Buttons Stopped Working - DEPRECATED_PARAM_MODIFY

Buttons were working before, tonight is one of the most important in the year for my site and I started getting an error a few minutes ago whenever I click on a button created by s2Member.

My users are forwarded to

https://www.paypal.com/webapps/shoppingcart/error?flowlogging_id=97bac95e8572e&code=DEPRECATED_PARAM_MODIFY

And the page says “Things don’t appear to be working at the moment. Please try again later.”

I tried disabling encryption, then the error is different. What could be possibly happening?

Any suggestion on something that could be done to fix it quickly even if it’s a hack job so I get my subscriptions? Thanks!

My website is thesimarchitect . com

Thanks!

Clear all your caches including CDN. You may have some corrupted cached files.

If you look at the following screenshot you have some spurious data in your $29.99 button. Your $4.99 button looks fine and seems to work fine.

image.png1599×839 571 KB

I changed my buttons temporarily to manual PayPal buttons because I could not lose the subscriptions. What do you mean with spurius data?

This is the page that has the original code generated by s2Member that was working fine until a few hours ago (I cloned the page so you could see it ):

[I removed the link because I deleted the test page]

Ok. Thanks for that. My mistake when I said “spurious”…the browser debugger only showed a partil pki cert until I double-clicked it.

I’ll have a look at the code. No promises. I can only offer a second set of eyes.

Thank you so very much. It feels like PayPal changed something secretly in the background, therefore the Deprecated error.

I wonder why I did not see anybody else with the same problem yet.

This is my s2Member shortcode:

[s2Member-PayPal-Button level="2" ccaps="" desc="Direct Download (Monthly)" ps="paypal" lc="" cc="USD" dg="0" ns="1" custom="thesimarchitect.com" ta="0" tp="0" tt="D" ra="4.99" rp="1" rt="M" rr="1" rrt="" rra="1" image="https://thesimarchitect.com/wp-content/uploads/2020/02/PayPalDonateNow106.png" output="button" /]

Weirdly it was working quite well before and it broke exactly on the night that I was expecting more subscriptions

After looking at the code and PayPal developer it looks like you are out of luck. Time to upgrade to Pro forms.

Issue 1:

Your encrypt field is using a RSA-SHA1 PGP key but RSA-SHA1 is being phased out.

See https://developer.paypal.com/docs/api/info-security-guidelines/?mark=sha1#

Issue 2:

PayPal has deprecated the Button Manager API

https://developer.paypal.com/docs/archive/button-manager/api/create-button-soap/?mark=bmcreatebutton

Thanks!!!

Does it mean s2Member will stop working for everybody?

Oh, and I tried without encryption but that generates a different error, sadly.

And I can’t even think of being able to afford Payments Pro right now. I sell a couple of subscriptions here and there, and they’re quite cheap. I’d give half of my money to PayPal and the other half to buy the professional plugin.

Buttons I create manually using PayPal’s conventional interface work (but don’t integrate with s2Member).

Disabling the requirement for encryption and turning encryption off does not work, same error, just tested.

Now, PayPal deprecated SOAP ages ago, but it was still working until yesterday and they were supposed to keep supporting what was already in use.

Which option will the developers of s2Member give us if it stops working entirely? Or will the free version of the plugin become unable to handle payments?

I’m still looking around. The PayPal docos are very confusing and the s2member code is oblique “clever” code.

The s2member code refers to the method as BMCreateButton which is part of the SOAP/NVP deprecated API. BUT…your code actually generates the following PayPal API call https://www.paypal.com/cgi-bin/webscr with a cmd of _s-xclick which is not deprecated…so this is confusing.

Wow! I wish I had 1% of your knowledge!

