Members getting demoted to Guest, personal data being deleted

For the last few weeks, around the time most of the Members in the organization whose website I support need to renew their memberships, they are unable to do so because they’ve been demoted to Guests.

I promoted one back to being a Member, and then noticed after the update that all his identifying information has been deleted – address, phone, website, etc. I don’t know whether that happened when he got demoted or when I re-promoted him.

I went out to the external view of the website, hoping to copy his information so he wouldn’t have to re-enter it himself. He is not listed in the member directory that is available on the public website. Presumably this is because he still shows to behind on his membership fee. I don’t know of any way to access the data that’s in the cache. But I would tend to assume that the demotion to guest is what deleted this data, because guests don’t have the opportunity to enter all that data. And since the demotion is a bug anyway, there wouldn’t be any reason for Member data to get copied to a Guest data set.

I’m surprised no one else has experienced and reported this bug so that a fix can be in the offing. It’s been going on for several weeks. Someone else who works on the site thought it was just a one-off so we didn’t bother reporting it. Clearly it is not just a one-off.

Thanks for any help.

Hi Gregg.

Let me see if I understood. You’re having two issues:

most of the Members in the organization whose website I support need to renew their memberships, they are unable to do so because they’ve been demoted to Guests. […] the demotion is a bug

Were these memberships buy-now payments, or a subscription? If it’s a buy-now, an EOT time gets set immediately, if it’s a subscription the EOT gets set when it ends.

Do users that haven’t been demoted, have an EOT time set in their profiles?

What is your configuration for the Auto EOT Behavior? You seem to have it enabled and set to demote users. WP Admin > s2Member > PayPal Options > Auto EOT Behavior

If the EOT time is set and the user is demoted at that time, then it’s behaving as expected. Could you explain why you think there’s a bug?

all his identifying information has been deleted – address, phone, website, etc. I don’t know whether that happened when he got demoted or when I re-promoted him. […]
I would tend to assume that the demotion to guest is what deleted this data, because guests don’t have the opportunity to enter all that data.

You can check the profile of a user that has been demoted and you haven’t upgraded back up yet. Does he have the fields populated or not? Check in the users list first, then in his profile editor.

If the values are in the user list but then the fields are blank when you open the editor, don’t click save. Reload the users list and see if you can still see the values for that user.

Let me know how it goes. I look forward to your update.

Hi Cristián,

Thank you for the quick, detailed response!

How would I determine whether the memberships were buy-now or subscriptions?

I do see that the Auto EOT Behavior was set to Demote. That is certainly better than deleting! But the issue came to our attention because a user who has been a member since 2006 tried to renew his membership, the only option he saw was to pay an incorrect (too low) amount. So maybe that is the real issue that I should have first reported. The demotion itself is by design.

Thank you so much for pointing me to this page. I thought that we had set a setting to give our members much longer than one day to renew their membership before losing access. I thought it was 30 days. But it is set to 86400 (seconds), evidently the default.

I’m also changing the setting so that custom capabilities are not lost. I’m not sure why anyone would want to destroy work that has been done. If the member simply cannot login anymore, then I don’t know why it would matter what custom capabilities they would have if they were able to login. But if they do renew, then I have to rebuild their custom capabilities – the way the setting was.

My membership expires in three days and I do have an EOT time set. Should I not have received a reminder to renew my membership via email? My email address as listed in my profile is correct. Does a renewal reminder go out only at the EOT time and then the member has only the number of seconds mentioned above to respond to the reminder before they lose access? I guess as long as they still have access to renew, they don’t need access to anything else…

Well, in your payment gateway it’d show up as a subscription.

When you sell it, are you setting the shortcode to buy-now? if so, you’re selling a buy-now. If you’re setting it to pay you recurringly, then it’s a subscription. See: WP Admin > s2Member > PayPal Buttons > Shortcode Attributes > rr

rr="1" Recurring directive. Possible values: 0 = non-recurring “Subscription” with possible Trial Period for free, or at a different Trial Amount; 1 = recurring “Subscription” with possible Trial Period for free, or at a different Trial Amount; BN = non-recurring “Buy Now” functionality, no Trial Period possible."

