Moodle
  1. Moodle
  2. MDL-5941

Myriad of problems with Paypal (and Authorize) enrollments

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.6
    • Fix Version/s: None
    • Component/s: Enrolments
    • Labels:
      None
    • Environment:
      All
    • Affected Branches:
      MOODLE_16_STABLE
    • Rank:
      7847

      Description

      OK, I reported something similar yesterday but now I realize there really is a bug of sorts that was leaving me really confused as to how this all works. This is in regards to course settings. I have a course set to Paypal enrollment. If I set the guest setting to allow guests in, that overrides the Paypal enrollment and anyone can get into the course (as a guest of course, this is correct behavior). If I set it to don't allow guests, guests are not even allowed to see the course page where they can sign up by paying (wrong behavior). Finally, if I set it to allow guests in with the enrollment key, then I am shown the course page with the Paypal button, but no place for guests with an enrollment key to enter (the latter is wrong behavior). Thus here's what needs to be done:

      The settings now used for allow guests with enrollment key should actually be applied to don't allow guests.

      The settings for allow guests with enrollment key need to be fixed.

        Activity

        Hide
        Martin Dougiamas added a comment -

        From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:14 PM:

        Here's an update on this. I've bumped it up to critical because as you will see this bug could allow any guest into a course if certain steps take place.

        I set my settings to allow guests with enrollment key and Paypal enrollment (but didn't create enrollment key, I don't know if that has some effect but I will do more testing and report later).

        Now, I visited the site using guest access. I clicked on the Payment button (since guest access wasn't showing). I was allowed to make payment for the course through Paypal immediately, without registering at the site first. The payment went through, I as site owner received a receipt and the enrollee received a receipt.

        However, when I clicked on the button in Paypal to take me to the course, all I got was the following error message:

        Fatal error: Call to undefined function: get_student_courses() in /home/pizzap22/public_html/enrol/paypal/return.php on line 16

        Moreover, the person that was enrolled in the course was the default guest user account! Since this happened, anyone visiting the site as a guest user can get into the course because guest user is now a paid student in the course. This opens up the course to anyone for free as a guest, whether they have an enrollment key or not.

        I'm going to create an enrollment key now and see if that makes a difference in the process. Will report back in a few minutes.

        From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:19 PM:

        OK, new information to report. When I created an enrollment key, it now displays enrolling with the enrollment key properly in addition to the Paypal option. I revise my recommendation to performing some sort of verification that an enrollment key has been set when the option is to allow guests with enrollment keys.

        However, it looks like the guest enrollment problem still exists. I'll do more testing now.

        From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:20 PM:

        I've revised the summary to reflect the most serious error here.

        From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:38 PM:

        Here's a summary of the problems:

        Default Enrolment Method: Paypal

        Enrollment key: Empty Field

        Guest Access: Allow Guests with Key

        Problems: Moodle should verify whether the enrollment key field is filled in. A person can pay as guest and subsequently any guest can enter course

        Default Enrolment Method: Paypal

        Enrollment key: Filled In

        Guest Access: Allow Guests with Key

        Problem: A person can pay as guest and subsequently any guest can enter course

        Default Enrolment Method: Paypal

        Enrollment key: Not applicable

        Guest Access: No Guest Access

        Problem: Person is first sent to the login page, and if they try to enter as a guest, they are told that guests cannot enrol. A button takes them back to the login page again. This could potentially confuse students. At this point, if they are persistent enough, they might create an account at the site. If so, and they verify the account, then and only then are they taken to the course page they were trying to access in the first place. I counted a minimum of 5 pages they must go through plus access their email-just to have the right to view a description of the course they may or may not want to enroll in! My suggestion would be instead, if a person is trying to view a Paypal course description without being logged in, take them to the course description page directly, but put a link at the bottom of the page to register or login first (rather than Paypal button). Once they register, take them back to the cours description page where the Paypal button is. A potential student SHOULD NOT have to log in just to view a description of the course.

        From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:45 PM:

        Also the guest user was given an unlimited enrollment period in the course, rather than 180 days I had set it to.

        From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:01 PM:

        Funny I found the problem with empty keys just minutes before you and in the meanwhile prepared a patch

        I hope I found the problem with keys when mixed with paypal too. I am going to test it a bit and later send patch here...

        From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 09:21 PM:

        OK, now I tried enrolling as a registered user, and I got the following message again:

        Fatal error: Call to undefined function: get_student_courses() in /home/pizzap22/public_html/enrol/paypal/return.php on line 16

        I was able to get into the course ok, but again my enrollment period was set to unlimited, instead of 180 days.

        From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 09:24 PM:

        Any patches you post I can test. I've got a test course with a $1 enrollment fee I am running these tests on. I want to get this working ASAP so I can start enrolling students. I've got to go run some errands shortly but when I get back in a couple hours I will look at this again.