Not sure it helps, but…

Shortcode (removed the dot to avoid conversion to url here, is there a code tag?):

[s2Member-PayPal-Button level="2" ccaps="" desc="Premium Subscriber" ps="paypal" lc="" cc="USD" dg="0" ns="1" custom="thesimarchitect.com" ta="0" tp="0" tt="D" ra="4.49" rp="1" rt="M" rr="1" rrt="" rra="1" image="default" output="button" /]

Resulting PayPal Button Code:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
 <input type="hidden" name="business" value="mypaypalemail@domainiuse.com" />
 <input type="hidden" name="cmd" value="_xclick-subscriptions" />
 <!-- Instant Payment Notification & Return Page Details -->
 <input type="hidden" name="notify_url" value="https://thesimarchitect.com/?s2member_paypal_notify=1" />
 <input type="hidden" name="cancel_return" value="https://thesimarchitect.com/" />
 <input type="hidden" name="return" value="https://thesimarchitect.com/?s2member_paypal_return=1" />
 <input type="hidden" name="rm" value="2" />
 <!-- Configures Basic Checkout Fields -->
 <input type="hidden" name="lc" value="" />
 <input type="hidden" name="no_shipping" value="1" />
 <input type="hidden" name="no_note" value="1" />
 <input type="hidden" name="custom" value="thesimarchitect.com" />
 <input type="hidden" name="currency_code" value="USD" />
 <input type="hidden" name="page_style" value="paypal" />
 <input type="hidden" name="charset" value="utf-8" />
 <input type="hidden" name="item_name" value="Premium Subscriber" />
 <input type="hidden" name="item_number" value="2" />
 <!-- Configures s2Member's Unique Invoice ID/Code  -->
 <input type="hidden" name="invoice" value="<?php echo S2MEMBER_VALUE_FOR_PP_INV(); ?>" />
 <!-- Identifies/Updates An Existing User/Member (when/if applicable)  -->
 <input type="hidden" name="on0" value="<?php echo S2MEMBER_CURRENT_USER_VALUE_FOR_PP_ON0; ?>" />
 <input type="hidden" name="os0" value="<?php echo S2MEMBER_CURRENT_USER_VALUE_FOR_PP_OS0; ?>" />
 <!-- Identifies The Customer's IP Address For Tracking -->
 <input type="hidden" name="on1" value="<?php echo S2MEMBER_CURRENT_USER_VALUE_FOR_PP_ON1; ?>" />
 <input type="hidden" name="os1" value="<?php echo S2MEMBER_CURRENT_USER_VALUE_FOR_PP_OS1; ?>" />
 <!-- Controls Modify Behavior At PayPal Checkout -->
 <input type="hidden" name="modify" value="0" />
 <!-- Customizes Prices, Payments & Billing Cycle -->
 <!--<input type="hidden" name="amount" value="4.49" />-->
 <input type="hidden" name="src" value="1" />
 <input type="hidden" name="srt" value="" />
 <input type="hidden" name="sra" value="1" />
 <!--<input type="hidden" name="a1" value="0" />-->
 <!--<input type="hidden" name="p1" value="0" />-->
 <!--<input type="hidden" name="t1" value="D" />-->
 <input type="hidden" name="a3" value="4.49" />
 <input type="hidden" name="p3" value="1" />
 <input type="hidden" name="t3" value="M" />
 <!-- Displays The PayPal Image Button -->
 <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_xpressCheckout.gif" style="width:auto; height:auto; border:0;" alt="PayPal" />
</form>

I also trying fiddling around removing a bunch of variables from the shortcode, but the error persisted.

Disabling the requirement for encryption on PayPal and, at the same time, on s2Member, did produce the same deprecated error. Disabling s2Member encryption but keeping PayPal’s requirement for encryption generates a different error, which is something expected EWP_SETTINGS .

Again, thank you so so so much!!!

Ok…so the s2member form is in /src/includes/templates/buttons/paypal-checkout-button.php

This is called from /src/includes/classes/sc-paypal-button-in.inc.php to fill in the data

Then it calls sc_paypal_button_encryption in /src/includes/classes/sc-paypal-button-e.inc.php to overlay encryption.

