[Buy Premium] - Feature not secure

[deeaka]

it's on your the demo site. i have tested and it is the same. give me 10 minutes and i will post some pics.

 

[Mark]

just steps to reproduce are all that is needed, but i think you might not be clicking submit.

Your request will be blocked if the price expected does not match the actual price. Please ensure you are correct all the way to payment and return I will happily refund your $0.01

 

[Mark]

the demo has some restrictions and may not be the best place for you to test

please try here: http://www.aatoplist.com

 

[deeaka]

True. It's not working now. Ty and well done. I am checking VL1.0RC2 files.

 

[Mark]

Thanks for your effort helping test, i have refunded your payment

 

[deeaka]

ok. let me test that site as well.

 

[deeaka]

Nop. Not working anymore. Good job. I am going trough the VL1.0RC2 files.

 

[pratchet]

1. click on Buy Premium Membership and fill fields.
2. click on Proceed To Payment
3. NOW start tempering and click on Paypal Checkout

 

[Mark]

but you are still not premium member right?

Lets recap:

1) I have my site set to: automatically approve premium members
2) you tried to cheat me by changing the price
3) you sent me money
4) I have your money
5) you have nothing

what is the problem?

 

[Mark]

also please obscure my phone # and email from your post if you wouldn't mind.

 

[pratchet]

I need to learn to read more carefully. Sorry.

 

[Mark]

I need to learn to read more carefully. Sorry.

no sweat, i realize its not the most recognizable solution, but I thought it would be cool to see who is trying to cheat, so letting them get away with the easy part was worth it to me if they cheat that part, they will try and cheat in other ways, as an admin its nice to have the option to rid the list of these people.

 

[daannet]

Is there a possiblitity to test it with the Paypal Sandbox Mark?

 

[deeaka]

Yes there is. Find the file named user_premium.php in the folder sources/user_cp/ and find this line:

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

then modify to:

$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

Upload modified file to the server and in the admin CP goto Premium settings and change the paypal email to the paypal sandbox email. After you finished all your testing change everything back as it was.

PS: Before you modify anything make a backup of the file.

 

[armaclans]

Yes there is. Find the file named user_premium.php in the folder sources/user_cp/ and find this line:

$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

then modify to:

$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

Upload modified file to the server and in the admin CP goto Premium settings and change the paypal email to the paypal sandbox email. After you finished all your testing change everything back as it was.

PS: Before you modify anything make a backup of the file.

One more step,

If you go to your skin, "join_premium_review.html" there is a line of code that calls the paypal submit form,

<form  name="pp_value" action="https://www.paypal.com/cgi-bin/webscr" method="post">

needs to be changed to

<form  name="pp_value" action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">