Membership - user redirected to Protected page after paying with Paypal

When a user subscribes to a "free subscription" the user gets redirected to a welcome page we created called http://ourdomain/welcome

But when a user subscribes and uses Paypal to pay for a paid subscription, the user is being redirected to the URL http://www.ourdomain.com/protected and getting our "protected" message.

In the plugin Paypal settings, it says
"In order for Membership to function correctly you must setup an IPN listening URL with PayPal. Failure to do so will prevent your site from being notified when a member cancels their subscription.
Your IPN listening URL is: http://www.ourdomain.com/paymentreturn/paypalexpress/"

We have the URL "http://www.ourdomain.com/paymentreturn/paypalexpress/"
setup correctly in our Paypal account.

In Membership->Options we have a page called "Welcome" in the option "Registration completed page"

How can we get users to be redirected to /welcome after they pay with Paypal?

  • Vaughan
    • Support/SLS MockingJay

    Hi @Hector Torres,

    The problem is that sometimes it can take paypal a few minutes or a while before they respond, until that time the user is still classed as unpaid.

    In all members page, do you see the user account? is it actually subscribed to the subscription plan they subscribed to?

    Thanks

  • Hector Torres
    • The Incredible Code Injector

    Hi Michael,

    Thanks for making those changes. We have a separate issue pending ( https://premium.wpmudev.org/forums/topic/affiliates-bug-after-adding-1-subscription-4-credits-were-given-to-the-affiliate#post-671573 )
    that also requires for us to add a new paid subscription in order to test.

    Since this is a LIVE site, we have to undo everything ( reverse charges, delete and add user) each time we test this. So we're going to wait and see if we get some feedback on other issue in the next 48 hours so we can test both of them at the same time.

  • Hector Torres
    • The Incredible Code Injector

    @Michael Bissett
    We tested this after adding a Beta version of the Affiliate Plugin Version 3.1.5.8-Beta2 ( see
    https://premium.wpmudev.org/forums/topic/affiliates-bug-after-adding-1-subscription-4-credits-were-given-to-the-affiliate/page/2#post-674010 ) and after installing the latest version of Membership plugin Version 3.5.1.5 that was released a few hours ago.

    The result was the same: the user got redirected to the URL http://www.ourdomain.com/protected and got our "protected" message.

    Again, the only reason we waited to test this was to take advantage and be able to test all of this in one subscription.

    Please check with @Paul and @Rheinard to see if the new releases have anything to do with this still not working as expected.

    Thanks!

  • Hector Torres
    • The Incredible Code Injector

    Additionally, we just noticed the following:

    After the user pays with Paypal and gets redirected to the URL http://www.ourdomain.com/protected

    If after that we try to change the browser's URL to any page on the website including the root ( http://www.ourdomain.com ) the user continues to be redirected to the URL http://www.ourdomain.com/protected

    However, if we change the URL to http://www.ourdomain.com/account then the user can see his account information.

    So it appears that after registering and paying with Paypal, the user is being restricted to only see the account page.

    We checked and made sure that the user got the expected subscription and access level so we are baffled as to why this is happening.

  • Rheinard
    • The Incredible Code Injector

    Hi @Hector Torres,

    This is definitely strange behaviour. Mind if I take a look at your site?

    Could you please grant support accessing using WPMU DEV Dashboard?

    Admin -> WPMU DEV -> Support -> Support Access Tab

    Or alternatively, to have a good look, can you please send in:

    - Mark to my attention - ATTN: Rheinard Korf
    - Link back to this thread
    - Include admin/network access
    - Include FTP
    - Include any relevant URLS for your site

    On the contact form, select "I have a different question", this ensures it comes through and gets assigned to me.

    https://premium.wpmudev.org/contact/

    Whichever method you're comfortable with.

    I am suspecting there is something happening with negative/positive rules and would just like to take a look.

    Cheers,
    Rheinard

  • Hector Torres
    • The Incredible Code Injector

    We have granted you access via WPMU DEV -> Support -> Support Access Tab

    The username that we used for the subscription is h torres 4 (without the spaces). We logged out the user, the logged in user again, and that user now can not see any of the pages except for the /account page. The user can not even see pages that are available to users that are not logged in.

    Please check and let us know what you find. Thanks!

  • Hector Torres
    • The Incredible Code Injector

    I think we figured out the problem. In the last 24 hours we also added the following line define('FORCE_SSL_ADMIN', true); in our wp-config to force SSL logins.

    We are going to remove that line from the wp-config now. But does that mean we can not have SSL protected pages?

  • Rheinard
    • The Incredible Code Injector

    Hi @Hector Torres,

    I hope that is the issue, because I've been looking and cannot see obvious issues.

    I created a new user testuser and a very secret page to test user levels on... Nothing is jumping out.

