S2 Button code suddenly not working with PayPal

php cannot be executed from within a page. That would be a huge security risk. Read the ■■■■ manual - so to say just replicate things and then you will see. You need to enter php via a shortcode.

And the temporary solution is to disable encryption. Simple as that/hard as that. The encryption is not about any personal data - but people could steal your paypal account data for credit card testing stuff - but then this as I said already doesn’t make sense on button payments. And you cannot use it to forge pro-forms.

The main problem is that anyone tech savy without encryption can check out for 0 whatever currencty he likes with 0.01 whatever currency subscription price and whatever he likes up to 5 years subscription period and initial period also whatever he likes.

They addressed that issue somehow - not even going to ask for one of his explanations! LOL

But you are right - turning OFF encryption does indeed work.

Still has the issue of ONLY allowing payment by credit card - no balance payments - but PayPal is aware of that issue (they have acknowledged that is them - something in the IPN & SOAP. -They want us to move to the ‘new’ system)

But doing that for almost 100 sites (and the other 200 we are building) is NOT a solution. That is a security issue as well.

I am assuming the reason the full code with the php works because it is not encrypted.

I would love to see s2 work the way simple does with the new system. I’m told their code is pretty clean. Only needs the Live Client ID & Key from the developer account. Sooner or later PayPal is going to lower the boom on a system they want to fully deprecate.

One can dream.

Sid

So MemberPress and others use unencrypted buttons? Otherwise they use the same PayPal implementation as s2Member? The risk of users changing the price in the button before submitting it must not be very high for MemberPress to not be concerned about it.

Memberpress uses unencrypted buttons. For others I’m not sure.
Actually the new javascript buttons seem to be easier to tamper with in general - however they don’t allow copying over for credit card testing. But I think I read some places that tampering amount in the new javascript API is no harder than in old unencrypted buttons - while encrypting them is harder.

I explained above what you need to do to tamper the amount. 95% of users are too uneducated IT wise to do it - the others could maybe do it but then it’s easy to detect. Basically the easiest would be to tamper with time or periods - so checkout with the lowest tier price on the highest tier period or so. That would be hard to detect. If someone pays say 30€ while that is a payment amount I otherwise never offer - I am quite likely to notice when doing my quarterly accounting. Especially if someone pays some cents only…

Also those max 5% would need to know that they can tamper with it and then not be afraid of you suing them. So it is very unlikely.

It’s more annoying that scammers can get your email in plain text, together with some other paypal account data.
If you ship physical stuff and use s2member you should be more concered than digital products (someone downloading or creating 1000 accounts / courses is different to someone getting 1000 products shipped at wrong price)

I don’t disagree, but I am more worried about when PayPal decides to close it all down. CTO has had ELEVEN phone conversations about IPN / SOAP. They are REALLY pushing going to their newer approaches. It’s been like they were saying it was going to be removed, without saying that.

And when you have 100 sites, that 5% changing things is a LOT of possible complaints to us asking “what the hell is going on?”

Not to mention having to tell all those non-techies to go into their PayPal and turn OFF - despite the warnings they see from PayPal - encryption.

Sid

Hopefully @clavaque can get it switched over to PayPal Checkout quickly. That is the only real solution.

s2Member works perfectly for content protection. But payments always seem to be an issue.

Actually I think you break s2member licensing agreement - because that one states:

If you’re a developer: Your clients will need to purchase their own Single-Site and/or Unlimited-Site License. We don’t support s2Member® Pro instances on domains that you do not own and operate yourself. This also gives your clients access to future releases through an account they’ll acquire at our website. It’s the approach we suggest for all developers working w/ clients needing s2Member Pro.

And 100*89USD is more or less 10.000USD. Your clients clearly operate their domains on their own. But yeah Memberpress is like 80USD/year per site so so… Guess at a 100 clients that you manage they will reduce to 50USD/year or so. So s2member in the long run still much cheaper - too cheap actually because someone gotta pay for updating/integrating features.

s2member really needs a revamp on the checkout pages. be it modern API as well as more choice of what fields you need and it needs to be fully reliably on paypal and Stripe plus make it possible to move accounts (not look up stuff in signup vars hidden in a database).

LOL - unfortunately, protecting content means nothing if you can’t get paid for it!

It has literally cost our clients a lot in lost buyers. God knows how much fun we will have if PayPal shuts down SOAP!

Sid

WE OWN THE SITES. They are ours. They use the sites to sell access to our software which is on the sites. We Host them, we maintain them, we control them. And every site says exactly that. They are only given use of the sites by being members of our program, but they do get paid by buyers who join. And WE own the domains.

Our business model is different, but not a violation. And we did pay for unlimited sites we own. You might have asked me that first.

So you franchise out the sites like McDonalds?

No it’s not a franchise, though there are similarities. It’s unique, as far as we know. But we do own everything. And I do mean everything We got tired of the traditional approach.

