Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Please upgrade to 2.3 here. The 2.2 and earlier branches are no longer being updated.

Preimum Accounts/Paypal Help

This discussion is related to the Premium Accounts addon.
x00x00 MVP
edited February 2012 in Vanilla 2.0 - 2.2


This plug-in will not be enabled unless configuration is provided, in settings/premium

PayPal can be tricky at times. See this tutorial if you are having difficulty understanding paypal:

This plugin uses a PayPal Account ID instead of email, for privacy, security.

You need to upgrade you account to Premier or Merchant account first, if you don't already have one. It shouldn't be much hassle:

Unfortunately it can be difficult to find your PayPal Account ID. Here is some help:

Even more annoyingly in Paypal Sandbox it is even harder to get. The only way I've found works is:

Yet another way to see the PayPal Business ID or Merchant Referral ID is choose to not host your item button code or encrypt it. Simply create a test button. What you need to do is "uncheck" the option for "Save Button At PayPal" in Step 2 of the process. Then after you "Create" the button code, in the window that displays the code there is a link that says "Remove Code Protection". Select this link. Your code will be changed to clear text. Just look for the "business" variable value

Paypal Sandbox

it is a good idea to test on the sandbox before going live with your upgrade service. So you don't have to spend real money.

Here is a tutorial:

Remember that the sandbox ID is different from your live one. See above.

One gotacha is that payment are not automatically cleared in sandbox if the test account is not configured correctly. here is how to solve this issue:

Further tutorials if needed can go in this thread. Please suggest.

User have the the option to upgrade, look in you profile, and there should be a tab.

The uri for handling upgrade/premium account status is user/upgrade. You can make a link.

The plugin works on the basis of if the transaction doesn't smell right, the account is not ungraded.

I tried to make this plugin as locale friendly as possible. The following can be translated:

Premium Accounts
Transaction Log
Account Type
Subscription Period
Apply for Membership
Premium Accounts Settings
Allows users to upgrade their accounts, through paypal payment. Details must be valid to activate
Premium Accounts Log

grep is your friend.



  • Allows users to upgrade their accounts, through paypal payment. Details must be valid to activate should be SettingsDescription, UpgradeAccount is replaced with UpgradeToPremium

    grep is your friend.

  • On my install the 'buynow.gif' URL is broken. It's something like


  • thanks, should be fixed now.

    grep is your friend.

  • I installed, activated, config and enabled the pluging for "member" users, but when i try yo create a new user nothing extra happend. Its the same as not plugin.

    How exactly works?
    Thank you

  • Oh sorry me, i understand now.

    The upgrade option its in profile. Its ok, thank you ! : )

  • x00x00 MVP
    edited February 2012

    You can place the upgrade link anywhere on your site.



    grep is your friend.

  • Thank you x00.

    I am testing the plugin and had some problems.

    1. Testing in Sandbox the transaction status was "payment_invalid" and the log was:
      "payment_mismatch: mc_gross 10.00 doesn't match 10,00"

    The problem is the , or the . in price.

    1. When the pay is invalid i dont know how can delete this log for the user. I want to delete this invalid payment for try again. How can restart?

    Thanks ! : )

  • x00x00 MVP
    edited February 2012

    Yes I taught it to if in doubt fail.

    You can refund the payment through paypal. Change the decimal marker in settings. Then do the transaction again.

    I can add manual approval of payments if you are willing to sponsor.

    Logs are transactional so basically don't get deleted, but may get superseded.

    grep is your friend.

  • Ok x00, thanks.

    Whats exactly the amount for be your sponsor? :P

    Some things:

    -I cant decide the returned decimal sign in Paypal Sandbox, then i comment the code line where its controled

    -Sometimes the plugin utomatically expired account (force_expired) i dont kown why or when, and the premiun role still

    -When the payment its correct and upgraded the "Transaction log" dont show it (log only shows expired and invalid transactions)

  • You should use the dot decimal sign in settings.

    I've always thought it was a contradiction that SI allows 10 000,00 and 10 000.00, they should pick one notation, in any event. Paypal uses.

    Seriously though if you want to use french notation in the front end I could include it as a locale. It would be merely for displaying the value, but the transaction would take place as normal.

