[4835] Found the Paid Subscriptions BUG.

Sir Osis of Liver · September 29, 2011, 01:22:48 AM

There are multiple threads on the board dating back months describing this problem, so I won't go into detail. Basically, the subscription fails after successful payment, resulting in an inactive subscription with a 'pending payment' message in the member's profile. The cause turns out to be a configuration conflict.

Ready?

If you have disallowed guests from browsing the forum, paid subs will not work. If you change the setting to allow guest access, it works fine.

Try it. The setting is Admin -> Features and Options -> Allow guests to browse the forum. I've confirmed it on two forums in two different domains.

Aleksi "Lex" Kilpinen · September 29, 2011, 01:24:26 AM

That actually makes sense. If anyone can confirm this - then it's definitely a bug to be fixed.

vbgamer45 · September 29, 2011, 01:36:42 AM

It looks true looking at SSI code does a check for $ssi_guest_access and subscriptions.php calls SSI

Sir Osis of Liver · September 29, 2011, 01:46:13 AM

Anyone got a fix?

live627 · September 29, 2011, 02:13:58 AM

Code (Find in Subscriptions.php) Select

require_once(dirname(__FILE__) . '/SSI.php');

Code (Add before the searched string) Select

$ssi_guest_access = true;

Ricky. · September 29, 2011, 02:29:17 AM

Finally Krash you pin-pointed it

Aleksi "Lex" Kilpinen · September 29, 2011, 11:42:50 AM

Can someone confirm if the workaround offered above works? If it does, then that seems like a perfectly safe way to temporarily fix this until the devs have figured out all the details on this

emanuele · September 29, 2011, 01:18:39 PM

Good job Krash!
Thank you for your perseverance!

Tracked to be sure it doesn't get lost.

Didn't tested, but the fix should work as expected.
Thanks live too!

Sir Osis of Liver · September 29, 2011, 02:45:15 PM

Quote from: live627 on September 29, 2011, 02:13:58 AM
Code (Find in Subscriptions.php) Select Expand
require_once(dirname(__FILE__) . '/SSI.php');

Code (Add before the searched string) Select Expand
$ssi_guest_access = true;

Confirmed - it werks gud!

Nice hack, live.

antoniosaucedo · October 14, 2011, 10:57:22 AM

If have allowed guests from browsing the forum, but still have the problem.

If I had installed the mod: Hide Topics from Guests , could this be generating this problem to?

SMF 2.0

Thanks.

Sir Osis of Liver · October 14, 2011, 03:37:52 PM

Try the fix - it won't do any harm.

Joshua Dickerson · November 14, 2011, 03:03:06 PM

Before that gets committed, whomever does commit it should take extra time to ensure that doesn't inject any vulnerabilities. That seems like it is very prone to doing so.

live627 · November 14, 2011, 06:06:21 PM

What vuln?

Joshua Dickerson · November 14, 2011, 08:14:03 PM

$ssi_guest_access = true;

live627 · November 15, 2011, 12:27:50 AM

How is it a vuln? The fix I posted just opens ssi for thee paid subs. It could be a problem if people call subscriptions.php along with ssi.php, but that wouldn't really be normal flow.

Joshua Dickerson · November 15, 2011, 08:31:07 AM

I didn't say it is. I said that we should triple check that to make sure it isn't. Sleepy committed it.

edchapman · January 07, 2012, 03:59:01 PM

Not sure if this is the same problem I'm having. When users choose reoccurring subscriptions everything seems to work fine. However, if they pick non reoccurring subscriptions... the payment goes through but I have to manually add the subscription. I get an email from paypal but not the forum.

News:

[4835] Found the Paid Subscriptions BUG.