Hello UNA team,
I would like to offer an approval-based submission for organization profile creation.
While creating their profile, I would like organizations to upload documents in .pdf, .docx or.jpeg for business verification (.eg. company constitution or articles of association, partnership agreement, certificate of incorporation, certificate of nonprofit registration etc). Upon review, we will approve or reject their Profile creation.
The moderation of our Organization module is already set to: 'Activate manually after creation and editing'.
So, how to create a file uploader on the create organization's profile form? And how will the admin view or receive the uploaded files? Where will those be saved? Will the user still be able to view or have access to the files they uploaded?
Thanks
- 483
Hello UNA Team,
While testing UNA 13.1.0 on my dev site, I came across this weird behavior of the account confirmation unconfirming already-confirmed accounts when enabling the option: Account is confirmed when ‘email and phone are confirmed’.
In a near future, I am planning to use Twilio to verify phone numbers for account creation. But meanwhile, because of the Twilio cost, I temporally disabled the Phone confirmation and I enabled the email confirmation only by selecting the option: Account is confirmed when ‘email is confirmed’.
Please, note that I have also enabled the Phone field on the Account creation and edit page to allow members to enter/edit their phone number to be used in the future when the phone confirmation will be enabled.
The problem is, later when I enable the option: Account is confirmed when ‘email and phone are confirmed’, already-confirmed accounts using email confirmation get unconfirmed. The account confirmation system requires members to confirm both ‘email’ (reconfirm) and ‘phone’.
Is it a normal behavior? Wasn't it supposed to require members to confirm their phone only and not to reconfirm their email address (again) as it was already confirmed when the option: Account is confirmed when ‘email is confirmed’ was enabled?
When the 'email' or/and the 'phone' is already confirmed, the system shouldn't require members to reconfirm it when the account confirmation setting is changed in Studio > Settings > Account.
@Alex T⚜️ @Anton L Please correct me if I am wrong. Also, please could you provide us with a fix to this issue in UNA 14.0.0?
Thanks advance.
- 561
Hi @AQB Soft
Below are few questions I have about the Affiliate system app:
1. New member join commission: Is the commission earned by the referrer when the referee creates an account or when he/she creates a profile? (Upon account creation or profile creation?)
2. Will that new member join commission automatically be removed if that referee’s account or profile is deleted?
3. Commission type: Is the new member join, the membership upgrade and the market purchase commission a one-time or a recurring commission (passive income/lifetime commission)?
4. If the referrer earned the commission on a membership upgrade (e.g. from Standard to Premium), then few months later, that referee upgrades to another membership (e.g. from Premium to Ultimate), will that referrer also earn a commission on that second membership upgrade?
5. Same with the market purchase commission. If the referrer has already earned the commission when the referee purchased "Product A", will he/she still earn another commission when the referee purchases another product later (e,g. "Product B")?
Another example is with the banner advertising: Will the referrer earn the commission on the first purchase only or every time the referee purchases the banner advertising?
6. If the membership upgrade is offered with a "Free Trial" (Stripe - valid Credit card required), when does the referrer earn the commission? Is it at the beginning or at the end of the free trial? Meaning, is it when the referee adds his/her credit card to start the free trial or when the referee’s Credit card gets charged at the end of the free trial period?
7. Free trial period: Do users in the free trial period also earn commission? How is their commission?
Example: The new member join commission rate for standard level is 5% and for the premium level is 20%. Then a Standard member decides to play the system by starting a free 30-day premium trial with the sole intention of getting a higher commission when referring the site to his friends during his free 30-day premium trial. Then, he (the referrer) cancels the free premium trial before it expires in order not to get charged.
What will be his commission rate for the referrals made during his free premium trial period? Will it be as a standard member (5%) because he has cancelled his free trial and went back to the standard level or as Premium member (20%) because the referrals were made during his free premium trial period?
