2.0.2 add a member to group

repxl · July 03, 2012, 11:49:44 AM

Quote from: Arantor on July 03, 2012, 11:42:07 AM
I have the knowledge to do this but you still haven't really told me enough to make sense of what you're trying to do because as far as I'm concerned, the best method is STILL to use SMF's own paid subs system if you want to add people to a group and remove them from a group some time in the future.

If the subscription does anything else for non-members, you really need to explain this before going any further because right now all I'm getting is the feeling that you don't want to use the paid subscriptions feature because you think your own code will work better, but unless you're prepared to build all the infrastructure to go with it (which is a LOT more than you have right now), it's going to be a gigantic headache.

its just who pay by forum ? come on i have an cool button in the homepage where they can click buy premium under their server.

the add member to group without login could solve my problems

dont worry im too using an cron job which checks if a premium servers is older then a month and if yes it delete the server membership and too the forum membership . with the remove group function.

repxl · July 03, 2012, 12:18:30 PM

hmmm so ? anyone can help me do this add/removeMembersFromGroups possible without login ?

Arantor · July 03, 2012, 12:21:49 PM

Firstly, please stop writing two posts together, you really don't need to bump after only half an hour!

Secondly, before I write this code, what measures do you have to validate that this has come from a valid IPN? It would not be hard to spoof it otherwise (unlike in SMF's case where it generates a code that is never sent to the user but only to PayPal for verification)

repxl · July 03, 2012, 12:24:53 PM

Quote from: Arantor on July 03, 2012, 12:21:49 PM
Firstly, please stop writing two posts together, you really don't need to bump after only half an hour!

Secondly, before I write this code, what measures do you have to validate that this has come from a valid IPN? It would not be hard to spoof it otherwise (unlike in SMF's case where it generates a code that is never sent to the user but only to PayPal for verification)

i have the paypal IPN callback file so there is security.

if you mean this .

https://cms.paypal.com/cms_content/CA/en_US/files/developer/IPN_PHP_41.txt

Arantor · July 03, 2012, 12:27:14 PM

What IPN callback file?

Here's the thing: when you send to PayPal you need to send something identifying the user and a secret.

I still don't know why you're trying to make this way more complicated than it needs to be. You can quite easily put your own purchase button in, but pointing to all the code that SMF uses...

repxl · July 03, 2012, 12:31:23 PM

Quote from: Arantor on July 03, 2012, 12:27:14 PM
What IPN callback file?

Here's the thing: when you send to PayPal you need to send something identifying the user and a secret.

I still don't know why you're trying to make this way more complicated than it needs to be. You can quite easily put your own purchase button in, but pointing to all the code that SMF uses...

dont worry i have all work done all is done what im missing is that the add / remove ssi.php functions will work without admin login ...

Code Select

							<form class="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
								<input type="hidden" name="cmd" value="_xclick">
								<input type="hidden" name="business" value="my email i hide it for now">  
								<input type="hidden" name="item_name" value="Premium for your server">
								<input type="hidden" name="item_number" value="1">
								<input type="hidden" name="amount" value="4.99">
								<input type="hidden" name="no_shipping" value="1">
								<input type="hidden" name="no_note" value="1">
								<input type="hidden" name="currency_code" value="EUR">
								<input type="hidden" name="return" value="http://www.fresharea.net/user">
								<input type="hidden" name="cancel_return" value="http://www.fresharea.net/user">
								<input type="hidden" name="rm" value="2">
								<input type="hidden" name="notify_url" value="http://www.fresharea.net/ipn.php">
								<input type="hidden" name="custom" value="<?php echo $user_info['id']; ?>">
								<input type="submit" value="Buy Premium - Paypal">
							</form>

there you see im getting the users id and then in the callback.php i check for all this if its true and ofc if the payment was sucessfully ... this allowes me the instant payment notification at paypal .

repxl · July 03, 2012, 04:52:27 PM

so you can help me ? :/

Arantor · July 03, 2012, 05:00:31 PM

Jeesh, you're impatient. I do have other things to do instead of just sitting here trying to figure out the mess of coding you have.

Oh, and that form is insecure. It's going to be possible for users to upgrade their account without paying by falsifying the input to the IPN. And will be trivial to do, too.

-sigh- I don't see any point in trying to explain to you how many things are wrong with your approach, so we might as well get it over with.

Are you wanting to change the user's primary group or add them to a secondary group? The queries are very different.

News:

2.0.2 add a member to group

repxl

repxl

Arantor

repxl

Arantor

repxl

repxl

Arantor