    Can you let me know when you deactivated SSL so that I can have another look? (will be a bit later, so happy if @Vaughan or someone else could jump in until I get back)

    Regarding SSL, if you only use it for some pages you can add those pages to a new URL group specifying https:// addresses. To make it work across your site there may have to be some more changes made to your config.

    Will look into this for you as soon as I'm back at the desk.

    Cheers,
    Rheinard

    UPDATE: I should add that the test user can't access anything.

  • Hector Torres
    • The Incredible Code Injector

    We do not know what is going on. Once a user logs in, the user can not access anything. We are going to restore the site to how it was before we applied Membership update and the Affiliate Beta so our current users can access the site.

    We will have to create a cloned site and try to test all of this again from scratch sometime tomorrow night our time ( about 20 hours from now )

  • Hector Torres
    • The Incredible Code Injector

    @Rheinard and @Paul

    We did not create a clone site. Instead we restored the site and we're using the versions we had yesterday morning of Affiliate and Membership (before the affiliate beta release and before the Membership update released yesterday).

    We thought the problem was the SSL login. But we removed the line define('FORCE_SSL_ADMIN', true); from the wp-config file and every time we login using http://www.ourdomain.com/wp-login.php (no SSL in the URL) we still get
    re-directed to the https://www.ourdomain.com/account page (with SSL https:// )

    After the login, no matter what page on the site we try to view (whether we use http or https) , we get redirected to the /protected page.

    We've spent the entire day answering emails from our clients who can not login. And who knows how much business we've lost today from people frustrated that they can't login and see our content.

    Please help us with this. Any clue why we're getting re-directed to SSL protected pages after the login? And why after login we can not see pages if we change the URL to http instead of https? We are not using a re-direct plugin.

    Thanks!

  • Rheinard
    • The Incredible Code Injector

    Hi @Hector Torres,

    SSL is usually a server side thing when the certificate gets installed. Unfortunately I cannot diagnose this problem, but I can definitely give it my best shot to see if I can help you with the login issue.

    I might have to dig a bit deeper than just using our dashboard access. Can you please send in:

    - Mark to my attention - ATTN: Rheinard Korf
    - Link back to this thread
    - Include admin/network access
    - Include FTP
    - Include any relevant URLS for your site

    On the contact form, select "I have a different question", this ensures it comes through and gets assigned to me.

    https://premium.wpmudev.org/contact/

    I'll then be able to take a closer look to help resolve this.

    Cheers,
    Rheinard

  • Rheinard
    • The Incredible Code Injector

    Hi @Hector Torres,

    There is a URL Group conflict with one of your plugins. I am not sure which one. So I disabled the URL Group and everything has returned back to normal.

    You also don't need the URL Group for the PayPal IPN address. It's a special one that Membership will allow anyway. Just make sure your IPN points to http://YOURDOMAIN/paymentreturn/paypalexpress/ and if you enable SSL make sure it points to https://YOURDOMAIN/paymentreturn/paypalexpress/

    Will see if I can identify conflicting plugins.

    Cheers,
    Rheinard

  • Hector Torres
    • The Incredible Code Injector

    @Rheinard and @Paul

    We installed the Membership 3.5.1.5 and Affiliate Beta 3.1.5.8

    We tested the registration and login for a free user. The user can now see all the content whether the URLs are http or https. This is the expected behavior.

    We are back to normal now as @Rheinard mentioned. This confirms that all of the access issues were being caused by the "URL Group" which were removed by @Rheinard

    We have also change the Paypal IPN to use https (not sure if this will make a difference as far as the initial problem that we reported with this post) but our Registration is using SSL ( https) so it might work.

    Now we're going to test
    #1 ) the initial issue reported on this post which was:
    "when a user subscribes and uses Paypal to pay for a paid subscription, the user is being redirected to the URL http://www.ourdomain.com/protected and getting our "protected" message."

    AND

    #2) the issues supposedly fixed by the affiliate beta - see https://premium.wpmudev.org/forums/topic/affiliates-bug-after-adding-1-subscription-4-credits-were-given-to-the-affiliate#post-674457

    I'll report test results in the next hour.

  • Hector Torres
    • The Incredible Code Injector

    @Rheinard and @Paul Here are the results of the test after we created a new user account and subscribed the user to a paid subscription using Paypal.

    #1 ) We still have the same problem that we initially reported on this post which was:
    "when a user subscribes and uses Paypal to pay for a paid subscription, the user is being redirected to the URL http://www.ourdomain.com/protected and getting our "protected" message."

    The expected behavior is to send the user to the
    Membership->Options->Registration completed page which is /welcome on our site.

    AND

    #2) please see https://premium.wpmudev.org/forums/topic/affiliates-bug-after-adding-1-subscription-4-credits-were-given-to-the-affiliate#post-674457
    for test results related to the issues on that post.

