Cristián Lávaque
Forum Replies Created
-
Thanks for the additional details.
It seems like the normal package would be fine and update automatically if it were not for pro needing to be updated a lot.
I see. Well, when there’s a new Pro version available, the updater will tell you about it. Pro is still active, but the updater will keep telling you about the newer version. Since I’m making more frequent releases, you’re seeing it more often. Would you prefer to have an option to hide the Pro update notices?
I also get lots of nagging from the security plugins about S2 member.
In recent weeks there was that, but they’re happy with the latest releases now, and they’ve marked those as fixed already, so you shouldn’t be seeing more of that if you’re using the latest version.
but one customer looked at the tutorials and it wasn’t slick enough for them. I guess they wanted fancy admin panels rather than lots of code options
Ah okay, you’re talking about site owners, like clients that you created sites for, not just regular site members, right?
Well, there’s plenty of admin panels, but also code options for further customizations. Or by code are they talking about the shortcodes?
I never know how the user is seeing S2 or if the portals/pay screens are showing correctly
Why not? what do you mean? that made me curious. The only thing that comes to mind are the pro-forms not showing/working correctly when the s2Member file for CSS and JS (s2member-o.php) is being blocked by a security setting on the site/server. https://s2member.com/kb-article/mod-security-odd-403-503-500-errors/
Is that what you mean? If that’s an issue at all, it’s noticeable right away, after you get the security configuration sorted, it’d continue looking and working fine.
Currently I have three sites that use it and two have it deactivated until I can go in and get my head around it again. The third I’m not sure is working or not.
Would you like me to help you figure those out? If you give me the details of the difficulty you’re having with each, I’ll be happy to help you.
I do actually like S2 member a lot and have had it working a few times.
Great 😊
Hi fantasysixpack,
You can create a page that shows those details using the s2Get and s2EOT shortcodes, for example.
https://s2member.com/kb-article/s2get-shortcode-documentation/
https://s2member.com/kb-article/s2eot-shortcode-documentation/
For an email on cancellation there isn’t an interface, but it can be done with a customization. See: https://forums.wpsharks.com/t/send-user-an-email-when-they-cancel/7629
Here’s a related article that could help too: https://s2member.com/kb-article/how-do-i-send-an-email-when-the-membership-level-is-changed/
I’m adding the cancellation email idea to my feature requests list with your vote.
🙂
Cristian
- This reply was modified 1 year ago by Cristián Lávaque.
Yes, you can do those things with the s2Member Framework.
In the restriction options you can restrict all pages and posts, just enter
all(instead of post ID) to restrict all posts/pages. WP Admin > s2Member > Restriction OptionsYou can close registrations from the General Options. WP Admin > s2Member > General Options > Open Registration
If you delete s2Member, the restrictions just aren’t applied.
There’s no conflict with Wordfence.
Let me know if you have more questions.
🙂
Cristian
I addressed those notices in recent releases. Those happened right at a time when I had some personal issues that kept me away for a bit.
The reports you’re talking about were hugely exaggerated or misleading, and they didn’t give site owners enough details for you to asses the real risk. One “vulnerability” required one to be an administrator of the site to misuse s2Member’s Logs Viewer to see some other file’s contents… If you’re an administrator you don’t need that, you’d already have better ways to do anything you want with the site. The other “vulnerability” required someone to be an Editor of the site to use an s2Member Pro shortcode, then he could load a file from the server, but it omitted to mention that the same user would need the capability to upload that file in the first place, in which case he doesn’t need s2Member to do something with it… Anyway, I addressed those so they’d remove the warnings.
🙂
Cristian
Hi Justin,
I’m not sure what you mean by Pro deactivating. Pro hasn’t required a matching version with the Framework for many years now. Could it be that you have a very outdated installation? It doesn’t sound like it, but that’d be the only way for that to happen… You could get the Pro update notice so you know there’s new one available to update, but Pro would still be active if you have any version from the last years…
About the look, what users do you mean? They don’t see the admin pages. Or do you mean some s2Member form? you can customize their look if you want. I’m curious about what you mean by that, so I can take a look at how I could improve it.
🙂
Cristian
Hi cboatin18,
I’m just seeing this review. I’m very sorry I worried you. Those happened right at a time when I had some personal issues that kept me away for a bit. I addressed those notices in recent releases.