Thank you so much for pointing me to this page. I thought that we had set a setting to give our members much longer than one day to renew their membership before losing access. I thought it was 30 days. But it is set to 86400 (seconds), evidently the default.

What that setting does is add that extra time to the paid time. So it’s not access given after the EOT, it’s added when calculating the EOT. So if the access is paid until the 3rd, but the grace time is one day, the EOT will be on the 4th. The reminders are offset from that EOT time that includes the grace time.

So, this grace period is not given after the EOT time, it’s included, it doesn’t happen after the EOT behavior (e.g. demotion). The demotion happens on EOT time, after the grace period. I thought I’d mention it in case it wasn’t clear enough.

You may find this EOT information useful too: https://s2member.com/kb-article/when-is-an-eot-time-set-for-each-user/

I’m also changing the setting so that custom capabilities are not lost. I’m not sure why anyone would want to destroy work that has been done. If the member simply cannot login anymore, then I don’t know why it would matter what custom capabilities they would have if they were able to login. But if they do renew, then I have to rebuild their custom capabilities – the way the setting was.

Well, custom capabilities give access, so you may want to revoke that access on EOT. I want to improve the way this is done, but that’s the reason why ccaps should be removable at the end of the paid access time. If the ccaps are used for information, then you may want to keep them, or try using another kind of field for this info (e.g. usermeta).

Demotion doesn’t remove the ability to login, that’d happen when the account gets deleted. Demotion brings the user’s level down to Level 0, so he still has his account, but no special access beyond logging in to the site. This is enough to set him apart from the regular visitor, and also keep his information, but without the paid level access.

My membership expires in three days and I do have an EOT time set. Should I not have received a reminder to renew my membership via email? My email address as listed in my profile is correct. Does a renewal reminder go out only at the EOT time and then the member has only the number of seconds mentioned above to respond to the reminder before they lose access? I guess as long as they still have access to renew, they don’t need access to anything else…

Remember it’s 3 days (paid term) plus the grace time (1 day by default), so the EOT is on the fourth day. If you change the grace time to 30 days, then the EOT time will be on the 33rd day.

The reminder email offset from that EOT time. You can create as many reminders with different offsets as you want. See: WP Admin > s2Member Pro > PayPal Options > EOT Renewal/Reminder Emails > Remind X Days Before EOT Occurs

This can be a comma-delimited list of days on which to send the reminder email: -5,-1 sends a reminder email 5 days before the EOT will occur, and then again (if the EOT still exists, i.e. the customer has not yet renewed) 1 day before the EOT occurs. Negative numbers indicate days before the EOT occurs, 0 being the day the EOT occurs. If you set this to, let’s say, -5 (one value only) the reminder is sent only one time. If you set this to -10,-5,-2,-1,0 there is the potential for a reminder to be sent up to five times.

Does that help understand its behavior?

Thank you for all the explanation. It certainly helps. I was wondering why I was able to login under my personal login after my (original) EOT. When I changed the setting I gave myself, and everyone who was not already demoted, 10 more days after April 21.

But I have navigated to a page called Membership Details, which is supposed to contain “Membership expiration date, last payment date, etc.”. The first time I clicked it, it showed various contact information and custom data fields, but they were all blank as if I had already been demoted! Yet all those fields are still being displayed in my public listing as a member of this organization. I don’t understand where that public listing data is being stored if my fields are all blank. Yes, we have caching turned on, so under some circumstances the public website could be showing data that has been deleted from the user tables. But, again, I shouldn’t have been demoted yet since I added 10 days to the EOT.

To add to the mess, when I navigated back to Membership Details, none of those fields were there anymore. Instead I was invited to register … at a price that is appropriate only for first-time members!

