package id in url can be changed by user showing different options

This topic contains 2 replies, has 2 voices, and was last updated by  Ian 5 years, 1 month ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • #468834

    Ian
    Expired Member
    Post count: 144

    Hi there.

    Just wondering if you can help.

    Here is my scenario….

    I have created a membership site using Memberpress for users to sign up to.

    I have made up 6 different prices and payments options (package_id=1 – 6) all with varying and increasing better options.

    I have made 6 pages for 6 membership options (/membership_1, /membership_2 etc )and in each page have placed in the appropriate [gd_add_listing] shortcode. ( i.e [gd_add_listing listing_type=gd_event&package_id=2] goes in page /membership_2 )

    This then gives me the URL for example :- https://mysite.com/membership_2/add-listing/?listing_type=gd_event&package_id=2 (all well and good so far and works fine)

    Im then adding content protection (using Memberpress) to each page so only the specific membership type can see a specific page. i.e a person with a type 2 membership only has access to https://mysite.com/membership_2 and is blocked from say https://mysite.com/membership_3 )

    The issue is, that if a user has a membership level of ‘2’ then they can have access to https://mysite.com/membership_2/add-listing/?listing_type=gd_event&package_id=2.

    But what happens is the protection only works for part of the URL? i.e. this part is locked :- https://mysite.com/membership_2/add-listing/?listing_type=gd_event) BUT the last part of the URL ‘&package_id=2’ seems to be editable?

    i.e if a user manually changes the url from &package_id=2 to &package_id=3, then the form, while still being inside /membership_2 , now shows all the better options from membership package ‘3’ ?? (hope that makes sense)

    This is obviously no good at all.

    So my question is, is there any way of either locking the package_id or hiding/ removing it from the URL so i cant be changed?

    Thanks in advance.

    Ian

    #468837

    Guust
    Moderator
    Post count: 29970

    A valid license is required to view this reply.

    You may need to login

    OR

    Buy either a Membership or valid license for this product.

    Thanks, Team GeoDirectory!

    #469000

    Ian
    Expired Member
    Post count: 144

    A valid license is required to view this reply.

    You may need to login

    OR

    Buy either a Membership or valid license for this product.

    Thanks, Team GeoDirectory!

Viewing 3 posts - 1 through 3 (of 3 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket