide an e-mail where I can send that file.
Cemal
Most likely you did not deactivate and reactivate the plugins during the update and they may be out of sync.
The only way to know what is happening is to run a test transaction with debug option enabled.
Are you using eStore for your membership payment or just plain PayPal button? The following two post should help (use the one that you are using):
– WP eStore – https://support.tipsandtricks-hq.com/forums/topic/how-and-when-to-enable-debug-and-what-does-it-do
– Plain PayPal button (no eStore) – https://support.tipsandtricks-hq.com/forums/topic/wp-emember-and-plain-paypal-button-integration-troubleshooting
share the content of the “subscription_handle_debug.log” file after the test.
I have activated the debug mode, but could not find the “Reset log files” button. However, the log file had zero bytes, so I went ahead and paid my dues. It went as expected and my user name, password and e-mail remained intact. I will be pasting the debug file content below for you to see. Is there a behavior difference between purchasing a membership after logging in and buying one without logging in? Do you advise keeping the debug mode on for a while? I have hidden the purchase membership page to prevent further aggravating the situation, shall I make it visible again and wait?
Here is the debug file contents:
[08/09/2011 3:17 AM] – SUCCESS :Paypal Class Initiated by 66.211.170.66
[08/09/2011 3:17 AM] – SUCCESS :Post string : mc_gross=40.00&protection_eligibility=Eligible&address_status=confirmed&item_number1=4&payer_id=82ZHFWX7S5M4L&tax=0.00&address_street=118+Spring+Green+Rd&payment_date=20%3A17%3A39+Aug+08%2C+2011+PDT&payment_status=Completed&charset=windows-1252&address_zip=02888&mc_shipping=0.00&mc_handling=0.00&first_name=A+Cemal&mc_fee=1.18&address_country_code=US&address_name=A+Cemal+Ekin¬ify_version=3.2&custom=eMember_id%3D6&payer_status=verified&business=paypal4psri%40psri.us&address_country=United+States&num_cart_items=1&mc_handling1=0.00&address_city=Warwick&verify_sign=ASyS9flVHpw.TVh9qeZ5ZvDRSbV4AzEVkEkANo53siqsakD0Vm.DvggC&payer_email=acekin%40gmail.com&mc_shipping1=0.00&txn_id=5U2945029J557464U&payment_type=instant&last_name=Ekin&address_state=RI&item_name1=PSRI-FM&receiver_email=paypal4psri%40psri.us&payment_fee=1.18&quantity1=1&receiver_id=JC4JSFTU6XRE4&txn_type=cart&mc_gross_1=40.00&mc_currency=USD&residence_country=US&transaction_subject=eMember_id%3D6&payment_gross=40.00&ipn_track_id=9Vl.jimiQzHlfcHGogh5.w&
[08/09/2011 3:17 AM] – SUCCESS :Connection to http://www.paypal.com successfuly completed.
[08/09/2011 3:17 AM] – SUCCESS :IPN successfully verified.
[08/09/2011 3:17 AM] – SUCCESS :Creating product Information to send.
[08/09/2011 3:17 AM] – SUCCESS :Transaction Type: Shopping Cart
[08/09/2011 3:17 AM] – SUCCESS :Number of Cart Items: 1
[08/09/2011 3:17 AM] – SUCCESS :Item Number: 4
[08/09/2011 3:17 AM] – SUCCESS :Item Name: PSRI-FM
[08/09/2011 3:17 AM] – SUCCESS :Item Quantity: 1
[08/09/2011 3:17 AM] – SUCCESS :Item Total: 40.00
[08/09/2011 3:17 AM] – SUCCESS :Item Shipping: 0.00
[08/09/2011 3:17 AM] – SUCCESS :Item Currency: USD
[08/09/2011 3:17 AM] – SUCCESS :eMember integration is being used… creating member account… see the “subscription_handle_debug.log” file for details
[08/09/2011 3:17 AM] – SUCCESS :Download Link : PSRI-FM – This product does not have any downloadable content
[08/09/2011 3:17 AM] – SUCCESS :Product Email successfully sent to acekin@gmail.com.
[08/09/2011 3:17 AM] – SUCCESS :Notify Email successfully sent to ac.ekin@gmail.com.
[08/09/2011 3:17 AM] – SUCCESS :Updating Products, Customers, Coupons, Sales Database Tables with Sales Data.
[08/09/2011 3:17 AM] – SUCCESS :Products, Customers, Coupons, Sales Database Tables Updated.
[08/09/2011 3:17 AM] – SUCCESS :Updating Affiliate Database Table with Sales Data if Using the WP Affiliate Platform Plugin.
[08/09/2011 3:17 AM] – SUCCESS :Not Using the WP Affiliate Platform Plugin.
[08/09/2011 3:17 AM] – SUCCESS :Paypal class finished.
One more thing to report. I told you I did not see the user name, password hash, and e-mail in the MySQL DB table wp_wp_emember_members_tbl when viewed from phpMyAdmin. That is still true, however when I view the member record, I see the e-mail and the user name, the password is normally blank and I see a blank field. I am confused now even more. BTW, I did disable the plugin and then enabled it after uplading all the new files.
Yet another update: The three members who “renewed” memberships have two records, one with correct e-mail, login ID, one without. I had made the purchase available without logging in, perhaps I should force login again. Please advise.
You haven’t shared the content of the following debug file as requested in my earlier post (this file will contain the details of what the plugin did in terms of the membership account upgrade):
– subscription_handle_debug.log
I am not sure why you are trying to view it from PHPMyAdmin?
I was actually exporting from phpMyAdmin since the export to CVS does not include a key field I need, “subscription starts” based on which I calculate the expiration date. That’s how this observation started. I saw the blank fields at the end of the spread sheet. I would much rather get this report from eMember control panel, but the export fields include a selected set rather than the whole table columns.
Below is the content of the other log file.
[06/01/2011 1:10 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[06/14/2011 11:52 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[06/27/2011 8:18 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/08/2011 1:19 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/08/2011 1:51 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/10/2011 4:12 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/13/2011 3:55 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/28/2011 8:25 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/30/2011 3:43 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/04/2011 6:33 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/05/2011 2:06 AM] – SUCCESS :Member signup URL :http://www.psri.us/membership/registration/?member_id=251&code=f4ac175998c004acfa606350920b2007
[08/05/2011 2:06 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/07/2011 11:24 PM] – SUCCESS :Member signup URL :http://www.psri.us/membership/registration/?member_id=252&code=5ffa091cbbb86f16e316f02fd2b2ac74
[08/07/2011 11:24 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/08/2011 1:18 AM] – SUCCESS :Member signup URL :http://www.psri.us/membership/registration/?member_id=253&code=70e8b82c8e2dfc4c597e57b0ffc65c9a
[08/08/2011 1:18 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/09/2011 3:17 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
I was expecting to see more debug from this file. When you upgraded eMember did you upgrade eStore too?
No I did not upgrade eStore. My guess, just a guess, is that this is the result of my allowing anyone to purchase membership without first creating an account and logging in. I have since changed that, the products are behind a validated user only restriction. As I said earlier, I renewed my membership after logging in and it correctly applied the new purchase to my existing account instead of creating a new account. I will fix the other three manually and keep watching it. In the mean time, shall I reset the log files again and leave them on while I open the renewal of membership? By the way, where is the “Reset Log Files” button?
- You must be logged in to reply to this topic.