This is really getting beyond my ability to troubleshoot. It’s hard enough to document what’s going on, since the system doesn’t seem to be doing the same thing twice. I was thrown into the support role more than a year ago and I’m still learning more “stuff” every time I look at the website. The requirements document on which the new version of the website was based, has been lost. SMH

I understand. Would you like me to take a look at it? You can send me privately the access details.

Thanks. I took a look.

I confirmed what I suspected and mentioned above. When demoted, the user keeps the data, but it’s only shown in the Users list, not in his profile, because you set those custom fields to level 1 or higher. As long as you don’t save the profile while the user is at level 0 (i.e. custom label “Guest” in your site), the custom field values will be there, but if you save, then those fields are removed from the user.

For example, Amber Howe is a Guest, but still has those values, you can see them in the Users list, but the fields are not in her profile editor. If you save her profile, then the values will be lost, but if you don’t save it at that Guest level, then the values continue there.

Try it with a test account, set it to a higher level, populate the fields. Then edit it to give an EOT time with an old date and save. Wait for the demotion to happen and see in the Users list if it still has the values. Go to its profile editor, notice the missing fields, save the profile without having done any changes, and go back to the list and see if the values are still there.

You’ll need to be backing up the level 0 values, just in case you forget and save a change and lose them, but then would not be able to enter again without the user being upgraded because he doesn’t have the fields.

My suggestion would be to enable all those fields for every level to avoid this unwanted behavior.

Does that help?

It sure does! Thank you so much!

Could you also perhaps figure out why (1) everyone’s being prompted to renew at $195 instead of the proper/full fee of $255? And (2) why no one has been receiving email renewal reminders?

I should be able to figure these things out, but I’m under much time pressure from too many directions. I don’t seem to be able to think as clearly about this kind of stuff as I used to.

When you say “everyone”, what levels do you mean? Everyone at level 0, or everyone at any level?

Could you tell me what the page with the upgrade form is?

And (2) why no one has been receiving email renewal reminders?

They are not enabled.

Go here to enable and customize them: WP Admin > s2Member Pro > Auth.Net Options > EOT Renewal/Reminder Emails

Hi Cristian,

I tried twice yesterday to continue our private conversation. Both times my email bounced with the message “No route to host”.

See replies in-line below:

On 4/23/2019 3:28 PM, Cristián Lávaque wrote:

[clavaque] clavaque Cristián Lávaque
April 23

cajporg:

Could you also perhaps figure out why (1) everyone's being prompted to renew at $195 instead of the proper/full fee of $255?

When you say “everyone”, what levels do you mean? Everyone at level 0, or everyone at any level?

Well … hmmm. It has happened to me (user id 485), user id 483, and user id 611. 483 is an “ordinary” Member who has the added capabilities of being able to add and modify events, and related capabilities (but I think no “ccaps” as such). I am an ordinary admin (when I login as myself). And user 611 is an attorney member with no administrative privileges. All of us have been members for more than two years, so our renewal fee should have been $255. I have forgotten what Level 0 really means, but hopefully this answers your question.

Could you tell me what the page with the upgrade form is?

From https://cajp.org/member-welcome-page/, I click on “Membership Details”:

The status bar in the lower-left corner of Firefox tells me that that link will take me to https://cajp.org/membership-details/. But it doesn’t take me there every time. The first time I clicked it today, it took me to a page With all the empty fields we’ve talked about already, which currently has the URL https://cajp.org/membership/membership/?_s2member_vars=page..level..1..page..392425..L21lbWJlci13ZWxjb21lLXBhZ2UvbWVtYmVyc2hpcC1kZXRhaWxzLw%3D%3D&_s2member_sig=1556067632-dd7e898c0993b824c9fdb3a03beafc84!!! I didn’t make note of the URL that first time but it just took me there again, the third time today I’ve clicked it.

The SECOND time I clicked it, it took me to a page that looks like this one, as if I have never been a Member before:

It should be trying to charge me $255, not $195.