The reports you’re talking about were hugely exaggerated or misleading, and they didn’t give site owners enough details for you to asses the real risk. One “vulnerability” required one to be an administrator of the site to misuse s2Member’s Logs Viewer to see some other file’s contents… If you’re an administrator you don’t need that, you’d already have better ways to anything you want with the site. The other “vulnerability” required someone to be an Editor of the site to use an s2Member Pro shortcode, then he could load a file from the server, but it omitted to mention that the same user would need the capability to upload that file in the first place, in which case it doesn’t need s2Member to do something with it… Anyway, I addressed those so they’d remove the warnings.
That’s good to know. Thank you for the update! Glad you found the problem and hope you could then solve it.
🙂
Hi @webbud65
Could you tell me the steps to reproduce it? is it that the form doesn’t display, or it doesn’t work when submitted?
Do you have any errors in your debug log? https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/
And in case it helps, could you enable s2’s logging and reproduce the problem, to see if you get any related entries there? WP Admin > s2Member > Log Files
Can I have a link to your page with the form to take a look?
🙂
Hi @li-an
Do you mean if s2Member is fine with WP 6.6? Many are using them, and I also have it as one of my test installations, actually I have the latest alpha, and haven’t seen an issue.
In any case, and this goes for all plugins/themes/etc, it’s always best practice to do a backup before changes, so you can revert if needed.
Let me know how it goes. 🙂
Hi @invaderb
I released the fix for it. If you could, please remove this thread to avoid making this known to someone that could try to exploit it. People will take a few days to update their sites.
Let me know if you have any questions after the update.
🙂
Hi @drcheap
Yes, I’m aware. I am working on it at the moment. Will be releasing a fix soon.
Could you remove the details from here to keep it more secure? Thanks! 🙂
Cristian
Thank you so much for the review, it’s very appreciated! I’m glad you like s2Member and have used it and benefited from it for so long! It’s good to have you here. 😀
Hi Jason.
I’m sorry you had that problem! There must be something misconfigured that prevented the demotions. s2Member’s demotion is activated and set from: WP Admin > s2Member > PayPal Options > Automatic End-Of-Term Behavior
Also, it’s important that the payment gateway is notifying s2Member correctly of ended subscriptions, so it can tell when to demote/delete the user. WP Admin > s2Member > PayPal Options > Instant Payment Notifications
And while troubleshooting, it’s helpful to enable s2’s logging, so one can go over the logs for the notifications, and see if they got to s2, and what happened. WP Admin > s2Member > Log Files
There is a separate payments log addon for s2, normally the payments are followed and reviewed in the payments gateway, which is the one that has all their details and manages them.
But I see how it’d be hard to now spot several ended subscriptions in the gateway, against your site users to adjust them… Let me think if something could be done to check them in bulk…
Could you check the EOT setting, the IPN integration, and enable logging?
With logging enable, please reproduce the behavior: create test user with a 50 cent/day Level 1 subscription, then end the subscription, see if the test user gets demoted, and show me the log entries please (removing any sensitive details).
I look forward to your update. 🙂
Hi Jason.
I’m sorry you had that problem! There must be something misconfigured that prevented the demotions. s2Member’s demotion is activated and set from: WP Admin > s2Member > PayPal Options > Automatic End-Of-Term Behavior
Also, it’s important that the payment gateway is notifying s2Member correctly of ended subscriptions, so it can tell when to demote/delete the user. WP Admin > s2Member > PayPal Options > Instant Payment Notifications
And while troubleshooting, it’s helpful to enable s2’s logging, so one can go over the logs for the notifications, and see if they got to s2, and what happened. WP Admin > s2Member > Log Files
There is a separate payments log addon for s2, normally the payments are followed and reviewed in the payments gateway, which is the one that has all their details and manages them.
But I see how it’d be hard to now spot several ended subscriptions in the gateway, against your site users to adjust them… Let me think if something could be done to check them in bulk…
I see you started a forum thread, too. I’ll answer there as well. https://wordpress.org/support/topic/memberships-not-downgraded-automatically/
🙂
Great job sorting that out! 👍 Thank your update sharing your solution with the community! 🙏
😀