    Force expired happens when when, you save a user roles without the premium role. It will not reinstate.

    the log should show payment_complete, and all the detail of the transaction. Are you payment actually complete? Did you follow this advice:

    grep is your friend.

  • Whats exactly the amount for be your sponsor? :P

    It depend on exactly what you want. If you are just looking to be able manually approve payments from he settings log I could do that for 25GPB.

    Her are some example of options that could be sponsored:

    1. Display the status, on the buttons an various places, etc. So it is clear if they still have the premium role.
    2. Possbility or reinstating the role through the usual way, and having the expiry reinstated, for the remainder.
    3. Auto refund/canceling of subscription through the dashboard using papal API, you might want a cut off point, you could also have the users do the refund with a strict moneyback period.
    4. Auto cancelling, on reversion, charge back, refund, etc in paypal after payment has been cleared, using IPN.
    5. Recurring payments option. Paypal has this option it is a slight different form. You can also have reminders. I'd look into the most flexible method.
    6. Multiple term payment n x term.
    7. Manual clearing of transactions, force premium role for any period (including extend).

    grep is your friend.

  • Sorry me x00 but not correct in my case.

    The pluging not "force_expired" when i remove the user from the premium role.
    Sometimes happends the account expired automatically, i dont kwown still why. (i think happends when after pay the user remains without activity in "/user/upgrade/return" page) When the automatic account_expired happend the user still with premium role.

    Yes the "Payment Review" from SandBox is Enabled and Paypal test return a Complete status, but the plugin "Transaction Log" not show Completed subscriptions.

    The proof is that the order is registered in the GND_PremiumLog database table.
    The memo Log value is:

    |payment_date->05:39:34 Feb 23, 2012 PST

    0XX, i would like to collaborate with new functions related, but I think the project base is not yet optimal, or maybe i downloaded an old or alpha .zip.
    The version of my script is: v0.7.1:Mon Feb 13 11:35:27 GMT 2012

    Thanks : )

  • Other bug?

    registerbasic.php and registercaptcha.php arent effective in new registrations. : (

  • solonovasolonova New
    edited February 2012

    Other bug?

    In the "user/upgrade/" form the pay isnt a subscription, its a simple payment (_xclick)

    <input type="hidden" value="_xclick" name="cmd">
    <input type="hidden" value="1XTLQ3FBCWBP6" name="business">
    <input type="hidden" value="EUR" name="currency_code">
    <input type="hidden" value="5" name="amount">
    <input type="hidden" value="PremiumAccount" name="item_name">
    <input type="hidden" value="1" name="item_number">
    <input type="hidden" value="1" name="no_shipping">
    <input type="hidden" value="" name="notify_url">
    <input type="hidden" value="" name="return">
    <input type="hidden" value="" name="cancel_return">
    <input type="hidden" value="Return to Account" name="cbt">
    <input type="hidden" value="2" name="rm">
    <input class="Button" type="image" border="0" alt="PayPal -- The safer, easier way to pay online." name="submit" style="background-color:#fff;padding:5px;" src="">
  • x00x00 MVP
    edited February 2012

    last one is NOT a bug

    5. Recurring payments option. Paypal has this option it is a slight different form. You can also have reminders. I'd look into the most flexible method.

    Please sponsor.

    sorry registerbasic.php and registercaptcha.php option to upgrade weren't implemented in the current version. If you want this option please sponsor.

    grep is your friend.

  • Ok x00.

    I think this plugin need code review. After researching the method I will not use because I need extra safety and i think IPN method will be better for me.

    However i may use part of your code, so I want to be your sponsor. Please send your Paypal email by private message.

  • x00x00 MVP
    edited February 2012

    this plugin uses IPN. check your facts.

    grep is your friend.

  • If you want the security decisions explained I'm happy to do that:

    For instance the form is not encrypted, becuase, it is if it does not check out it will fail anyway. Immutable forms are for those than don't have facility to check the transaction.

    It doesn't use payment pro, becuase most forums to don't have a secure environment to make a payment.

    The payment being made on the PayPal site, there is little issue with the security of the payment.

    So far the only bugs you mentioned outstanding expiry and display of the log.

    The former may well be to do with configuration, naming issues. The later may well be to do with different version of mysql handing advanced queries differently (which I have encountered before).

    grep is your friend.