Sid

If you had 615 failed sales within 6 days, you get your priorities wrong. You should pay much more for leads, funnels, good interface, and so on.
Also you clearly sell subscription, as buy now is not affected by this bug. So the software your websites are selling via some kind of comission model, seems to run monthly/yearly basis too.

And no it cannot be a franchise, in a franchise people own their shop and pay license fees. I don’t get the model.

I really would like to see some sample sites of the ones you own to understand that model. And if you all own them then you have to pay taxes for VATMOSS and other countries. Wonder if all sites checkout to their own paypal account or to your paypal account?
Again solutions like quaderno for 3000 sales per month will cost you like 2000USD a year on top - but that would only work if it’s one single paypal/stripe account. Not hundreds… Or do you refund sales to EU countries? Nexus is US via state is another thing, and so on.
It’s hard to say from the outside but I guess your sites or you are encouraging to break lots of tax laws besides being a bit shady about the operating model…

And your statement you maintain the sites contradicts with you have to tell your users/whateverIshouldcallthem to switch off encryption…

Of course the whole point here, for anyone just joining us, is that @clavaque needs to update s2Member’s PayPal integration.

The payment were not the payments to us, but to them.

They pay a membership fee to the300 project. That’s all they pay.
They are given the sites to use because they are members of the300 Project.
WE host and build the sites on our domains and servers
We create the software platform on every site - adding more Apps every month to the platform(s), all created by our team.
All of it is Our intellectual property and copyrights - including the system our CTO created (the dragon framework) to manage it all.
We also add content, video courses, ebooks, etc. (also provided by our team)

Visitors to those sites pay Our members of the300 Project, that are using the sites, a monthly fee to access and use all that software.

They were they ones who lost buyers/members, not us. But we take care of our people.

And the sites are ours, so when they don’t work, the responsibility is ours to get fixed, or to replace with something that does work.

Sid

Yes, I think we can all agree on that Stephen!

If you create all that, it’s left to wonder what they do. And the more people you add the less will be there for them. Also that you are unwilling to actually say show what exactly you do raises quite some red flags.

The way you claim you rent out websites (because you own everything including content) to some (maybe multilevel) people that use their paypal (and Stripe?) accounts to sell your software against a comission or flat fee or whatever.

And if you had read that is is next to impossible to move subscriptions (because things like demotion will not work on another platform)

In general the more generic the thing is that your selling ,the more important the UI of the checkout process. And s2member lacks a lot here - something that hasn’t been updated since s2 member came out over 15 years ago. Publish some of the websites you own and build to clear up the confusion.

We don’t “claim” anything - it’s all a fact.
And I haven’t been unwilling about anything - I’m afraid I resent that.

Every site has a software platform we designed.
The Apps are integrated into the platform, which is integrated into WordPress
Like Canva, (who has 107 million users and climbing) you are using software - there is no downloading or selling. Just a membership.

There is only one membership ‘level’ on each site of the300 - a flat rate for the members
It is like renting to the300 (bit of a twist and modification on what sites like wordpress.com does), but the sites are just a bonus of membership in the300 (the lawyers took care of all that)

Since there are no upselsl or downsell etc. and subscriptions by members are not dependent on anything on the sites, it’s not as complicated as it seems.

Our proprietary management system handles the entire network of sites, from members to software, cancellations, etc…

But non of that matters. I agree - the checkout process MUST work. It must be updated - whether you have 1 site or a hundred.

Would be helpful - to know if that is going to happen, especially with uncertainty about what and when PayPal may do.

Sid

But you are right - turning OFF encryption does indeed work.

Excellent! As I suspected and Felix confirmed. Glad that solved it for now.

I see, so the PayPal Payments Standard buttons do work, s2’s integration for them does work, it’s the button encryption what they messed with somehow. And the button encryption setting in their options page gives no warning, and there was no notice that they would change or have changed that service.

There are 170+ million people using PayPal, (or is it more now?) and tens of millions of businesses. It’s fine to add new methods and features, but shutting down the older stuff is not a great idea.

Definitely…

Of course the whole point here, for anyone just joining us, is that @clavaque needs to update s2Member’s PayPal integration.

Yes, I’m working on that.

Cristian, We will provide access to a site for you to test as you like - how do we get you the information?

I’m sending you a private message where you can reply with that.

Would this same issue be the cause of an occasional “Error. Please contact Support for assistance”? Or is that a separate issue?

I think so - if you see the paypal payment form with no price
put in a price
pay for it
it returns you to the site and at the s2 URL as it should BUT
since the payment form is actually the paypal default shopping cart form
and processes the payment as a single item - NOT a subscription
what is returned to s2 does NOT have the data s2 expects
so the s2 page tells you to contact support.
I think I posted a screenshot of that error page further up the thread.

Sid