August 3, 2011 at 1:24 am #3967
On psri.us I have been observing a strange behavior that may be malicious and potentially dangerous (of course I may be wrong too). eMember allows registration of members with no information, and when this happens I lose admin privileges. It may be a bug, an attempt to gain control of my site, or something else. I would appreciate your thoughts on this urgently.
CemalAugust 3, 2011 at 4:52 am #35097
WP eMember has validation to stop people from being able to submit empty form (certain fields must have values before the form can be submitted).
To find out what I mean go to the demo site here and try to submit the registration form with empty fields and you will see how it stops you:
Let me know how you go after that.August 3, 2011 at 7:45 pm #35098
Thanks Amin, I downloaded and modified the file I always modify and uploaded it. After activating it I tried to register with no information and received the error pop ups. I had not tried that on the old version. My fear was, and still is, that a hacker is trying to inject some code under the radar. You do not seem to think that is the case and I am comforted by that. We’ll see how this goes.
Thanks for your help as usual.
CemalAugust 8, 2011 at 2:19 am #35099
Amin, there is a different problem now. When a member renews membership the record is losing several key information: login ID, e-mail, password, phone number. These are the ones I care for and I have a screen capture that shows the missing fields. This is a serious problem for me since they will not be able to login to their accounts even to correct the missing pieces of information. This happened after I updated the eMember with the latest version I requested. Three people renewed memberships since and all are missing the same fields of information. I will appreciate your urgent handling of this. I can e-mail the screen capture from phpMyAdmin browse, please provide an e-mail where I can send that file.
CemalAugust 8, 2011 at 7:57 pm #35100
Bump!August 9, 2011 at 2:49 am #35101
Most likely you did not deactivate and reactivate the plugins during the update and they may be out of sync.
The only way to know what is happening is to run a test transaction with debug option enabled.
Are you using eStore for your membership payment or just plain PayPal button? The following two post should help (use the one that you are using):
– Plain PayPal button (no eStore) – https://support.tipsandtricks-hq.com/forums/topic/wp-emember-and-plain-paypal-button-integration-troubleshooting
share the content of the “subscription_handle_debug.log” file after the test.August 9, 2011 at 3:27 am #35102
I have activated the debug mode, but could not find the “Reset log files” button. However, the log file had zero bytes, so I went ahead and paid my dues. It went as expected and my user name, password and e-mail remained intact. I will be pasting the debug file content below for you to see. Is there a behavior difference between purchasing a membership after logging in and buying one without logging in? Do you advise keeping the debug mode on for a while? I have hidden the purchase membership page to prevent further aggravating the situation, shall I make it visible again and wait?
Here is the debug file contents:
[08/09/2011 3:17 AM] – SUCCESS :Paypal Class Initiated by 220.127.116.11
[08/09/2011 3:17 AM] – SUCCESS :Connection to http://www.paypal.com successfuly completed.
[08/09/2011 3:17 AM] – SUCCESS :IPN successfully verified.
[08/09/2011 3:17 AM] – SUCCESS :Creating product Information to send.
[08/09/2011 3:17 AM] – SUCCESS :Transaction Type: Shopping Cart
[08/09/2011 3:17 AM] – SUCCESS :Number of Cart Items: 1
[08/09/2011 3:17 AM] – SUCCESS :Item Number: 4
[08/09/2011 3:17 AM] – SUCCESS :Item Name: PSRI-FM
[08/09/2011 3:17 AM] – SUCCESS :Item Quantity: 1
[08/09/2011 3:17 AM] – SUCCESS :Item Total: 40.00
[08/09/2011 3:17 AM] – SUCCESS :Item Shipping: 0.00
[08/09/2011 3:17 AM] – SUCCESS :Item Currency: USD
[08/09/2011 3:17 AM] – SUCCESS :eMember integration is being used… creating member account… see the “subscription_handle_debug.log” file for details
[08/09/2011 3:17 AM] – SUCCESS :Download Link : PSRI-FM – This product does not have any downloadable content
[08/09/2011 3:17 AM] – SUCCESS :Product Email successfully sent to firstname.lastname@example.org.
