This is mainly because I really don't want to shell out an additional $149 to upgrade my GF license required to get the PayPal addon :-(
Everything works smoothly with PayPal sandbox enabled: user is redirected back to the page upon payment, content is revealed when payment confirmation button is clicked, transaction is recorded in the backend, etc.
The only problem I have now is trying to figure out a way to prevent users from revisiting the same content once the Gravity Form "Submit" button has been clicked, and the user is redirected away from the page. In other words, I need a way, if possible, for the PPV cookie to be cleared once the GF form is submitted. Otherwise, users can abuse the form by making multiple posts until the cookie expires.
21658 pointsCommunity rank #0Supreme DeityWPMU DEV StaffLifetime member
Support Kangaroo
(joined March 2011)
Likes (0)
Greetings pcwriter,
Thank you for these great questions!
Everything works smoothly with PayPal sandbox enabled:
Surprise there. I have seen many times that the sandbox gives users the what-for and when they go live everything works great.
In other words, I need a way, if possible, for the PPV cookie to be cleared once the GF form is submitted. Otherwise, users can abuse the form by making multiple posts until the cookie expires.
I can clearly envision this happening which does bring concern of course and I admit that possibly clearing the cookie is beyond my skill level - therefore I will see if I can get the lead developer of the Pay Per View plugin for input to see if they may have any ideas on how to prevent this exact instance from occurring.
5726 pointsCommunity rank #11Supreme DeityWPMU DEV StaffLifetime member
Support
(joined July 2011)
Likes (0)
Hiya Joe,
Thanks for pinging the lead dev on this one; I have no idea where to even start fiddling when it comes to cookies... unless they're chocolate chunk of course, that's easy :-)
The problem, as I see it though, is ensuring the cookie persists while redirected to/from PayPal. Clearing only upon form submission.
I have seen many times that the sandbox gives users the what-for and when they go live everything works great.
I'm surprised too! But I created new accounts for this test and it all went smoothly.
2960 pointsCommunity rank #19Supreme DeityDEV ApprenticeLifetime member
Developer
(joined February 2012)
Likes (0)
Hi pcwriter,
This clearing process should be done in the Gravity Forms codes. I am not familiar with Gravity forms, but after submit, it should clear the cookie by using this php command, before any output is sent to the browser (for example in Wordpress "init" action of the Gravity Form plugin):
if ( isset( $_POST["submit_name"] ) ) // Name of the submit button
setcookie("pay_per_view","",time()-3600);
Please note that this will clear all orders (revealed pages) stored in the cookie. Therefore it may not be practical if you are using more than one protected page.
5726 pointsCommunity rank #11Supreme DeityWPMU DEV StaffLifetime member
Support
(joined July 2011)
Likes (0)
@Hakan,
That's what I thought I'd try first. So, in my amateurish way, I tried this in functions.php but it doesn't clear.
function clear_ppv_cookie() {
if ( isset( $_POST["gform_submit_button_2"] ) ) // Name of the submit button
setcookie("pay_per_view","",time()-3600);
}
add_action('init', 'clear_ppv_cookie');
gform_submit_button_2 is the button id of the form I'm using. Any tips on reformulating the function?
By appending the form ID, in this case 2, it applies to a specific form. So, it would appear that a simple conditional would be simple. Darn, it ain't. I've tried everything I can think of for the last hour, but can't get this to work.
2960 pointsCommunity rank #19Supreme DeityDEV ApprenticeLifetime member
Developer
(joined February 2012)
Likes (0)
Hi pcwriter,
Although I couldn't see the full form, I looked at the source codes and noticed this: Submit button does not have a name attribute. Its ID will not work. However, there is a hidden input field "is_submit_2" which takes value 1 when submit button is hit, I suppose. So please try this as the "condition":
if ( isset($_POST["is_submit_2"]) && (int)$_POST["is_submit_2"] == 1 )
If this doesn't work, there is another input field with name 'gform_submit' which takes value 2. Try that one.