8. Your Affiliate Program and Membership Vouchers Apps: How do they work together? How is the commission earned when a referee upgrades to a paid membership using a membership voucher? Will the referrer’s commission be based on the normal membership price or on the new price with discount after applying the membership voucher?
9. How does the new member join commission work with accounts created from the UNA mobile app downloaded from Google Play and Apple Store?
Example: The referee lands on the website homepage but instead of using the sign up form on that homepage to create an account, he/she uses the Google Play and Apple Store badge displayed at the footer of the homepage to download/install the UNA mobile App and create an account from there.
Will the referrer still earn the commission for the referral when the referee uses the mobile app to create the account?
10. When the account pruning option: 'Suspend account with no login within N days' is ON or when the admin suspends an account for whatever reason, will the suspended account still earn referral commissions or any other commission?
11. How does the Affiliate System App work with Twilio or the 2FA?
When is the commission earned? Is it when the referee fills the sign up form and submits or when the Phone is confirmed using Twilio?
12. Does the Points increment set in the point system app also apply to the points earned as a point commission in the Affiliate system?
Example: If the Points increment for the Premium membership is set to: 0.2 Points and the Points commission for referring (for the same membership) is set to: 5 Points. Will the Point commission (new member join commission) earned by the Premium member be: 5.2?
13. Does the daily limit per membership in the Points system app (Studio > Points > Membership > Max all time and Max per 24 hours) also apply to points earned as a point commission in the affiliate program app?
Example: If the 'Max per 24 hours' for Premium membership in the Points system app is: 100 Points and the Point commission per referral in the Affiliate program app is: 5 Points and a Premium member refers 45 new members within 24 hours (Total Point Commission: 225 Points). Will his affiliate commission be locked to 100 Points only because of the 'Max per 24 hours' limit in the Points system App or will he receive the full 225 Points commission?
14. Is there any anti-fraud detection / fraud prevention mechanism (or fraud control system/feature, commission blocking, signups blocking, commission amount restrictions etc) packed with the Affiliate System app?
Please I would appreciate an official answer from AQBSoft. Thanks for your understanding
Regards.
Hi dear @Alex T⚜️
I am having a weird issue with the image and video uploader after installing a new SSL certificate.
Everything was working fine on my dev website when I was using the Let's Encrypt free SSL.
The problem started after I installed a paid SSL certificate. Both image and video seem to be uploaded just fine but there is no preview. The image thumbnail is broken and the image doesn't display. Same with the video. Its thumbnail is broken and the video doesn't play.
I have tested the new SSL certificate using the Qualys SSL Labs checker. Everything looks great, no SSL error so far.
Any idea on what might be the problem and how to fix it?
Thanks in advance.
- 634
Hello dear @Anton L
After successfully processing a payment on the Stripe checkout page, I am getting a 403 Forbidden error when Stripe tries to send a user back to my site in order to confirm the subscription or the purchase and update the membership in UNA.
Forbidden
You don't have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
In my stripe account (dashboard), everything looks great. The Payment was processed with success and the subscription was successfully created too. The only error I can see from the Stripe Webhooks tad is: The Webhook delivery failure for the event: invoice.payment_succeeded
I am using Stripe 3D Secure integration. My Stripe account is set correctly: Products/subscriptions are created and the webhook is added. Same with UNA, I have entered the Public and Secret key correctly. I am in the test mode. UNA 13.1.0-Stable on a dedicated server (Apache).
After payment Stripe checkout return the following url with the 403 Forbidden error:
After checking my server log, it looks like the 'session_id' parameter in that url is triggering my server Mod_security system. The Stripe webhook endpoint request is blocked and Stripe doesn't send back the purchase information to update the UNA system/database.