        From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:27 PM:

        patch is for:

        • can not use key when paypal primary
        • unicode-->ascii sanitise of paypal data

        From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 09:44 PM:

        What about the fatal error and the enrollment period problems? I guess I need to wait for a patch for those, right?

        Will your patch allow for guest access with enrollment key? I think it would be nice to have that in addition to the Paypal option in case one wants to show a Paypal course to colleagues or something like that.

        From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:45 PM:

        enrol2.patch should fix the get_student_courses() error.

        From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:51 PM:

        guest access with enrolment key works for me now

        the enrolment period for guest is till logout only, will check the period for regular users now

        From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:58 PM:

        period fixed in enrol3.patch

        could you please test all you can and report any problems that are left?

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 02:16 AM:

        I don't use CVS and I'm not quite sure how to manually cut and paste what is in these patch files. Is it possible for you just to upload the whole files and I can just drop them into my installation?

        From Martin Dougiamas (martin at moodle.com) Wednesday, 28 June 2006, 05:18 AM:

        Thanks for the great reporting nicole ..... if you can confirm a fix please let us know ASAP for 1.6.1

        Petr, can you send full files?

        From Martin Dougiamas (martin at moodle.com) Wednesday, 28 June 2006, 05:19 AM:

        Ah you did, 8-)

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 06:31 AM:

        I set my settings to:

        Default Enrolment Method: Default (Paypal)

        Enrollment key: Empty Field

        Guest Access: Allow Guests with Key

        It allowed me to save it without a key.

        I went to the enrol page as guest. I was shown the payment button. With the payment button, I was able to make a payment to Paypal, but then I got the following message:

        Thank you for your payment! Unfortunately your payment has not yet been fully processed, and you are not yet registered to enter the course Testing (No Content). Please try continuing to the course in a few seconds, but if you continue to have trouble then please alert the Administrator or the site administrator.

        (Isn't the Administrator or the site administrator a bit redundant?)

        At 5:20, as enrollee I got a receipt from Paypal for my payment saying it had been completed.

        At 5:28, as admin I got the following email from my Moodle installation (private data removed below):

        : Transaction failed.

        Error while trying to enrol Guest User in 'Testing (No Content)'

        payment_date => 15:20:35 Jun 27, 2006 PDT

        txn_type => web_accept

        last_name => Hansen

        receipt_id =>

        option_selection1 => Guest User

        residence_country => US

        item_name => Testing (No Content)

        payment_gross => 1.00

        mc_currency => USD

        business =>

        payment_type => instant

        verify_sign =>

        payer_status => unverified

        tax => 0.00

        payer_email =>

        txn_id =>

        quantity => 1

        receiver_email =>

        first_name => Nicole

        option_name1 => User

        payer_id =>

        receiver_id =>

        item_number => test3

        payment_status => Completed

        payment_fee => 0.33

        mc_fee => 0.33

        shipping => 0.00

        mc_gross => 1.00

        custom => 2-14

        charset => windows-1252

        notify_version => 2.1

        userid => 2

        courseid => 14

        payment_currency => USD

        I logged into my Paypal receiving account and I did receive this payment.

        No student was enrolled.

        This seems to be halfway towards solving the problem, but better yet the payment button shouldn't be displayed at all when the user is a guest.

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 07:05 AM:

        Next test was to set the settings as I plan to use them on my site and to enroll a real student:

        Default Enrolment Method: Paypal (Default)

        Enrollment key: None

        Guest Access: No Guest Access

        I logged in as a real student, made the payment through paypal, and got the following message when I clicked to go to the course:

        Thank you for your payment! Unfortunately your payment has not yet been fully processed, and you are not yet registered to enter the course Testing (No Content). Please try continuing to the course in a few seconds, but if you continue to have trouble then please alert the Administrator or the site administrator

        At 5:58, both the student and the admin got receipt/confirmation of the payment from Paypal.

        At 6:05, I got the following email from Moodle:

        : Transaction failed.

        Error while trying to enrol A B in 'Testing (No Content)'

        payment_date => 15:58:29 Jun 27, 2006 PDT

        txn_type => web_accept

        last_name => Hansen

        receipt_id =>

        option_selection1 => A B

        residence_country => US

        item_name => Testing (No Content)

        payment_gross => 1.00

        mc_currency => USD

        business =>

        payment_type => instant

        verify_sign =>

        payer_status => unverified

        tax => 0.00

        payer_email =>

        txn_id =>

        quantity => 1

        receiver_email =>

        first_name => Nicole

        option_name1 => User

        payer_id =>

        receiver_id =>

        item_number => test3

        payment_status => Completed

        payment_fee => 0.33

        mc_fee => 0.33

        shipping => 0.00

        mc_gross => 1.00

        custom => 378-14

        charset => windows-1252

        notify_version => 2.1

        userid => 378

        courseid => 14

        payment_currency => USD

        Student is not enrolled in course. So this is worse than it was before. Before at least I was enrolled, even though I got the fatal error message.