[08/09/2011 3:17 AM] – SUCCESS :Notify Email successfully sent to email@example.com.
[08/09/2011 3:17 AM] – SUCCESS :Updating Products, Customers, Coupons, Sales Database Tables with Sales Data.
[08/09/2011 3:17 AM] – SUCCESS :Products, Customers, Coupons, Sales Database Tables Updated.
[08/09/2011 3:17 AM] – SUCCESS :Updating Affiliate Database Table with Sales Data if Using the WP Affiliate Platform Plugin.
[08/09/2011 3:17 AM] – SUCCESS :Not Using the WP Affiliate Platform Plugin.
[08/09/2011 3:17 AM] – SUCCESS :Paypal class finished.
August 9, 2011 at 3:34 am #35103
One more thing to report. I told you I did not see the user name, password hash, and e-mail in the MySQL DB table wp_wp_emember_members_tbl when viewed from phpMyAdmin. That is still true, however when I view the member record, I see the e-mail and the user name, the password is normally blank and I see a blank field. I am confused now even more. BTW, I did disable the plugin and then enabled it after uplading all the new files.August 9, 2011 at 3:39 am #35104
Yet another update: The three members who “renewed” memberships have two records, one with correct e-mail, login ID, one without. I had made the purchase available without logging in, perhaps I should force login again. Please advise.August 9, 2011 at 7:55 am #35105
You haven’t shared the content of the following debug file as requested in my earlier post (this file will contain the details of what the plugin did in terms of the membership account upgrade):
I am not sure why you are trying to view it from PHPMyAdmin?August 9, 2011 at 1:54 pm #35106
I was actually exporting from phpMyAdmin since the export to CVS does not include a key field I need, “subscription starts” based on which I calculate the expiration date. That’s how this observation started. I saw the blank fields at the end of the spread sheet. I would much rather get this report from eMember control panel, but the export fields include a selected set rather than the whole table columns.
Below is the content of the other log file.
[06/01/2011 1:10 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[06/14/2011 11:52 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[06/27/2011 8:18 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/08/2011 1:19 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/08/2011 1:51 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/10/2011 4:12 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/13/2011 3:55 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/28/2011 8:25 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[07/30/2011 3:43 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/04/2011 6:33 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/05/2011 2:06 AM] – SUCCESS :Member signup URL :http://www.psri.us/membership/registration/?member_id=251&code=f4ac175998c004acfa606350920b2007
[08/05/2011 2:06 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/07/2011 11:24 PM] – SUCCESS :Member signup URL :http://www.psri.us/membership/registration/?member_id=252&code=5ffa091cbbb86f16e316f02fd2b2ac74
[08/07/2011 11:24 PM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/08/2011 1:18 AM] – SUCCESS :Member signup URL :http://www.psri.us/membership/registration/?member_id=253&code=70e8b82c8e2dfc4c597e57b0ffc65c9a
[08/08/2011 1:18 AM] – SUCCESS :Member signup/upgrade completion email successfully sent
[08/09/2011 3:17 AM] – SUCCESS :Member signup/upgrade completion email successfully sentAugust 9, 2011 at 10:53 pm #35107
I was expecting to see more debug from this file. When you upgraded eMember did you upgrade eStore too?August 10, 2011 at 2:04 am #35108
No I did not upgrade eStore. My guess, just a guess, is that this is the result of my allowing anyone to purchase membership without first creating an account and logging in. I have since changed that, the products are behind a validated user only restriction. As I said earlier, I renewed my membership after logging in and it correctly applied the new purchase to my existing account instead of creating a new account. I will fix the other three manually and keep watching it. In the mean time, shall I reset the log files again and leave them on while I open the renewal of membership? By the way, where is the “Reset Log Files” button?August 10, 2011 at 3:27 am #35109
Yes, resetting the log file and keeping them on is a good idea. This will allow you to track the issue if it happens again. It is also a good idea to update eStore too since you updated eMember.
- You must be logged in to reply to this topic.