Strangely, though, the URL looks a lot like the one above except for the last parameter: https://cajp.org/membership/membership/?_s2member_vars=page..level..1..page..392425..L21lbWJlci13ZWxjb21lLXBhZ2UvbWVtYmVyc2hpcC1kZXRhaWxzLw%3D%3D&_s2member_sig=1556067872-e4d4e5662364b87f64baf419fb186f69. That last long string, the s2member_sig parameter, differs between those two URLs.

I had to do a hard-refresh (Ctrl+F5) several times before that page appeared, giving me a chance to renew.

As it says on https://cajp.org/membership/:

Regular Membership (must be located in California):
    Membership Fee – $255, includes new-member attorneys and returning members....
Provisional Membership (must be located in California):
    Membership Fee – $195, first year only; for new, first time, non-attorney members.

And (2) why no one has been receiving email renewal reminders?

They are not enabled.

Go here to enable and customize them: WP Admin > s2Member Pro > Auth.Net Options > EOT Renewal/Reminder Emails

Thank you. They were working last year; I did not change the setting; no one else would have changed the setting; and I don’t think anybody even had this superadmin password besides me in the past year.

Is it possible that the last upgrade of s2Member / Pro Changed that setting back to a default setting? That’s the only way I can figure out that it would have gotten changed.

In any case, if I change that setting back now, it’s quite likely that several people will go renew … for the wrong amount. So I need to get the “wrong amount” issue fixed first.

Thanks,

Gregg

I see that the link points to https://cajp.org/membership-details/ and it takes me to the Membership Details at https://cajp.org/member-welcome-page/membership-details/ because you set the Member Welcome Page as its parent. The redirection works, but maybe you want to update the link.

But it doesn’t take me there every time. The first time I clicked it today, it took me to a page With all the empty fields we’ve talked about already, which currently has the URL https://cajp.org/membership/membership/?_s2member_vars=page..level..1..page..392425..L21lbWJlci13ZWxjb21lLXBhZ2UvbWVtYmVyc2hpcC1kZXRhaWxzLw%3D%3D&_s2member_sig=1556067632-dd7e898c0993b824c9fdb3a03beafc84!!! I didn’t make note of the URL that first time but it just took me there again, the third time today I’ve clicked it.

That’s the Membership Options Page and you got sent there because the Membership Details page is protected at Level 1. See in the variables of the URL: page…level…1…page…392425; that’s “page” restriction, at level 1, on page with ID 392425, i.e. Membership Details. WP Admin > s2Member > API / Scripting > Membership Options Page Variables

It seems to me that your login session expired before you tried loading that page, so you were basically not logged in and trying to view a Level 1 page, and got sent to the Membership Options.

…

Actually, after loading the Membership Options Page several times, I also got a new signup form although I’m still logged in, I checked. I don’t know why you’re getting this behavior. Maybe it’s the cache, you could test disabling logged in users caching.

It should be trying to charge me $255, not $195.

That seems be due to the conditional you used to show one price or the other: $_REQUEST["level"] == 3) ? "255" : "195"

[s2Member-Pro-AuthNet-Form level="3" ccaps="" desc="$<?php echo (esc_attr($_REQUEST["level"] == 3) ? "255" : "195"); ?> USD / 1 year of membership (<?php echo (esc_attr($_REQUEST["level"] == 3) ? "attorney" : "non-attorney"); ?>)" cc="USD" custom="cajp.org" ta="0" tp="0" tt="D" ra="<?php echo (esc_attr($_REQUEST["level"] == 3) ? "255" : "195"); ?>" rp="1" rt="Y" rr="BN" rrt="" accept="visa,mastercard,amex,discover" coupon="" accept_coupons="0" default_country_code="US" captcha="0" /]

If I add that to the URL, you get the $255 price, I guess you’re linking that way from some other page to sell the Attorney level: https://cajp.org/membership/membership/?level=3

You need to fix those conditionals to behave the way you actually want them.

Also, that pro-form is selling Level 3, i.e. Attorney, your Non-Attorney is Level 2 in your customized labels, and if the user is logged in, then there’s no logic to figure out the level he should be sold. WP Admin > s2Member > General Options > Membership Levels/Labels

Regular Membership (must be located in California):
Membership Fee – $255, includes new-member attorneys and returning members…
Provisional Membership (must be located in California):
Membership Fee – $195, first year only; for new, first time, non-attorney members.