  • Rheinard
    • The Incredible Code Injector

    Hi @Hector Torres,

    I agree, lets get these threads on track. There have now been other reported cases of protected pages upon successful PayPal transactions. The most sensible suggestion for why this happens is PayPal IPN lag.

    The immediate fix for this would be to go to /membership/classes/Membership/Module/Protection.php and remove the following code from line 180 to line 184 (please don't remove anything else or protection will break).

    // If welcome page then redirect.
    if ( isset( $M_options['registrationcompleted_page'] ) && $post->ID == $M_options['registrationcompleted_page'] && ( !is_user_logged_in() || !Membership_Plugin::current_member()->has_subscription() ) ) {
    	membership_redirect_to_protected();
    	exit;
    }

    I'm just tagging some of the other support guys for their reference here too: @Jack Kitterhing , @Patrick Cohen, @Mac, @Sandeep Kumar, @Vaughan, @Ashok

    I will flag this as an immediate issue for the next release and look into this behaviour more carefully.

    Cheers,
    Rheinard

  • Hector Torres
    • The Incredible Code Injector

    @Rheinard and @Paul

    We just ran another test and got the same result. The user after paying with Paypal got redirected to /protected page,

    Here's how the code looks in the file:

    // HT 05-21-14 commented the lines below so that user gets redirected to /welcome page after paying membership // If welcome page then redirect.
    // if ( isset( $M_options['registrationcompleted_page'] ) && $post->ID == $M_options['registrationcompleted_page'] && ( !is_user_logged_in() || !Membership_Plugin::current_member()->has_subscription() ) ) {
    // membership_redirect_to_protected();
    // exit; // }

  • Hector Torres
    • The Incredible Code Injector

    @Paul and @Rheinard

    Here's some additional info that might hep you figure out what is going on.

    We looked in the 2 Access Levels that we created. We have 1 access level for free subscribers and 1 level for paying subscribers. We only have "positive" rules In both levels. When we click on the "Pages" drop-down on both levels, the /account page and the /welcome page do NOT appear there. I assume this is normal behavior and that the plugin is somehow giving those 2 pages special treatment.

    Here's the interesting part: when a user visits the site and that user has NOT subscribed, that user can see the /welcome page. But if the user tries to see the /account page, then the user is re-directed to the /protected page. As far as we know this has been the case since we first installed the plugin a few days ago (before any updates and before changing the code above)

    We do NOT care if the /welcome page is not protected and that the /account page is protected. We have added messages in those pages to adjust for this. We're just pointing this out to see if it helps you.

    We really need this fixed. This is a big issue because users will get confused after they pay. They might hit the back button on the browser thinking the payment did not work. Please help us resolve this. Thanks!

  • Vaughan
    • Support/SLS MockingJay

    Hi @Hector Torres,

    The developer is looking into this, but paypal can sometimes be extremely slow at sending it's response out for the IPN. which basicly means membership plugin doesn't know you've paid as it hasn't had the response back. A bit of a pain and definitely an inconcenience and annoyance, but hopefully we can get this figured out soon.

    Thanks

  • Hector Torres
    • The Incredible Code Injector

    Hi @Vaughan

    Thanks for the reply. Here's some more info after we did some more testing today.

    You mentioned that "membership plugin doesn't know you've paid as it hasn't had the response back from Paypal"

    However, after the user pays with Paypal and gets re-directed to /protected page, we noticed that the user is successfully logged in and subscribed to the subscription the user paid. And if the user goes to a protected page like /account the user is able to see that page. So we can only assume that the membership plugin should have a way to check that the user has subscribed and therefore that the user has paid.

    Hope this helps.

    Thanks!

  • Rheinard
    • The Incredible Code Injector

    Hi @Hector Torres,

    Please try the attached version of the Protected.php file. You will need to replace the one currently at /membership/classes/Membership/Module/Protection.php

    Let me know how you go. I changed the logic here a bit so hopefully will work.

    Also, can you please verify that the return address you specified is the one recommended when you change the gateway settings in Membership.

    E.g. http://yourdomain.com/paymentreturn/paypalexpress/

    Glad that it worked for Authorize.net though. Thanks for letting me know.

    Cheers,
    Rheinard

  • Hector Torres
    • The Incredible Code Injector

    Hello @Rheinard

    Thanks for creating that .php file for us. As you know, since we are running Paypal LIVE, each time we do a test we have to Credit and Debit accounts, delete user accounts, etc. So we are hopefully going to find the time to test this in the next 48 hours.

  • Hector Torres
    • The Incredible Code Injector

    PS we have our IPN in Paypal account set to:
    https://yourdomain.com/paymentreturn/paypalexpress/ (with https)

    As mentioned earlier in this thread we have already tried using
    https://yourdomain.com/paymentreturn/paypalexpress (SECURED)
    AND
    http://yourdomain.com/paymentreturn/paypalexpress/ (UNSECURED)

    Just to make sure before we do the new test, does it make any difference if we use HTTPS in that URL with the new Protection.php ?