        I cannot test the enrollment period issue until the problem of enrollment is fixed and a student can enroll via Paypal.

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 07:19 AM:

        Just ran another quick test:

        Manually enrolled a student.

        Their enrollment period was a correct 180 days.

        So the period problem was not a general one, but one specific to Paypal.

        From Petr Skoda (skodak at centrum.cz) Wednesday, 28 June 2006, 07:35 AM:

        The failed paypal might be due the new sanitisation of unicode characters.

        Could you please try to comment out (or delete) following line from enrol/paypal/enrol.php

        $text = $textlib->specialtoascii($text, current_charset());

        And BTW how does the correct transaction looks like?

        thanks

        From Petr Skoda (skodak at centrum.cz) Wednesday, 28 June 2006, 07:52 AM:

        found the bug sending new patch + mailing new zip, will continue tomorrow, see you.

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 08:11 AM:

        I set my settings to:

        Default Enrolment Method: Default (Paypal)

        Enrollment key: Empty Field

        Guest Access: Allow Guests with Key

        It allowed me to save it without a key.

        I went to the enrol page as guest. I was shown the payment button. With the payment button, I was able to make a payment to Paypal, and was immediately enrolled in and taken to the course as guest user. Guest User (ID=2) is now an enrolled user in the course. I logged in as myself, logged out, and then was able to enter the course again as Guest User. So once one guest user makes this mistake, any subsequent guest user will be able to enter the course directly. Not good.

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 08:13 AM:

        I set my settings to:

        Default Enrolment Method: Default (Paypal)

        Enrollment key: An enrollment key was entered

        Guest Access: Allow Guests with Key

        Went to enrollment page as guest user, was shown Paypal button and guest user/enrollment key options. Clicked on Paypal button, was taken to Paypal. Didn't try paying again but I have every reason to believe the results would be the same as the previous test. Not good.

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 08:21 AM:

        I set my settings to:

        Default Enrolment Method: Default (Paypal)

        Enrollment key: An enrollment key was entered

        Guest Access: No Guests

        Was not allowed to access the enrollment page as a guest. Correct (although I don't like this behavior so much, but I have a workaround for it myself)

        Logged in as a student. Was able to access the enrollment page. Given Paypal button, and the enrollment key box. Not good, since the enrollment key in this case serves no purpose except to confuse potential students.

        Clicked on Paypal button, paid for course, enrolled directly, for 180 days. Success. As long as I remove the enrollment key, this will work as I need it to for my purposes.

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 08:34 AM:

        Summary:

        1-Guests should not be taken to Paypal at all when they click on the Paypal button. Better to inform them they must register first and then redirect them to login page.

        2-Teachers should not be allowed to save the combination of Allow guests with enrollment key and no enrollment key.

        3-Teachers should not be allowed to save the combination of No guests and an enrollment key if the course requires payment.

        4-The enrollment key help item needs to be updated to reflect the fact that it can be used for guests. It says nothing about this and makes it more confusing to understand how it works.

        5-This may not be a bug. I'm getting two emails from Moodle every time a student is enrolled via Paypal in the course. Am I getting one as admin and another as teacher?

        Good night. My next test tomorrow is going to be of the expiry notification feature because I want to make sure that works properly too. I'll let you know if I encounter any problems with that.

        From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 07:30 PM:

        Never mind my comment about administrator and site administrator. I see now that was because of the language string and choice of word for teacher I was using for the test course.

        From Petr Skoda (skodak at centrum.cz) Wednesday, 28 June 2006, 08:48 PM:

        I have commited the 4th patch into cvs, reviewing the summary now.

        I guess we will have to split it into another bug and defer some parts till 1.7 becasue there is no validation in mod.php - but I agree it is a good idea!

        In anycase I am not done yet, still working on this...

        From Petr Skoda (skodak at centrum.cz) Wednesday, 28 June 2006, 11:51 PM:

        Commited some more patches:

        • PaypPal button not shown to guests, there is login link instead
        • login as guest button now works and is shown only to non-guests when needed

        Your summary:

        1/ button not whown to guests anymore - PayPal explanation should be IMO on the login page, we may change it later

        2/ to be fixed later - 1.7 or 2.0

        3/ seems ok to me, you can give some students key and they enrol without paying - not a bug, it is a feature

        4/ help is needed - could you please prepare some changes and post it here, my english is not good enough

        5/ see meaning of $CFG->enrol_mailstudents, $CFG->enrol_mailteachers, $CFG->enrol_mailadmins - not a bug

        could you please test it once more?

        From (hephappy at gmail.com) Thursday, 29 June 2006, 01:34 AM:

        This bug affects authorize plugin at this point:

        Default Enrolment Method: Authorize

        Enrollment key: Empty Field

        Guest Access: Allow Guests with Key

        Guests cannot enrol, but enrolment key form is shown.

        After user clicked 'enrol me' with a key, then 'illegal enrolment attempted' is shown. I think, manual enrolment form shouldn't be showed.