5726 pointsCommunity rank #11Supreme DeityWPMU DEV StaffLifetime member
Support
(joined July 2011)
Likes (0)
Hi Hakan,
Tried all variations with is_submit_2 and gform_submit but nothing seems to do the trick. I can still go back to the page after form submission and view the content (submit the form) again. Cookie persists, stubborn little bugger.
Time for some sleep and try again tomorrow. Good thing I'm off this week; lots of time to play around :-)
Thanks for your help. If you think of anything else in the meantime, please, don't hesitate to post again :-)
2960 pointsCommunity rank #19Supreme DeityDEV ApprenticeLifetime member
Developer
(joined February 2012)
Likes (0)
Hi pcvwriter,
"Go Back" is the keyword here. Do you mean going back using the browser's Back button? If this is the case, browser will simply display the cached version of the page, i.e. the revealed content. You cannot prevent this just by clearing the cookie; then you need to make some extra coding on the server side to filter duplicate submissions.
What happens when you refresh the page?
Also use a a cookie status addon to be sure that cookie is cleared. I am using this addon for Chrome:
5726 pointsCommunity rank #11Supreme DeityWPMU DEV StaffLifetime member
Support
(joined July 2011)
Likes (0)
Hi again Hakan,
No. By "go back", I meant navigate to the page via a link from the menu or another page. Refreshing the page simply reloads the form.
But, you just gave me an idea with your comment about filtering duplicate submissions, and I think this could be resolved by looking at it from another angle. The cookie isn't actually the problem; it was simply what I nearsightedly thought would be an easy solution.
This is the challenge: if we can't delete the cookie, can we prevent the user from submitting from the same form while the cookie persists. The cookie persists for 1 hour, so an alternative could be: we could get the user's IP and block access to that page for 1 hour following form submission.
5726 pointsCommunity rank #11Supreme DeityWPMU DEV StaffLifetime member
Support
(joined July 2011)
Likes (0)
BINGO! It works with the backslash!
I successfully paid through PayPal sandbox, submitted a completed post-form and was redirected to the post page (via internal coding in GF), then navigated back to the form page via a link... to be greeted by that beautiful blue PPV button. :-)
Functional code here:
function clear_ppv_cookie() {
if ( isset($_POST["is_submit_2"]) && (int)$_POST["is_submit_2"] == 1 ){
setcookie("pay_per_view","",time()-3600,"/");
}
}
add_action("gform_after_submission_2", "clear_ppv_cookie", 10, 2);
Thank you very much for your help on this one Hakan!
Responses (16)
Support Kangaroo (joined March 2011) Likes (0)
Greetings pcwriter,
Thank you for these great questions!
Surprise there. I have seen many times that the sandbox gives users the what-for and when they go live everything works great.
I can clearly envision this happening which does bring concern of course and I admit that possibly clearing the cookie is beyond my skill level - therefore I will see if I can get the lead developer of the Pay Per View plugin for input to see if they may have any ideas on how to prevent this exact instance from occurring.
Cheers, Joe
Support (joined July 2011) Likes (0)
Hiya Joe,
Thanks for pinging the lead dev on this one; I have no idea where to even start fiddling when it comes to cookies... unless they're chocolate chunk of course, that's easy :-)
The problem, as I see it though, is ensuring the cookie persists while redirected to/from PayPal. Clearing only upon form submission.
I'm surprised too! But I created new accounts for this test and it all went smoothly.
Developer (joined February 2012) Likes (0)
Hi pcwriter,
This clearing process should be done in the Gravity Forms codes. I am not familiar with Gravity forms, but after submit, it should clear the cookie by using this php command, before any output is sent to the browser (for example in Wordpress "init" action of the Gravity Form plugin):
Please note that this will clear all orders (revealed pages) stored in the cookie. Therefore it may not be practical if you are using more than one protected page.
Cheers
Hakan
Support (joined July 2011) Likes (0)
Great tip, thanks!
I'll see if I can get some help in the GF forums as to where exactly I can include this. Thanks again!
Support Kangaroo (joined March 2011) Likes (0)
Greetings pcwriter,
Thank you for letting us know and thank you Hakan for giving up the code clue :-)
@pcwriter feel free to re-open this ticket if you still have an issue or we may offer help regarding this thread.