  • Dave
    • The Incredible Code Injector

    Hey Guys,
    I'm going to drop into this conversation since I was having the exact same issue with Paypal customers being redirected to the "Protected Content" page.

    FYI - I just added the Protected.php file and everything works now. Thanks for the solution!

  • Hector Torres
    • The Incredible Code Injector

    @Rheinard @PC We finally tested this again just now and we got the same exact result as before:

    after paying with Paypal, user gets re-directed to the /protected page.

    If we register a free subscription user, the user gets re-directed correctly to the /welcome page. The /welcome page is NOT protected and can be reached by anyone that goes to the website.

    Someone above posted that they got it to work. We have a Paypal business account. We verified again that we have the IPN set to
    https://www.mydomian.com/paymentreturn/paypalexpress

    Could this problem be due to the Paypal account type? I am still inclined to think you are sending the user (after paying with paypal) to a page that is PROTECTED.

    Please help us resolve this. We have been at this for over two weeks now. I highly recommend that you guys have a LIVE Paypal account in-house so you can test this on your side. Thank you!

  • Hector Torres
    • The Incredible Code Injector

    Hello @Patrick Cohen

    Yes we are using the Protection.php file you guys provided us above. We have a child theme and it ONLY has the following code in it:

    /* 2014-05-05 the following code disables admin bar for all users except for admins */
    add_action('after_setup_theme', 'remove_admin_bar');
    function remove_admin_bar() {
    if (!current_user_can('administrator') && !is_admin())
    {
    show_admin_bar(false);}
    }

    /* 2014-05-05 the following code disables the dashboard for all users except for admins by redirecting to another url whenever user tries to access wp-admin.php */
    add_action( 'admin_init', 'remove_dashboard' );
    function remove_dashboard() {
    if ( is_admin() && !current_user_can('administrator') && !(defined('DOING_AJAX') && DOING_AJAX))
    {
    wp_redirect('https://www.mydomain.com/account' );
    exit;
    }
    }

  • Dharmendra
    • The Incredible Code Injector

    Hello @Hector Torres

    I hope you're well today and sorry about the delay on this.

    I have tried the same and I was able to replicate the same issue on my test site using the PayPal sandbox account.

    I have figured out the workaround to fix this issue.

    Please add below mentioned code to your theme's functions.php file. You can use child theme as described here https://premium.wpmudev.org/blog/create-wordpress-child-theme/ to upgrade-safe edit.

    function mypaypalredirect( $url ) {
    return 'http://theurlIwanttogoto';
    }
    
    add_filter( 'membership_return_url_paypalexpress', 'mypaypalredirect' );

    Please note that you will need to replace the http://theurlIwanttogoto with https://www.mydomain.com/account to redirect users to account page after processing with PayPal payment.

    Please have a try and let if that works fine.

    Have a great day! :slight_smile:

  • Hector Torres
    • The Incredible Code Injector

    Dear all , we made the code changes and once again we got the same results. This is very frustrating and time consuming to have to test this every time. We do not have an internal test team like you guys.

    When you guys test this with a LIVE Paypal account and get it to work, let us know us we can test again. if you want to login to our site and test somehow we will give you access.

    In the meantime we had to change the message in the "protected" page to let our new subscribers know that they might get this "protected" message after paying and we give them a link to their account page.

  • Jack Kitterhing
    • Code Norris

    Hi there @Hector Torres,

    Hope you're well today and sorry about the extreme delay here.

    I've just a email to the lead developer of the plugin @Rheinard so we can get this sorted for you.

    Thanks for your patience here, looks like Rheinard has all the logins needed, but if we need anything else, I'll let you know.

    Thank you!

    Kind Regards
    Jack.

  • Jack Kitterhing
    • Code Norris

    Hi again @Hector Torres,

    Just tried to look into this for you, but get a invalid username with the details you sent Rheinard.

    To make sure all information is correct, could you please send me the following.

    - In the subject field add "Attn: Jack Kitterhing"
    - Link back to this thread
    - Include admin/network access
    - Include FTP
    - Include any relevant URLS for your site

    On the contact form, select "I have a different question", this ensures it comes through and gets assigned to me.

    https://premium.wpmudev.org/contact/

    Thank you!

    Kind Regards
    Jack.

  • Hector Torres
    • The Incredible Code Injector

    Hello Jack,

    Thanks for the replies. Our site is LIVE and we are making several changes to it this week. We're afraid that any changes you might make might conflict with our changes.

    We think it would be best to create a CLONED site and then we can give you access to the clone site. Let me know if that will work for you guys. Thanks.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.