        From Petr Skoda (skodak at centrum.cz) Thursday, 29 June 2006, 01:38 AM:

        I will look into the Authorize problem tonight

        From (hephappy at gmail.com) Thursday, 29 June 2006, 01:41 AM:

        One thing more:

        In course/enrol.php this code can be?

        //HTTPS is potentially required in this page

        httpsrequired();

        So there is no need extra checks like this:

        if (empty($CFG->loginhttps))

        { $wwwroot = $CFG->wwwroot; }

        else

        { // This actually is not so secure ;-), 'cause we're // in unencrypted connection... $wwwroot = str_replace(http://, https://, $CFG->wwwroot); }

        From Petr Skoda (skodak at centrum.cz) Thursday, 29 June 2006, 02:34 AM:

        httpsrequired() in course/enrol.php might break something (custom themes?) - we should IMO wait till 1.7; I was already planning some refactoring in https support about a month ago.

        From Petr Skoda (skodak at centrum.cz) Thursday, 29 June 2006, 03:25 AM:

        Adding patch for Authorize plugin to cope with PayPal ideas presented here

        From (hephappy at gmail.com) Thursday, 29 June 2006, 06:29 PM:

        I have applied au_enrol.patch.

        Now, we sure enrol field must be 'manual' for interactive plugins (authorize and paypal).

        Please apply version.patch, lib_db.patch to update database.

        I have added dependency 5358. Because 'enrol' field was problem when adding support restore/backup for enrolment plugins:

        MDL-5358 - Add support for enrol systems in backup/restore

        From Petr Skoda (skodak at centrum.cz) Friday, 30 June 2006, 08:37 AM:

        the version update patch is incomplete, missing HEAD and postgresql stuff

        I am not good at updating database, could you do it Eloy?

        From Eloy Lafuente (stronk7 at moodle.org) Friday, 30 June 2006, 07:05 PM:

        Hey, after reading a bit this bug, it seems that that only change to be applied at DB level is to update all those 'paypal' and 'authorize' enrol fields (course, user_students and user_teachers) to 'manual'.

        I think this can be safely duplicated in HEAD (with its own version numbering) because it simply will perform the updates. If no records are found (because they were updated in 16_STABLE), NP at all.

        Obviously, I don't understand why the enrol method must be updated to 'manual' but sure you have some good reasons, isn't it?

        I'll perform DATABASE changes to HEAD once I saw them applied to 16_STABLE, ok?

        Ciao

        From (hephappy at gmail.com) Friday, 30 June 2006, 10:16 PM:

        Silly me!

        Of course, course->enrol musn't be updated. Only, user_students and user_teachers must be updated. I have uploaded lib_db_new.patch.

        Eloy, please see MDL-5358. This descripts why must be updated as 'manual'.

        From Eloy Lafuente (stronk7 at moodle.org) Saturday, 1 July 2006, 12:17 AM:

        Sorry again Ethem,

        but I cannot see the point to update all those user_students and user_teachers records to manual if they were enrolled by the paypal or authorize plugins. How do other enrol methods handle this? Don't they set the enrol field to their own value? (ldap...). It sounds to be the 'natural' way, isn't it? (every enrol method fills the enrol field with its own value).

        Which are the implications of leaving this field set to the real enrolment method? And what's the difference if you change it to 'manual' ? I cannot imagine it...sorry!

        From (hephappy at gmail.com) Saturday, 1 July 2006, 01:05 AM:

        I saw last commit for paypal: paypal/ipn.php

        if ($course->enrolperiod)

        { $timestart = time(); $timeend = time() + $course->enrolperiod; }

        else

        { $timestart = $timeend = 0; }

        if (!enrol_student($user->id, $course->id, $timestart, $timeend, 'manual')) { <- --LOOK HERE---,

        Petr, why is it 'manual' in enrol_student()? Can you explain?

        From Petr Skoda (skodak at centrum.cz) Saturday, 1 July 2006, 04:32 AM:

        In case of PayPal you are paying for getting enroled internally

        What makes PayPal different from LDAP? LDAP knows who can enrol. paypal plugin just waits for money and then tells Moodle to enrol the student internally.

        Why did I add 'manual'? It was there already:

        enrol_student($user->id, $course->id)

        uses default value from:

        function enrol_student($userid, $courseid, $timestart=0, $timeend=0, $enrol='manual') {

        Is it correct? Hmmm, it works and it was always this way. AFAIK it should not matter if you use 'paypal' or 'manual' in this specific case because there is no synchronisation with PayPal after the enrolment. In backup we can pretty much forget about the PayPal, student is either enroled or not yet.

        I do know nothing about Authorize plugin, it seems to me as quite a different beast. The problem is I can not test it, it would take too much to study it just from the code - have to work on 1.6.1 blockers now

        From Eloy Lafuente (stronk7 at moodle.org) Saturday, 1 July 2006, 06:59 AM:

        Well, Ethem.

        you decide, now I can understand the point of view of the paypal enrol system and how it has been working until now, we just need to know it the authorize one will work properly with all those student and teacher records set to 'manual'.