Cheers, Joe
Developer (joined February 2012) Likes (0)
On second thought, including it inside functions.php of your theme may be a better idea. Otherwise an update of GF will clear those codes.
cheers
Hakan
Support (joined July 2011) Likes (0)
@Hakan,
That's what I thought I'd try first. So, in my amateurish way, I tried this in functions.php but it doesn't clear.
gform_submit_button_2 is the button id of the form I'm using. Any tips on reformulating the function?
Support (joined July 2011) Likes (0)
Turns out Gravity Forms has its own hook to use upon form submission: gform_after_submission http://www.gravityhelp.com/documentation/page/Gform_after_submission
By appending the form ID, in this case 2, it applies to a specific form. So, it would appear that a simple conditional would be simple. Darn, it ain't. I've tried everything I can think of for the last hour, but can't get this to work.
Anyone have any ideas?
Developer (joined February 2012) Likes (0)
Hi pcwriter,
Although I couldn't see the full form, I looked at the source codes and noticed this: Submit button does not have a name attribute. Its ID will not work. However, there is a hidden input field "is_submit_2" which takes value 1 when submit button is hit, I suppose. So please try this as the "condition":
If this doesn't work, there is another input field with name 'gform_submit' which takes value 2. Try that one.
Cheers,
Hakan
Support (joined July 2011) Likes (0)
Hi Hakan,
Tried all variations with is_submit_2 and gform_submit but nothing seems to do the trick. I can still go back to the page after form submission and view the content (submit the form) again. Cookie persists, stubborn little bugger.
Time for some sleep and try again tomorrow. Good thing I'm off this week; lots of time to play around :-)
Thanks for your help. If you think of anything else in the meantime, please, don't hesitate to post again :-)
Developer (joined February 2012) Likes (0)
Hi pcvwriter,
"Go Back" is the keyword here. Do you mean going back using the browser's Back button? If this is the case, browser will simply display the cached version of the page, i.e. the revealed content. You cannot prevent this just by clearing the cookie; then you need to make some extra coding on the server side to filter duplicate submissions.
What happens when you refresh the page?
Also use a a cookie status addon to be sure that cookie is cleared. I am using this addon for Chrome:
https://chrome.google.com/webstore/detail/fngmhnnpilhplaeedifhccceomclgfbg
Cheers
Hakan
Edit: I noticed a unique ID inside the form. Maybe GF will not accept a duplicate submission. Did you try to submit the same form once more?
Support (joined July 2011) Likes (0)
Hi again Hakan,
No. By "go back", I meant navigate to the page via a link from the menu or another page. Refreshing the page simply reloads the form.
But, you just gave me an idea with your comment about filtering duplicate submissions, and I think this could be resolved by looking at it from another angle. The cookie isn't actually the problem; it was simply what I nearsightedly thought would be an easy solution.
This is the challenge: if we can't delete the cookie, can we prevent the user from submitting from the same form while the cookie persists. The cookie persists for 1 hour, so an alternative could be: we could get the user's IP and block access to that page for 1 hour following form submission.
What think ye?
Developer (joined February 2012) Likes (0)
You should not rely on IP. It can simply be faked or hidden using some proxy websites.
Cookie should be cleared. Can you change the second line like this:
Support (joined July 2011) Likes (0)
BINGO! It works with the backslash!
I successfully paid through PayPal sandbox, submitted a completed post-form and was redirected to the post page (via internal coding in GF), then navigated back to the form page via a link... to be greeted by that beautiful blue PPV button. :-)
Functional code here:
Thank you very much for your help on this one Hakan!
Developer (joined February 2012) Likes (0)
Hi pcwriter,
According to php manual "/" should not be necessary, but apparently it is required on some server installations.
I am glad that you achieved the result you are looking for :)
Take care
Hakan
Support (joined July 2011) Likes (0)
Update:
The following works just fine to clear the cookie, without any condition being specified through an if statement:
Yippee!
Become a member