Something like this, maybe, and you’d add the corresponding pro-form shortcode for each.

<?php if (is_user_logged_in()) { ?>
    Membership Fee – $255, includes returning members....
<?php } else if ($_REQUEST["level"] == 3) { ?>
    Membership Fee – $255, includes new-member attorneys....
<?php } else { ?>
    Membership Fee – $195, first year only; for new, first time, non-attorney members.
<?php } ?>

I hope that helps!

Every time I’ve about caught up with you, you accelerate again.

Seriously …

(1) Last year the system worked fine, and nobody has changed any of this stuff;

(2) This is a volunteer position for me … and the business that I own resembles a volunteer position all too much; and

(3) I don’t think you have provided enough detail for me to make the changes you are recommending above.

Is there any way that you could just go in and make the changes that you think will give us the results we want? I often find it’s quicker to do things myself than to explain to someone else how to do them…

I forgot to say, I did not see any email notification of your last reply, that’s why took me two days to reply.

Maybe the condition didn’t happen much before, or nobody noticed, or users wouldn’t complain about being charged less. The condition works following the logic, and the logic for that conditional was the same last year as now.

$_REQUEST["level"] == 3 ? "255" : "195" only accounts for those coming for Level 3, everyone else gets the $195 price. It’s easier to pick the 195 case and show everyone else the default 255.

This condition would be more correct:

!is_user_logged_in() && $_REQUEST["level"] != 3 ? '195' : '255'

But that still leaves you with several conditions that check the same through the shortcode to change attribute values. It’s better to do the check first and then have one shortcode or the other, as I showed in my example above.

And you still need to adjust the level being sold, which isn’t in your shortcode, it always sells level 3 there, even if level 3 was not specified in the request.

This is all custom code, I’m not supposed to be writing this for you, but I’m doing it to help you figure it out. If you take a shot at writing the shortcode for each and show me the code with the conditions, I will gladly take a look and tell you if I see something off, though.

(3) I don’t think you have provided enough detail for me to make the changes you are recommending above.

I have some questoins:

[s2Member-Pro-AuthNet-Form level="3" ccaps="" desc="$<?php echo (esc_attr($_REQUEST["level"] == 3) ? "255" : "195"); ?> USD / 1 year of membership (<?php echo (esc_attr($_REQUEST["level"] == 3) ? "attorney" : "non-attorney"); ?>)" cc="USD" custom="cajp.org" ta="0" tp="0" tt="D" ra="<?php echo (esc_attr($_REQUEST["level"] == 3) ? "255" : "195"); ?>" rp="1" rt="Y" rr="BN" rrt="" accept="visa,mastercard,amex,discover" coupon="" accept_coupons="0" default_country_code="US" captcha="0" /]

Is that shortcode meant to sell only the levels of Attorney (i.e. s2 Level 3) and Non-Attorney (i.e. s2 Level 2)? And by “non-attorney” do you mean the specific level 2 or all levels that are not level 3? Or should this shortcode sell other levels too?

According to the conditional there, the link to the page with that shortcode may sometimes specify level=3, so some other page is linking to this one to pay Level 3. Does it mean that some pages link here for another level?

I forgot to say, I did not see any email notification of your last reply, that’s why took me two days to reply.

Thanks for the heads-up. Did you check in the spam folder?

Thank you again. But I’m pretty much lost now.

For one thing, I don’t know where to place any shortcodes. And we don’t have a test environment. First rule is to do no harm, but I don’t see how to avoid a fairly high risk of causing new problems.

I don’t know what I mean by non-attorney, in technical terms. I meant it in terms of what is displayed to users. The organization was provided with a 30-page manual by the guy who rebuilt the website. It does talk about these levels of Members. Maybe, if I drink enough coffee, I will understand the situation by reviewing the manual. But it has failed me many times before. Lots of issues that have come up that were not covered by the manual. And it gets further out of date every month.