        If you think that there isn't any problem with that my vote goes to +1 to apply the patch/db update (I'll write the HEAD db upgrade if it isn't present in your commits, Petr).

        Ciao

        From (hephappy at gmail.com) Saturday, 1 July 2006, 06:29 PM:

        Eloy,

        authorize and paypal works in the same method. These are interactive plugins (it means it falls back to manual plugin if no course cost is set).

        it should not matter if you use 'authorize' or 'manual' in this specific case because there is no synchronisation with Authorize after the enrolment

        Please see MDL-5358 that how authorize plugin works.

        I think it must be 'manual' for backup/restore.

        From Petr Skoda (skodak at centrum.cz) Tuesday, 11 July 2006, 06:00 AM:

        Closing this report now, I hope all major problems were solved (and also I am getting a bit lost in such a long report ).

        Please make a new separate bug reports if there are any more problems left, thanks for the testing and bug finding!!!!

        Show
        Martin Dougiamas added a comment - From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:14 PM: Here's an update on this. I've bumped it up to critical because as you will see this bug could allow any guest into a course if certain steps take place. I set my settings to allow guests with enrollment key and Paypal enrollment (but didn't create enrollment key, I don't know if that has some effect but I will do more testing and report later). Now, I visited the site using guest access. I clicked on the Payment button (since guest access wasn't showing). I was allowed to make payment for the course through Paypal immediately, without registering at the site first. The payment went through, I as site owner received a receipt and the enrollee received a receipt. However, when I clicked on the button in Paypal to take me to the course, all I got was the following error message: Fatal error: Call to undefined function: get_student_courses() in /home/pizzap22/public_html/enrol/paypal/return.php on line 16 Moreover, the person that was enrolled in the course was the default guest user account! Since this happened, anyone visiting the site as a guest user can get into the course because guest user is now a paid student in the course. This opens up the course to anyone for free as a guest, whether they have an enrollment key or not. I'm going to create an enrollment key now and see if that makes a difference in the process. Will report back in a few minutes. From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:19 PM: OK, new information to report. When I created an enrollment key, it now displays enrolling with the enrollment key properly in addition to the Paypal option. I revise my recommendation to performing some sort of verification that an enrollment key has been set when the option is to allow guests with enrollment keys. However, it looks like the guest enrollment problem still exists. I'll do more testing now. From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:20 PM: I've revised the summary to reflect the most serious error here. From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:38 PM: Here's a summary of the problems: Default Enrolment Method: Paypal Enrollment key: Empty Field Guest Access: Allow Guests with Key Problems: Moodle should verify whether the enrollment key field is filled in. A person can pay as guest and subsequently any guest can enter course Default Enrolment Method: Paypal Enrollment key: Filled In Guest Access: Allow Guests with Key Problem: A person can pay as guest and subsequently any guest can enter course Default Enrolment Method: Paypal Enrollment key: Not applicable Guest Access: No Guest Access Problem: Person is first sent to the login page, and if they try to enter as a guest, they are told that guests cannot enrol. A button takes them back to the login page again. This could potentially confuse students. At this point, if they are persistent enough, they might create an account at the site. If so, and they verify the account, then and only then are they taken to the course page they were trying to access in the first place. I counted a minimum of 5 pages they must go through plus access their email-just to have the right to view a description of the course they may or may not want to enroll in! My suggestion would be instead, if a person is trying to view a Paypal course description without being logged in, take them to the course description page directly, but put a link at the bottom of the page to register or login first (rather than Paypal button). Once they register, take them back to the cours description page where the Paypal button is. A potential student SHOULD NOT have to log in just to view a description of the course. From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 08:45 PM: Also the guest user was given an unlimited enrollment period in the course, rather than 180 days I had set it to. From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:01 PM: Funny I found the problem with empty keys just minutes before you and in the meanwhile prepared a patch I hope I found the problem with keys when mixed with paypal too. I am going to test it a bit and later send patch here... From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 09:21 PM: OK, now I tried enrolling as a registered user, and I got the following message again: Fatal error: Call to undefined function: get_student_courses() in /home/pizzap22/public_html/enrol/paypal/return.php on line 16 I was able to get into the course ok, but again my enrollment period was set to unlimited, instead of 180 days. From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 09:24 PM: Any patches you post I