So today a customer was able to adjust his checkout price and payed $0.01 for $89 worth of access. The system approved him and he got away with it. Any ideas how to prevent this?
Not sure what happened, but customer should not be able to change the price of a product. Someone from aMember support will likely need to go over your log files and determine how this happened.
yes this script has sloppy paypal integration without correct validation. I am hoping someone from support will get to this today, its a critical issue for sure. How can I turn off auto approve so I can verify payments are legit before giving access? I had a quick look through settings but could not establish how to do this.
I wouldn't automatically assume it is sloppy code. I trust you will post to this thread the answer to this issue You can try "Manually Approve New Members" on the "Advanced" tab under Setup/Configuration.
thanks mate, thats what I was after. by sloppy, I mean it fails to validate the amount paid against the amount expected. This is not an assumption, its a fact. As you can see the system was well aware this customer paid $0.01 on a $89 invoice but that did not prevent the user from being given full access. Choose your word to describe this behavior I will most certainly report back
Have you submited ticket t helpdesk already? If so what is ticket number? I will check this asap. Also feel free to contact me in Skype: alexander_cgicentral
I found it. There was a bug in paypal plugin, it didn't check amount in incoming IPN messages for not-recurring payments. Only recurring payments were checked. I applied fix to your installation.