News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Paid Subs verification

Started by Sir Osis of Liver, October 20, 2018, 12:37:17 AM

Previous topic - Next topic

Sir Osis of Liver

Working on this forum, not making any progress.  Looking at some options, would be fairly simple to disable PayPal verification, which would allow subs to activate on receipt of IPN (we're getting that).  What are the security risks?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Sir Osis of Liver

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

vbgamer45

Try removing

Sources/Subscriptions-Paypal.php


// If this isn't verified then give up...
// !! This contained a comment "send an email", but we don't appear to send any?
if (strcmp(trim($this->return_data), 'VERIFIED') != 0)
exit;
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Sir Osis of Liver

I know how to do it, just need to know how much of a security risk this would be.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

vbgamer45

Security risk would be only that members could get the membership for free to the group.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Sir Osis of Liver

1. How would they know it's disabled?
2. If they know, how would they get free subscription?

It's not a high risk forum, but subs are failing (6-8 some days) since a lot of things were changed due to server glitch.  Don't currently have server access, but it appears ssl certificate renewal is most likely cause.  Cert checks out ok two different ways, IPNs are received, PayPal support is no help (sucks since they outsourced to India :P).  Considering this as an option.

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

vbgamer45

They wouldn't....Unless someone is actively trying chances are very low.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Sir Osis of Liver

It may be possible to post a bogus IPN to subscriptions.php, but don't think that would work because there has to be a pending subscription to apply it to.  Verification is a PayPal security feature, but I'm inclined to think paid subs is secure without it.

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Advertisement: