In fact, this look seriously bugged. I have the shortcode [swpm_thank_you_page_registration] in my page. If I just go to that page in an incognito browser, it outputs the url to the registration page with the code for user one, exposing their details.
Hi, did you follow the instructions below to add the thank you page to your payment button?
https://simple-membership-plugin.com/paid-registration-from-the-thank-you-page/
If I just go to that page in an incognito browser, it outputs the url to the registration page with the code for user one, exposing their details.
Can you provide more information regarding the above comment. I am not sure what you mean because I carried out a test without carrying a transaction. I opened the Thank You page URL in a new browser tab and all I could see is the following message on the page.
If you have just made a membership payment then your payment is yet to be processed. Please check back in a few minutes. An email will be sent to you with the details shortly.
Kind regards.
-
This reply was modified 1 year, 1 month ago by
mbrsolution.
Hi, yes I’ve configured the button.
Either way, I send a friend straight to the page with the shortcode in who has never been to the site. It just gave them the registration link which exposed the user details associated with that account. If you send me contact method, I’ll share the link so you can see it for yourself.
Here is a picture of the open page with the tag in, and how the page content looks when you load it from an incognito browser directly. The link takes you to a form containing the email address of the first user. https://imgur.com/a/evL5OZ2
Hi, to me this sounds like a cache issue in your site. Are you running a cache plugin in your site? Is your server running a cache system by any chance? Are you using a CDN service?
Kind regards.
Site is hosted on Siteground (so a pretty big provider). They do have a cache, but clearing that doesn’t help. Basically, if I go to the thankyou page when logged in, I see
Your membership profile will be updated to reflect the payment.
Your profile username: <username>
If I go in an incognito browser, with the cache cleared and then turned off, I get a link which takes me to user id 1 and exposes the email address.
Hi, unfortunately I cannot reproduce this issue myself. I have submitted a message to the developers to investigate further your findings.
Kind regards.
Hi, this is a caching type issue. So unfortunately, we won’t be able to do anything from our end. I have explained the caching issue below so you can see why it creates this problem. You won’t be able to use that “Thank You” page registration option 🙁 You can remove the “Thank You” page and only keep the email option which will work fine (the email option is the primary option). Alternatively, you can try this 2nd method of registration process (so thank you page registration is not required at all):
https://simple-membership-plugin.com/allowing-members-create-account-prior-completing-membership-payment/
The only other option is to try a different plugin.
The Caching Issue
The membership functionality needs a dynamic page being shown to the members. A cached page simply shows a static cached page (our plugin doesn’t get a chance to apply the conditions to that page). When a cached page is being shown, the user is not actually being shown a page which can read the login status of the user then show/hide the page’s content accordingly. That’s what causes the issue with membership type setup because membership type site is not the same as a blog type site. Caching is normally fine with a Blog type site where there is no need to show content based on a member’s login status.
This isn’t as simple as a server caching issue. I’ve confirmed with Siteground support that this page isn’t being cached server side.
If I go to the url when not logged in, I’m getting the screen with my admin users username on. This is obviously wrong.
If I clear my browser cache and cookies, I get the membership link for the first unregistered member. This is still wrong. Why has it randomly decided I’m the first user? This should never happen and must be a bug in the application somewhere. What’s more weird is that Chrome was reporting that this was a successful 200 get and that the cache wasn’t used.
If I load it from my phone and not on my Wifi connection, I get the correct screen saying to wait for the email to arrive. I not aware of any ISP side caching that could cause this behaviour.
Either way, this is still pretty concerning that this tag can expose a customers name and email address as it did when I first used it. There definitely something off here!
oh! Unless you’ve save an IP address with the registrations and are matching them? That would explain the behaviour? I.e. you are matching my IP when I load that shortcode with an incomplete user registration and showing me the details of that user?
As there are no users with an IP that matches my mobile IP, it’s correctly displaying the page without a user link?
Yes, that feature saves the IP address when the payment button is used.
sales tax is not sent to paypal just gross transaction is there a way to change this so it breaks out sales tax to paypal?
