ProSites plugin - code fix required for automatic user signon at registration

Hello,
Please pass this along to your developers:
In the ProSites plugin version 3.5.4, the file pro-sites/pro-sites-files/lib/ProSites/Helper/Registration.php contains an error. The definition for the function activate_blog calls the WordPress core function wp_signon using an array with an incorrect value for the 'user_login'. The 'user_login' should be the username; but in this function, the 'user_login' is incorrectly set to the numerical user_id on line 119.
As a result, after signing up for the first time and successfully making a payment, the auto-login fails, and depending on the site's security settings, the user may be locked out!
The function wp_signon is called three times in the file Helper/Registration.php and in the other two instances, it is called correctly. The error only occurs in the function, activate_blog.
I would appreciate a fix ASAP.
Thank you!

  • Jesse

    Hi Nastia,
    A minor correction to the above:
    I said the call to wp_signon was made three times in one file. It's actually called twice in that one file, and once in the plugin's main script. But as I said above, the other two calls are correct. It's just in that one place where the ID is passed in place of the username.
    It took me days to track this bug down. I'm not entirely happy about that. I can fix it on my own system, but if you were to release other updates to this plugin without correcting that line, those updates would overwrite my fix & revert to the buggy state.
    Thank you!

  • Sajid

    Hello Jesse,
    Hope you are doing good today :slight_smile:

    Thanks for providing more details about this issue and suggesting a possible fix for this issue too. We really appreciate that and in a way of appreciation, I am sending some points your way.

    I have forward this information to the developer of this plugin for consideration.

    Thanks again and merry Christmas :slight_smile:

    Best Regards,
    Sajid

  • Umesh Kumar

    Jesse, Thanks a lot for the fix, definitely user_login needs to be passed in to wp_signon() function instead of user id.

    Although, if you could help me replicate the log in issue. As the sign in works properly for me after the blog signup.

    As a result, after signing up for the first time and successfully making a payment, the auto-login fails, and depending on the site's security settings, the user may be locked out!

    The user gets logged in and site is activated as well on the setup I'm testing, can you please tell me the steps to replicate the issue, so that I can replicate and add a proper fix.

    Cheers

  • Jesse

    Hi Umesh I too had trouble tracking this down & replicating the issue in my testing environment; it would only do it on the live site. I think the key is:

    *Only occurs when a new user successfully makes a payment through a payment gateway on signup
    *Does not happen when user signs up for a "free site"
    *Does not happen when user signs up for ProSite but selects "Manual Payment" option
    *Probably would not happen if user signs up for a plan with a "free trial" introductory period (I did not test this one)

    So in order to test this in a development environment, you would probably need to connect it to a payment processor's sandbox/test API on the back end.

    Obviously I was running several other plugins at the time when this became an issue. I've made changes to my system since then, and can't recall whether or not the WPMUDEV "Set Password on Signup" plugin was activated at the time. Sorry! I mention that specific plugin because that one may or may not affect which action hooks get called on user signup; I really don't know.

    But the point is, I think the payment on new user signup is the key. I hope that's enough info to point you in the right direction. If you do need more detail on my system setup, does this forum provide a way to send me a Private Message? I'd rather not go into detail in public...

    Thank you!

    • Umesh Kumar

      Hey Jesse,

      Apologies for the delay in response.

      So in order to test this in a development environment, you would probably need to connect it to a payment processor's sandbox/test API on the back end.

      Yeah, I've setup the payment gateway in sandbox mode, still unable to replicate it.

      But the point is, I think the payment on new user signup is the key. I hope that's enough info to point you in the right direction. If you do need more detail on my system setup, does this forum provide a way to send me a Private Message? I'd rather not go into detail in public...

      Payment on signup works good in development mode, so not sure how'd it be different in live mode, It's probably a plugin conflict.

      Is it possible to put your payment gateway in sandbox mode, or it's already live?

      If that's possible, you can contact us via: https://premium.wpmudev.org/contact

      Select "I have a different question",

      Subject: "Attn. Umesh Kumar"

      Message: Link to this thread and admin login details for your setup.

      Cheers

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.