  • Yes x00, sorry, your script uses IPN, but its a public "notify_url" and needs the user be connected to forum.

    I was referring to the private account "notify_url".

  • are you testing on localhost?

    grep is your friend.

  • x00x00 MVP
    edited February 2012

    Obviously if paypal notifies, it won't share the same session as you, so it is little to do with he user begin logged in. Obviously the site has to be reached, so is public.

    There is no issue with the notify_url been known. If there was Paypal wouldn't include this option. Paypal is pinged to check out the authenticity of the notification and transaction still has to check out.

    grep is your friend.

  • OK, if isnt need the user be loged .. then other important security bug because i can upgrade any account from a simple html form.

    Only need know the paypal options in "/user/upgrade" form and send to "/user/upgrade/notify" by a simple html form submit. (i tested)

    This can be avoided with private IPN url.

    And flexigrid dont show the complete payments. Maybe exist other form to show log (eg html), flexigrid its complex.

    I leave the revisión and discussion of this plugin. Thanks : )

  • x00x00 MVP
    edited February 2012

    Only need know the paypal options in "/user/upgrade" form and send to "/user/upgrade/notify" by a simple html form submit. (i tested)

    @solonova I'm interested please provide steps.

    how do you get the ipn_track_id and txn_id?

    grep is your friend.

  • i can see some issue with PDT not IPN. I will fix that.

    grep is your friend.

  • And flexigrid dont show the complete payments. Maybe exist other form to show log (eg html), flexigrid its complex.

    the problem will likely be the query/data (the query uses a complex join which may produce different results). I chose flexigrid, for dynamic filtering and ordering, to try be helpful.

    grep is your friend.

  • x00x00 MVP
    edited February 2012

    I want to clear up some misunderstandings:


    I think an private IPN will be better because in your plugin, if the user dont return from Paypal (for example, the user close the navigator after paypal payment and not return) the payment not be registered in Vanilla bd.

    This assessment of IPN is wrong. IPN has nothing to do with you returning.

    IPN is asymmetric to the request, it is sever to server, not client to server. It has no awareness of your session.

    It also won't be spoofed, if you verify the IPN with paypal. If you just accepted the payment that would be wrong.

    All IPN are public, this is not a closed network. Just becuase you can register an ipn in paypal doesn't mean it isn't public, or they couldn't find it.

    In order for IPN to work you server has to be able to be reached.

    I fixed a PDT problem but so far this claim that IPN is spoofed is unsubstantiated.

    However anyone please try it. If there was I problem I would contact the guy in git hub.

    grep is your friend.

  • solonovasolonova New
    edited February 2012

    Thank you x00

    In my case:

    -Log flexigrid not show completed data

    -IPN data is public

    -When payments cancel users not remove from premium category

    Oh, i forgot, the title of this discussion have an error:

    **Preimum ** Accounts/Paypal Help

  • x00x00 MVP
    edited February 2012

    solonova I've been over with it with you. I'm here to help people who are genuinely interested, not people who are sarcastic and bitter, or trying to shit stir.

    You said you were not using this plugin. I offered to look into your problem, you withdrew access before I could look. You also declined to substantiate.

    What more can be said? If anyone else is experiencing problem I'm happy to help, so long as they are civil.

    Btw you could always make your own plugin.

    Just a note, especially when addressing the core team, not a good idea to act with a sense of entitlement. Having look at some of you posts, such as the one where posted an alarm clock. People have been banned for less, when addressing the core team. They especially don't appreciate sarcy tone and ironic smilies.

    I'm not going to be arguing with you further.

    grep is your friend.

  • What? x00 i am only need to say my experience with your plugin because maybe help somebody.
    Sorry, i think you dont need access to my server for solved the plugin bugs.
    I was mad founding the plugin errors and tell to you not for damage your ego but to be correct it, but instead correct you have offended.

    Its not a problem because i know is a beta version. I am sad for your reaction, Please sorry if I offended you.

    Sorry, bye.

  • x00x00 MVP
    edited February 2012

    Whatever, don't believe you for a minute not born yesterday. If you don't substantiate on bugs I can't help you.

    Considering you are new to this framework and not as knowledgeable as you seem to think, I wouldn't teach grandma to suck eggs as well.

    grep is your friend.

Sign In or Register to comment.