can test. I've got a test course with a $1 enrollment fee I am running these tests on. I want to get this working ASAP so I can start enrolling students. I've got to go run some errands shortly but when I get back in a couple hours I will look at this again. From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:27 PM: patch is for: can not use key when paypal primary unicode-->ascii sanitise of paypal data From non non (nbhansen at midway.uchicago.edu) Tuesday, 27 June 2006, 09:44 PM: What about the fatal error and the enrollment period problems? I guess I need to wait for a patch for those, right? Will your patch allow for guest access with enrollment key? I think it would be nice to have that in addition to the Paypal option in case one wants to show a Paypal course to colleagues or something like that. From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:45 PM: enrol2.patch should fix the get_student_courses() error. From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:51 PM: guest access with enrolment key works for me now the enrolment period for guest is till logout only, will check the period for regular users now From Petr Skoda (skodak at centrum.cz) Tuesday, 27 June 2006, 09:58 PM: period fixed in enrol3.patch could you please test all you can and report any problems that are left? From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 02:16 AM: I don't use CVS and I'm not quite sure how to manually cut and paste what is in these patch files. Is it possible for you just to upload the whole files and I can just drop them into my installation? From Martin Dougiamas (martin at moodle.com) Wednesday, 28 June 2006, 05:18 AM: Thanks for the great reporting nicole ..... if you can confirm a fix please let us know ASAP for 1.6.1 Petr, can you send full files? From Martin Dougiamas (martin at moodle.com) Wednesday, 28 June 2006, 05:19 AM: Ah you did, 8-) From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 06:31 AM: I set my settings to: Default Enrolment Method: Default (Paypal) Enrollment key: Empty Field Guest Access: Allow Guests with Key It allowed me to save it without a key. I went to the enrol page as guest. I was shown the payment button. With the payment button, I was able to make a payment to Paypal, but then I got the following message: Thank you for your payment! Unfortunately your payment has not yet been fully processed, and you are not yet registered to enter the course Testing (No Content). Please try continuing to the course in a few seconds, but if you continue to have trouble then please alert the Administrator or the site administrator. (Isn't the Administrator or the site administrator a bit redundant?) At 5:20, as enrollee I got a receipt from Paypal for my payment saying it had been completed. At 5:28, as admin I got the following email from my Moodle installation (private data removed below): : Transaction failed. Error while trying to enrol Guest User in 'Testing (No Content)' payment_date => 15:20:35 Jun 27, 2006 PDT txn_type => web_accept last_name => Hansen receipt_id => option_selection1 => Guest User residence_country => US item_name => Testing (No Content) payment_gross => 1.00 mc_currency => USD business => payment_type => instant verify_sign => payer_status => unverified tax => 0.00 payer_email => txn_id => quantity => 1 receiver_email => first_name => Nicole option_name1 => User payer_id => receiver_id => item_number => test3 payment_status => Completed payment_fee => 0.33 mc_fee => 0.33 shipping => 0.00 mc_gross => 1.00 custom => 2-14 charset => windows-1252 notify_version => 2.1 userid => 2 courseid => 14 payment_currency => USD I logged into my Paypal receiving account and I did receive this payment. No student was enrolled. This seems to be halfway towards solving the problem, but better yet the payment button shouldn't be displayed at all when the user is a guest. From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 07:05 AM: Next test was to set the settings as I plan to use them on my site and to enroll a real student: Default Enrolment Method: Paypal (Default) Enrollment key: None Guest Access: No Guest Access I logged in as a real student, made the payment through paypal, and got the following message when I clicked to go to the course: Thank you for your payment! Unfortunately your payment has not yet been fully processed, and you are not yet registered to enter the course Testing (No Content). Please try continuing to the course in a few seconds, but if you continue to have trouble then please alert the Administrator or the site administrator At 5:58, both the student and the admin got receipt/confirmation of the payment from Paypal. At 6:05, I got the following email from Moodle: : Transaction failed. Error while trying to enrol A B in 'Testing (No Content)' payment_date => 15:58:29 Jun 27, 2006 PDT txn_type => web_accept last_name => Hansen receipt_id => option_selection1 => A B residence_country => US item_name => Testing (No Content) payment_gross => 1.00 mc_currency => USD business => payment_type => instant verify_sign => payer_status => unverified tax => 0.00 payer_email => txn_id => quantity => 1 receiver_email => first_name => Nicole option_name1 => User payer_id => receiver_id => item_number => test3 payment_status => Completed payment_fee => 0.33 mc_fee => 0.33 shipping => 0.00 mc_gross => 1.00 custom => 378-14 charset => windows-1252 notify_version => 2.1 userid => 378 courseid => 14 payment_currency => USD Student is not enrolled in course. So this is worse than it was before. Before at least I was enrolled, even though I got the fatal error message. I cannot test the enrollment period issue until the problem of enrollment is fixed and a student can enroll via Paypal. From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 