Hi @tim01
Thank you for using Paid Memberships Pro, I’m sorry to hear about this issue you are facing.
I am going to try and recreate this issue on my end for you. Paid Memberships Pro, sanitizes the input for the password field before saving this to the database.
I’m really sorry about this inconvenience caused by this.
I have run some tests on my local environment and I am unable to recreate this issue. Would you mind running a test registration on your site using the default WordPress registration process and try to replicate this issue?
Thread Starter
timrv
(@tim01)
Hello,
I’ve set-up a site where you can test. http://venernet.org/membership-account/membership-levels/
When you purchase, You can enter any fake credit card number to test. then on password put something like Dhhfs%54Rg. After that logout and login again using those credentials.
The only plugin installed on that site is the free version of PMPRO. Here’s a screenshot on the backend: https://take.ms/y5wyw
I could share the login credentials of the admin if there’s a secured link or email I could send it to.
Thank you for your feedback, I am going to run some further tests with a Multisite setup.
I will revert back as soon as I possibly can.
Please do not send through login details, this goes against the WordPress.org forum guidelines.
Thank you for your patience and understanding.
Thread Starter
timrv
(@tim01)
Thanks!
Have you tried registering on the test site that I provided? Please let us know also if you managed to replicate it as it happens on any Installation I made.
Thanks for the feedback, this sounds like a site-specific issue.
Would you mind checking your database table encoding to ensure it supports special characters?
What payment gateway are you using? Are you able to test this with another payment gateway?
Thread Starter
timrv
(@tim01)
Hi @andrewza,
Unfortunately, I don’t think that it’s a site-specific issue. I have already tried it on 3 different hosting sites, multiple local installations with different PHP versions and it’s the same. This happens only specifically on PMPRO which is weird. I don’t think it’s a matter of single and multi-site issue also as it happens on my single site install. I even tested it on your latest release 2 to 3 days ago and no luck. It’s very specific to some passwords with percent + 2 digit integer.
Single Site:
http://pmprosingle.timstructures.com/membership-account/membership-levels/
Multisite:
http://pmpro.timstructures.com/membership-account/membership-levels/
Try and register with any usernames and use password like: Dgfttr%54gs2
I have already tried changing the database encoding and it’s still the same. I have tried using the same database also for WooCommerce and it doesn’t happen to them.
They are both PHP 5.3 that uses PHP 7.3 and only the PMPRO plugin is installed and Twenty Nineteen theme is activated.
If you have a demo site where I could try to register, Feel free to send me a link and I would test it there.
Thanks!
While waiting for the reply, I’ll try to dig the code and find the cause, My guess is that there’s probably a code where pmpro thinks that the “%54” in the password is an encoded character. (ie: It thinks that it’s a letter “T”) https://www.w3schools.com/tags/ref_urlencode.asp
Thread Starter
timrv
(@tim01)
Hello,
I made some digging on the checkout code. It seems like the password field is passed to the WP function “sanitize_text_field” which sanitizes the passwords. The issue is the password now changes.
$password = sanitize_text_field($_REQUEST['password']);
Example:
$password = sanitize_text_field( 'Dgfttr%54gs2' );
This code would result to: “Dgfttrgs2” which is not the same as to what the user have typed, thus login in again would mean that the password is incorrect.
or
$password = sanitize_text_field( 'AbCd%54eFg' );
This code would result to: “AbCdeFg” which is entirely different also..
However, If you use some password like:
$password = sanitize_text_field( 'DGSg%%4trh' );
This code would result to: “DGSg%%4trh” which is the same as what the user has typed.
With this, I hope that it’s considered now as bug.
Thanks for digging deeper into this, I am going to escalate this to our development team.
Please feel free to create an issue on our Github repository regarding this – https://github.com/strangerstudios/paid-memberships-pro
Thread Starter
timrv
(@tim01)
Thanks! I have created a bug report on the Github repository. I’m not sure how you classify bugs, But I think this is a little urgent one because it involved user passwords?
Thank you for creating the issue on Github, I cannot give an exact date regarding when this will be resolved/fixed as there are many factors that go into updates/fixes for Paid Memberships Pro.
We are open to Pull Requests by the community for any of our plugins and encourage developers to contribute as this often helps speed up the process.
I’m really sorry for the inconvenience caused by this. Thank you for your understanding.
