Upgrade Group Status Upgrade Group Status
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Upgrade Group Status

Started by rphMedia, November 15, 2006, 01:05:00 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

rphMedia

I'm going to have basic "Registered" users and an additional permissions group called "Members" in which a subscription is required for access to more content. The subscription option won't be available unless they are logged in.

In short (going to use PayPal scripts for subscription method), when the user pays the subscription and is redirected back to the Gallery, how can I implement a script that updates their group status to "Members" automatically? 

Edit: Hein, why was this moved to Feature requests  ???

Hein Traag

Because this is feature request. Of which there are already a couple on the board. You might also try using the Freelancers thread to ask for someone to code this.

http://forum.coppermine-gallery.net/index.php?topic=23353.0
http://forum.coppermine-gallery.net/index.php?topic=29162.0
These two were made for the same questions and closed by GauGau.

In short, it did not belong in cpg1.4 permissions.

Cheers!
Hein

Stramm

It's called instant payment notification (ipn). Hasn't much to do with CPG

Nevertheless here's all you need to know http://www.paypal.com/cgi-bin/webscr?cmd=p/xcl/rec/ipn-manual-outside




(I don't consider that to be a feature request, rphMedia asks for support)

rphMedia

Thanks guys.

I included the PayPal info as background only.  I can do all the PayPal stuff :)



I have a group_id of 109 (Members).

When they return from the payment stuff, I want a script that will change the user_group_list from blank to "109" in the DB.  I'm getting close, I just want to cover all security scenarios. 

Stramm

here you can download/ test an php IPN handler... depending on the result you could change the users member group

http://www.eliteweaver.co.uk/testing/ipntest.php

Joachim Müller

This is not a valid feature request, as rphMedia did not request a feature for future versions of coppermine, but is requesting immediate advice for a hack he's trying to accomplish. He's not asking for this hack to be added to Coppermine's core in the future. Stramm has moved this thread back to the support board.

@rphMedia: sorry for the confusion and meta discussion about the proper board this thread is meant to go into.

@Hein: sorry for undoing your moderation. Please accept my apologies - I'm not trying to be difficult here. Don't let this discourage you - your support for the community is very important. It doesn't hurt if such minor moderation misunderstanding happens.


Hein Traag

Live and learn GauGau , no apologies needed :D

Sorry rphMedia. My bad.

Cheers!
Hein

rphMedia

Stop with all the apologies, NP - I can see how it could be misconstrued.

And thanks Stramm for the links.  Trying to piece it all together.


rphMedia

OK Stramm, again the links were extremely helpful, and although I could probably hack something together to make it work, I'm afraid that I would put a hole in the security.  I can see how the notify.php receives the bonofide secure info and everything, and I would need to compare at least one variable to verify legitimacy, but where I get lost is getting the actual username (already registered) then changing the group status based on all of that. 

Ah... I guess I need to go the Freelancers / Paid help route.  I need this to be kind of bullet-proof.  Should I repost in there or can you (or anyone else) help me out here (or PM?).  I will gladly repost there and request close on this thread.


Stramm

you pass along the uid to paypal, and there you include it to the talkback... I do not see huge a security hole here. With having the uid you know the username, group etc and can change whatever you need. You just must make sure you're talking to paypal :) that should be taken care of in the paypal manual

One always can attack such a system. You never will be 100% safe

If you need help from a freelancer... best would be to start a new thread there. And, if you want, I'll then close this thread.

rphMedia

Got it all sorted out.  Mark this as solved/closed, thanks again !




I would post all the code, but it's pretty involved (mostly with PayPal instruction).

Stramm

I'd be happy to see what you've coded (once you did some cleanup ;) )

rphMedia

I'll throw it together and send it to you. Give me a day or so.

Cleanup ?  Ahh, it works.  Maybe you can streamline it...

Stramm

thanks, with cleanup I didn't mean streamlining the code. Just removing sensitive data (if there) etc.

I was always looking for such a solution but never had the time to come up with my own code, hehehe