07:19 AM: Just ran another quick test: Manually enrolled a student. Their enrollment period was a correct 180 days. So the period problem was not a general one, but one specific to Paypal. From Petr Skoda (skodak at centrum.cz) Wednesday, 28 June 2006, 07:35 AM: The failed paypal might be due the new sanitisation of unicode characters. Could you please try to comment out (or delete) following line from enrol/paypal/enrol.php $text = $textlib->specialtoascii($text, current_charset()); And BTW how does the correct transaction looks like? thanks From Petr Skoda (skodak at centrum.cz) Wednesday, 28 June 2006, 07:52 AM: found the bug sending new patch + mailing new zip, will continue tomorrow, see you. From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 08:11 AM: I set my settings to: Default Enrolment Method: Default (Paypal) Enrollment key: Empty Field Guest Access: Allow Guests with Key It allowed me to save it without a key. I went to the enrol page as guest. I was shown the payment button. With the payment button, I was able to make a payment to Paypal, and was immediately enrolled in and taken to the course as guest user. Guest User (ID=2) is now an enrolled user in the course. I logged in as myself, logged out, and then was able to enter the course again as Guest User. So once one guest user makes this mistake, any subsequent guest user will be able to enter the course directly. Not good. From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 08:13 AM: I set my settings to: Default Enrolment Method: Default (Paypal) Enrollment key: An enrollment key was entered Guest Access: Allow Guests with Key Went to enrollment page as guest user, was shown Paypal button and guest user/enrollment key options. Clicked on Paypal button, was taken to Paypal. Didn't try paying again but I have every reason to believe the results would be the same as the previous test. Not good. From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 08:21 AM: I set my settings to: Default Enrolment Method: Default (Paypal) Enrollment key: An enrollment key was entered Guest Access: No Guests Was not allowed to access the enrollment page as a guest. Correct (although I don't like this behavior so much, but I have a workaround for it myself) Logged in as a student. Was able to access the enrollment page. Given Paypal button, and the enrollment key box. Not good, since the enrollment key in this case serves no purpose except to confuse potential students. Clicked on Paypal button, paid for course, enrolled directly, for 180 days. Success. As long as I remove the enrollment key, this will work as I need it to for my purposes. From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 08:34 AM: Summary: 1-Guests should not be taken to Paypal at all when they click on the Paypal button. Better to inform them they must register first and then redirect them to login page. 2-Teachers should not be allowed to save the combination of Allow guests with enrollment key and no enrollment key. 3-Teachers should not be allowed to save the combination of No guests and an enrollment key if the course requires payment. 4-The enrollment key help item needs to be updated to reflect the fact that it can be used for guests. It says nothing about this and makes it more confusing to understand how it works. 5-This may not be a bug. I'm getting two emails from Moodle every time a student is enrolled via Paypal in the course. Am I getting one as admin and another as teacher? Good night. My next test tomorrow is going to be of the expiry notification feature because I want to make sure that works properly too. I'll let you know if I encounter any problems with that. From non non (nbhansen at midway.uchicago.edu) Wednesday, 28 June 2006, 07:30 PM: Never mind my comment about administrator and site administrator. I see now that was because of the language string and choice of word for teacher I was using for the test course. From Petr Skoda (skodak at centrum.cz) Wednesday, 28 June 2006, 08:48 PM: I have commited the 4th patch into cvs, reviewing the summary now. I guess we will have to split it into another bug and defer some parts till 1.7 becasue there is no validation in mod.php - but I agree it is a good idea! In anycase I am not done yet, still working on this... From Petr Skoda (skodak at centrum.cz) Wednesday, 28 June 2006, 11:51 PM: Commited some more patches: PaypPal button not shown to guests, there is login link instead login as guest button now works and is shown only to non-guests when needed Your summary: 1/ button not whown to guests anymore - PayPal explanation should be IMO on the login page, we may change it later 2/ to be fixed later - 1.7 or 2.0 3/ seems ok to me, you can give some students key and they enrol without paying - not a bug, it is a feature 4/ help is needed - could you please prepare some changes and post it here, my english is not good enough 5/ see meaning of $CFG->enrol_mailstudents, $CFG->enrol_mailteachers, $CFG->enrol_mailadmins - not a bug could you please test it once more? From (hephappy at gmail.com) Thursday, 29 June 2006, 01:34 AM: This bug affects authorize plugin at this point: Default Enrolment Method: Authorize Enrollment key: Empty Field Guest Access: Allow Guests with Key Guests cannot enrol, but enrolment key form is shown. After user clicked 'enrol me' with a key, then 'illegal enrolment attempted' is shown. I think, manual enrolment form shouldn't be showed. From Petr Skoda (skodak at centrum.cz) Thursday, 29 June 2006, 01:38 AM: I will look into the Authorize problem tonight From (hephappy at gmail.com) Thursday, 29 June 2006, 01:41 AM: One thing more: In course/enrol.php this code can be? //HTTPS is potentially required in this page httpsrequired(); So