Issues with account association

  • Problematic for a developer and some problems with subscriber account association.

    Plugin does not associate accounts with logins but instead with email. The email can be changed by the users and therefore would disassociate their account with the subscription.

    If the same paypal account is used to initialize a subscription for two separate accounts, it will not work for an account with a differing email. Due to the fact that an email can only be associated with one account, it therefore means that only one paypal account may be associated with any single user at any given a time.

    In the case that a user on wordpress decides to change their email for whatever reason. Some other user can simply input the email of the subscribed user and would gain their subscription status.

    Suggested solution is to allow the user to input the username with which to associate the subscription with if they already have one. Automatically auto-fill the form if they are already logged in. If not logged in and not creating a new account, require login to autofill the form and as mentioned allow them to modify this with a cross check in the database to make sure entered account exists.

    • This topic was modified 7 years, 11 months ago by relsov.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Scott Paterson

    (@scottpaterson)

    Hi,

    On the settings page there is a setting if a WP account should be created or not. If this settings is turned off then the only unique identifier for a user is email.

    One PayPal email account can have multiple active subscriptions. You are correct that only one PayPal account can be linked to a WP account. I don’t see this as a problem though. Why would one PayPal account need to have multiple logins on a site? That is a very unique situation and I don’t see it is as being a common problem for 99.9% of the users of this plugin.

    Since the only unique identifier can be email, someone changing their email will unassociate them with their subscription. Someone could login and change their email to someone elses and gain their subscriptions. That is why the plugin has a feature to hide the WP admin for all subscribers. On top of that, it would be very difficult for someone to know the email of another user. Most users don’t change their email. So the probability of this situation occurring is very small. If a user were to change their email, they would email the admin that they no longer have content access and that would be resolved quickly.

    I spent 4 months developing this plugin. It’s not perfect, but I don’t think that it deserves a one star. A one star means that it is worthless and many people are successfully using this plugin. Please reconsider your rating.

    Thanks,
    Scott Paterson

    Thread Starter relsov

    (@relsov)

    I agree, I modified the rating it was very harsh.

    I think it would be highly beneficial to any developers out there to group your subscription information in a more easily decipherable separate table. You handle all the information through your php code and use the wpev_posts and wpev_postmeta tables, which makes finding all the subscription data and then writing the queries a bit more complicated. This adds a lot of testing and work to anyone trying to use this to support an external application that requires authentication. At very least add some documentation describing your use of the database…

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Issues with account association’ is closed to new replies.