I wasn’t trying to post my reply quite yet. I keep forgetting that the role of Enter (paragraph break) and Ctrl+Enter (post reply) are reversed here, compared to in Facebook posts.

I still think the settings got changed. Members used to have much more than a one-day grace period – I’m pretty sure it was 30 days. And automated reminders used to go out. I’m not saying your logic didn’t used to work the way it does now; I’m saying the settings got mysteriously changed.

The Member who first reported the renewal amount being too low is a member of the Board. He would’ve reported the issue last year if he had seen it. He’s been a member for many years and he knows the right amount for a renewal. And I was charged the correct amount last year, I looked it up in my bank records. My level of membership hasn’t changed. I would find it hard to believe that any of our Members would silently cheat just to save $60.

To your statement “$_REQUEST[“level”] == 3 ? “255” : “195” only accounts for those coming for Level 3, everyone else gets the $195 price. It’s easier to pick the 195 case and show everyone else the default 255,” I don’t know of any level of Member who is supposed to be able to renew for $195. Everyone is supposed to be charged $195 for their first year, and then they get to renew every year thereafter at $255. Everyone, except that is for “former presidents” of the organization, and “honorary members” – they get free membership for life. Maybe some of the conditions you are seeing in the shortcodes have to do with those two special cases.

P.S. I searched my email for your name and nothing came up in the spam folder. Another glitch in the Matrix … except this was not a déjà vu but rather a did not vu.

I’ve been a volunteer too, so I understand. And I’m sorry that the person before you didn’t turn the hat over correctly.

I see you have these levels in your configuration:

Screenshot_2019-04-28 s2Member General Options ‹ CAJP — WordPress.png282×543 28 KB

Are only the level 2 (Non-Attorney) and level 3 (Attorney) being sold? If so, then your shortcodes could be like this:

[s2Member-Pro-AuthNet-Form ccaps="" cc="USD" custom="cajp.org" ta="0" tp="0" tt="D" rp="1" rt="Y" rr="BN" rrt="" accept="visa,mastercard,amex,discover" coupon="" accept_coupons="0" default_country_code="US" captcha="0"]
  [s2Member-Pro-AuthNet-Form level="3" desc="255 USD / 1 year of Attorney Membership" ra="255" /]
  [s2If is_user_logged_in()]
    [s2Member-Pro-AuthNet-Form level="2" desc="255 USD / 1 year of Non-Attorney Membership" ra="255" /]
  [else]
    [s2Member-Pro-AuthNet-Form level="2" desc="195 USD / 1st year of Non-Attorney Membership" ra="195" /]
  [/s2If]
[/s2Member-Pro-AuthNet-Form]

I avoided using PHP there, and instead used the pro-form checkout options, and a simple conditional. Please see these:

As you can see, only someone selecting level 2 when not logged in, will get the $195 price. And non-attorneys will be assigned level 2, where the previous code always gave level 3.

It defaults to the 1st option, Level 3 Attorney, but you can link to the 2nd option directly adding ?s2p-option=2 at the end of your URL.

Paste it on your page and try them, logged in and not. Go ahead and edit it if you want to customize it further.

I hope that makes it simpler for you to understand and use.

I just looked at the two pages to which you linked above. The Simple Shortcode Conditionals looks more useful than the article about multiple checkout options. We don’t want to give any Member multiple options for renewal. We just want each member to see the correct price for renewal.

But I’m still not seeing how this got so complicated – how we lost the functionality that was working from 2015 through 2018. There’s got to be something that got turned off or deleted.

I would be surprised if any backups from 2018 were still available at our hosting service. I guess I can check to see what backups do exist, and maybe do a folder/file comparison. Would it be safe to assume that I can restrict my comparison to the …/plugins/s2member folder structure?

Yes, you can review those. Rather than the plugin, I’d review the configuration, and the pages with the shortcodes, to see if anything changed there. WP pages have a log of revisions.