there is no need extra checks like this: if (empty($CFG->loginhttps)) { $wwwroot = $CFG->wwwroot; } else { // This actually is not so secure ;-), 'cause we're // in unencrypted connection... $wwwroot = str_replace(http://, https://, $CFG->wwwroot); } From Petr Skoda (skodak at centrum.cz) Thursday, 29 June 2006, 02:34 AM: httpsrequired() in course/enrol.php might break something (custom themes?) - we should IMO wait till 1.7; I was already planning some refactoring in https support about a month ago. From Petr Skoda (skodak at centrum.cz) Thursday, 29 June 2006, 03:25 AM: Adding patch for Authorize plugin to cope with PayPal ideas presented here From (hephappy at gmail.com) Thursday, 29 June 2006, 06:29 PM: I have applied au_enrol.patch. Now, we sure enrol field must be 'manual' for interactive plugins (authorize and paypal). Please apply version.patch, lib_db.patch to update database. I have added dependency 5358. Because 'enrol' field was problem when adding support restore/backup for enrolment plugins: MDL-5358 - Add support for enrol systems in backup/restore From Petr Skoda (skodak at centrum.cz) Friday, 30 June 2006, 08:37 AM: the version update patch is incomplete, missing HEAD and postgresql stuff I am not good at updating database, could you do it Eloy? From Eloy Lafuente (stronk7 at moodle.org) Friday, 30 June 2006, 07:05 PM: Hey, after reading a bit this bug, it seems that that only change to be applied at DB level is to update all those 'paypal' and 'authorize' enrol fields (course, user_students and user_teachers) to 'manual'. I think this can be safely duplicated in HEAD (with its own version numbering) because it simply will perform the updates. If no records are found (because they were updated in 16_STABLE), NP at all. Obviously, I don't understand why the enrol method must be updated to 'manual' but sure you have some good reasons, isn't it? I'll perform DATABASE changes to HEAD once I saw them applied to 16_STABLE, ok? Ciao From (hephappy at gmail.com) Friday, 30 June 2006, 10:16 PM: Silly me! Of course, course->enrol musn't be updated. Only, user_students and user_teachers must be updated. I have uploaded lib_db_new.patch. Eloy, please see MDL-5358 . This descripts why must be updated as 'manual'. From Eloy Lafuente (stronk7 at moodle.org) Saturday, 1 July 2006, 12:17 AM: Sorry again Ethem, but I cannot see the point to update all those user_students and user_teachers records to manual if they were enrolled by the paypal or authorize plugins. How do other enrol methods handle this? Don't they set the enrol field to their own value? (ldap...). It sounds to be the 'natural' way, isn't it? (every enrol method fills the enrol field with its own value). Which are the implications of leaving this field set to the real enrolment method? And what's the difference if you change it to 'manual' ? I cannot imagine it...sorry! From (hephappy at gmail.com) Saturday, 1 July 2006, 01:05 AM: I saw last commit for paypal: paypal/ipn.php if ($course->enrolperiod) { $timestart = time(); $timeend = time() + $course->enrolperiod; } else { $timestart = $timeend = 0; } if (!enrol_student($user->id, $course->id, $timestart, $timeend, 'manual')) { <- -- LOOK HERE ---, Petr, why is it 'manual' in enrol_student()? Can you explain? From Petr Skoda (skodak at centrum.cz) Saturday, 1 July 2006, 04:32 AM: In case of PayPal you are paying for getting enroled internally What makes PayPal different from LDAP? LDAP knows who can enrol. paypal plugin just waits for money and then tells Moodle to enrol the student internally. Why did I add 'manual'? It was there already: enrol_student($user->id, $course->id) uses default value from: function enrol_student($userid, $courseid, $timestart=0, $timeend=0, $enrol='manual') { Is it correct? Hmmm, it works and it was always this way. AFAIK it should not matter if you use 'paypal' or 'manual' in this specific case because there is no synchronisation with PayPal after the enrolment. In backup we can pretty much forget about the PayPal, student is either enroled or not yet. I do know nothing about Authorize plugin, it seems to me as quite a different beast. The problem is I can not test it, it would take too much to study it just from the code - have to work on 1.6.1 blockers now From Eloy Lafuente (stronk7 at moodle.org) Saturday, 1 July 2006, 06:59 AM: Well, Ethem. you decide, now I can understand the point of view of the paypal enrol system and how it has been working until now, we just need to know it the authorize one will work properly with all those student and teacher records set to 'manual'. If you think that there isn't any problem with that my vote goes to +1 to apply the patch/db update (I'll write the HEAD db upgrade if it isn't present in your commits, Petr). Ciao From (hephappy at gmail.com) Saturday, 1 July 2006, 06:29 PM: Eloy, authorize and paypal works in the same method. These are interactive plugins (it means it falls back to manual plugin if no course cost is set). it should not matter if you use 'authorize' or 'manual' in this specific case because there is no synchronisation with Authorize after the enrolment Please see MDL-5358 that how authorize plugin works. I think it must be 'manual' for backup/restore. From Petr Skoda (skodak at centrum.cz) Tuesday, 11 July 2006, 06:00 AM: Closing this report now, I hope all major problems were solved (and also I am getting a bit lost in such a long report ). Please make a new separate bug reports if there are any more problems left, thanks for the testing and bug finding!!!!
        Hide
        Michael Blake added a comment -

        assign to a valid user

        Show
        Michael Blake added a comment - assign to a valid user

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: