daddy.of.x
Forum Replies Created
-
Forum: Plugins
In reply to: [Sign-up Sheets] Random sign up removals in last 24 hoursDEVELOPERS: Another solution might be to modify remove.php to require a confirmation by forcing the user to click on a button before performing the remove. Or for even better protection against unwanted removals, the confirmation e-mail should not include the token in the URL but, instead, instruct the user to copy the token and paste it into an entry field presented by remove.php.
- This reply was modified 8 years, 8 months ago by daddy.of.x.
Forum: Plugins
In reply to: [Sign-up Sheets] Random sign up removals in last 24 hoursAssuming my theory proves correct, one simple workaround would be to not include the remove link in the confirmation e-mail. You can do that from Dashboard -> Settings -> Confirmation E-mail -> Message. Perhaps direct the user to contact the administrator to remove the signup as appropriate.
Of course, if my theory proves correct, any e-mails already sent are like ticking time-bombs and could still be triggered after making this change.
Forum: Plugins
In reply to: [Sign-up Sheets] Random sign up removals in last 24 hoursI’ve been tracking this issue for my users as well. I am by no means a WP expert but here’s what I’ve found.
Since the remove is triggered by visiting
https://<somehost>/wp-content/plugins/sign-up-sheets-pro/remove.php?id=<someid>&t=<sometoken>, anyone with the link can trigger it. However, in order for the remove to actually be effected, the id and token must correspond to one another as generated when the sign-up was made. So really, the only way that the remove could not be purely random is for the user to have clicked on the link in their sign-up notification e-mail or the link was somehow being sniffed out of the e-mail and visited without their knowledge.A few weeks ago, I added some logging to remove.php to dump all the info related to the request and had an instance of this occur 2 days ago at 3 a.m. I was unable to pin-point a user, but noticed that the IP where the request originated was 72.30.14.13 which maps to b169.crawl.yahoo.net. So this appears to be related to Yahoo’s web search crawler. My speculation at this point is that web mail users may be getting their mail scanned by a web crawler that would effectively visit every link in their e-mails. When it visits the link in their confirmation e-mail, it would trigger the remove, without the user knowing. I have no way to prove this, of course, but it could explain the random nature of this issue.
Since my WP site is membership based, it would have been better for the plug-in writer to have implemented the remove logic as part of the WP plugin so that membership login would be enforced. Going directly to an HTML or PHP file in wp-content/plugins file structure bypasses the WP framework altogether. I don’t believe this solution would benefit folks without a membership plugin though.
If the developers are watching, I’d be interested to see what they think.
Forum: Plugins
In reply to: [Participants Database] Incompatible with third party themeBummer. Thanks for trying.
Forum: Plugins
In reply to: [Participants Database] Incompatible with third party themeThanks for the response. I enabled PHP logging per your suggestion and that seems to redirect the two messages to the log file on regular pages (e.g. index.php, wp-admin.php). However, I still see the same three errors on post.php, and updates on other pages (such as profile.php) do not seem to be persisted successfully. Please let me know if you need help getting the theme or if you have any other suggestions for narrowing down on the issue.
Thanks,
TonyFYI, I have enabled the plugin on two of my sites.
http://fischegroups.org with default WP theme active – works
http://fische.fischegroups.org – with custom Shape5 theme active – does not workThanks,
TonyHey John. Thanks for the reply. Below is the download link to the free theme. You may have to sign up for a free membership to download the file.
http://www.shape5.com/wordpress/free_themes/vertex_-_free_wordpress_theme.html
Alternatively, I can try to enable the plugin on one of my unpublished multi-site sub-domains where I plan to use the same theme.
Thanks,
Tony