Below is my server log::
[Mon May 20 14:46:05.239706 2024] [security2:error] [pidxxxxx:tid xxxxxxxxxxxxxx] [client xxx.xx.xxx.xxx:xxxxx] [client xxx.xx.xxx.xxx] ModSecurity: Warning. Operator GEmatched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "xxxxxx"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=5): PossibleSession Fixation Attack: SessionID Parameter Name with Off-Domain Referer"] [tag "event-correlation"] [hostname "www.xxxxx.com"] [uri "/m/payment/initialize_checkout/single/"] [unique_id "xxxxxxxxxxxxxxxxxxxxxxxxxxx"], referer: https://checkout.stripe.com/
[Mon May 20 14:46:46.630701 2024] [security2:error] [pidxxxxx:tid xxxxxxxxxxxxxx] [client xxx.xxx.xx.xx:xxxxx] [client xxx.xxx.xx.xx] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "xxxxxx"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag"application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"][tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "xxx.xxxxx.com"] [uri "/"] [unique_id "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
How to fix this problem? Please help!
Thanks
Hello dear @Anton L
I am setting up Stripe for a new project I am working on. I have few questions:
1. After creating paid levels in UNA and when setting up Stripe, do we still need to create the same subscription plans in our Stripe account? I don't remember where exactly (I might be confused), but I once read somewhere in the forum that from UNA version 12 or 13 we don't need to do so anymore. Is that true? Please confirm.
2. The 'Configuring Stripe' doc (Wiki: Payments) says:
'If you plan to sell subscriptions in Market and/or Paid Levels modules then don't forget that you need to create Plans for each subscription. It can be done in your Strip account -> Plans section. Creating a plan you need to use the same price, time frames and trial parameters which you've used during the creation of associated Market product or Paid level in UNA script.'
Problem: There is not any 'Plan' section in Stripe. By 'Plan', do you mean 'Product'? which can be found here:
https://dashboard.stripe.com/products/create
3. The Plan ID (Paid Level Name) is auto-generated in UNA and sometimes with some random numbers. e.g: Premium-Yearly-8742.
Should we copy it to the Product Name field in Stripe exactly as it is in UNA (e.g: Premium-Yearly-8742)?
Because it will be visible to users on the Stripe checkout page, can't we have a more professional and eye-catching Paid Level name like 'Premium Yearly' instead of Premium-Yearly' or 'Premium-Yearly-8742'?
Stripe account allows you to create a product name with space. e.g 'Monthly Premium Plan', 'Premium Yearly' etc while UNA (Paid Level) doesn't. It doesn't allow spaces and adds random number.
4. In case of a monthly and yearly subscriptions of the same level but with different prices. e.g: 'Premium-Monthly (1-month): $5' and 'Premium-Yearly (1-Year): $50', how do we set them in Stripe?
Do we create two separate Products (Subscriptions) in Stripe? One for 'Premium-Monthly (1-month): $5' and another for 'Premium-Yearly (1-year): $50'?
or can we just create a single product called: 'Premium' but with two different prices and billing periods (Monthly and Yearly)? Stripe allows to add another price for the same product.
5. Where do we add the free trial period on the Stripe Product/Subscription creation page?
There is this "Additional options' > 'add free trial' field, but it says:
'Legacy: Setting a default trial period per price is no longer recommended and is incompatible with Checkout and quotes. Free trials can be set per subscription or quote instead.'
As you can see, the 'free trial' is no longer been supported on this page and it doesn't work if entered from this field. Any workaround?
6. Are we also required to create a product in Stripe (One-time payment) if we also sell Credits and any other products or services in UNA from a third-party module that accepts payments?
Thanks in advance for helping.
Regards
Hello UNA Team,
It has been a week or two since the Discussion board (forum) here on unacms.com is getting bombarded with continuous spam. Some new spammer accounts/profiles are creating hundreds of discussion posts. They are all spam and most of them have the same timestamp.
Please investigate this issue and implement effective anti-spam measures.
How do they even manage to add hundreds of discussions at once? Are they humains creating an account/profile, then spamming the discussions or robots/bots using some sort of automated scripts?
If there is a vulnerability in UNA being exploited by spammers/hackers to spam the discussions module, then we (users running UNA websites) are all screwed till you guys find the problem and provide us with a fix.
I am really concerned.😕