So it does not appear that the API in use has been deprecated.

The API in question can be found here:
https://developer.paypal.com/docs/paypal-payments-standard/integration-guide/formbasics/?mark=_s-xclick#specifying-button-type--cmd

Although the definition of _s-xclick is The button that the person clicked was protected from tampering by using encryption, or the button was saved in the merchant's PayPal account. PayPal determines which kind of button was clicked by decoding the encrypted code or by looking up the saved button in the merchant's account. there is no explanation on this page as to how to encrypt.

The following is the excryption integration guide…there is no reference to the hidden “name=encrypted” field though I did find an independent reference to using this undocumented field (https://travis.media/paypal-button-variables-send-receive-data/). At present the only reference I have found to the “name=encrypted” field was in the deprecated Button Manager API as a Buttoncode type (https://developer.paypal.com/docs/archive/button-manager/api/create-button-soap/?mark=bmcreatebutton). That was why I mistakenly thought the s2member PayPal buttons API was deprecated…I could not find another reference to the “encrypted” field.

Stay tuned…I’m still tracking this down to figure out what PayPal expected in the past, what they expect now, and when this expectation changed.

OMG thank you so very much! I will totally stay tuned for more information.

Can you check if your host updates your php between the time it worked and the time it stopped working.

It shouldn’t have, since it’s a VPS and I did not update it… Also same Linux version as before (didn’t upgrade to 20 yet).

I am still on PHP 7.4.4 (March 20, 2020). I can’t think of a plugin update that could be interfering either.

Didn’t change any setting on Cloudflare and I am still using only TLS 1.2+ as usual, same certificate (Cloudflare gives a very long life certificate).

I clear the cache manually a bunch of times a day, since I am using free NGinx, which does not have a way to do that automatically unless you recompile the entire thing. So it shouldn’t be that either.

Ok. Just checking. These payment companies are amateurish in how they manage their APIs. Is it making it tough for me to cross match the PayPal version s2member is compatible with vs. any breaking changes PayPal may have put in place.

@clavaque - can you take a look at this please. Cheers.

I have the exact same error problem on my website.This happened over night for no apparent reason with optimize press software. My code looks the same as the example and no one has been able to sign up all day. No changes have been made to my paypal account, all the settings are the same. All the normal subscriptions are still being charged but no one can use the buttons to sign up.

I guess PayPal changed something and we don’t know yet. I complained to their customer service but sadly the people that usually pick up our cases first are completely clueless since it would be too expensive for PayPal to let us reach real tech support at start. Let’s hope we find a way to work around it. I am using manual buttons but it’s just awful because I can’t use IPN to give permissions to my users and I am having to do it manually exactly on the day that I have most people subscribing, since there’s a game update (and mod update as well).

I wish we find a way to make it work, not using PayPal Pro, it’s prohibitively expensive to me.

If we could at least create manual buttons and make them send the information s2Member needs to process what it used to I am happy enough.

Just wanted to chime in: I have the very same problem on my website. All the recurring subscription are not working. I had one 2 days ago and now it is not working so I suppose something has changed on PayPal side.

Here is my subscription page in case you want to check: https://theguitarchannel.biz/buy-backstage-pass/

The unusual aspect of this error is that the error code returned by PayPal (DEPRECATED_PARAM_MODIFY) does not produce any references to that term if it is searched for via Google. I have rarely if ever seen that.

i have the same problem. I am monitoring subscribers to watch which level i have to set them to with the paypal subscription button. it sucks. im not sure pay flow would help. i have payflow on another account and the subscription buttons were exactly the same

@thesimarchitect, @genmichelle, @pjournel - how many of you are using PayFlow Gateway (https://developer.paypal.com/docs/payflow/payflow-gateway/) rather than PayPal Payments Pro (https://developer.paypal.com/docs/paypal-payments-pro/)?