- This topic has 7 replies, 3 voices, and was last updated 7 years, 7 months ago by
.
-
Posts
-
I have a plugin that has a form with the action set to admin-post.php with the corresponding add_action defined as is the normal way to handle a form in a plugin. When this form is submitted, I get the “The admin of this site does not allow users to access the wp dashboard” error generated by Simple Membership. If I deactivate SM, it processes the form correctly. The odd thing is on my staging site, with all Simple Membership settings set identically, the same form processes fine with Simple Membership active. Needless to say, this is a head-scratcher. Any ideas what would cause Simple Membership to block this form submission? All plugins are up to date. Using Elementor for most pages. Astra theme. Disabling plugins and changing themes on my live site is not an option. That’s why I have a staging site. But the two sites are behaving differently in this one case!
Looking at the code for the Simple Membership plugin, I can see why this is occurring. You have an action hooked to the admin_init event. Admin_init also fires when a form uses admin-post.php to process the form. In your admin_init_hook method, you display the “The admin of this site does not allow users to access the wp dashboard.” message and die if the current user is not an admin and the “Disable WP Dashboard for Non-Admins” option is turned on. This effectively makes it impossible for a site to use Simple Membership with the “Disable WP Dashboard for Non-Admins” option and also process forms using admin-post.php when non-admin users are on the site. I would suggest fixing the admin_init_hook method such that it distinguishes an actual attempt to access the dashboard from the processing of a form submission.
Hi, please check the following documentation. Let me know if your issue is somewhat related to this documentation. Also can you share the plugin you are referring too?
I have also closed your other thread in wordpress.org forum because it is a duplication of this thread.
Thank you
Yes, this issue is related to the documentation you reference since turning on the “Disable WP Dashboard for Non-Admins” option prevents site forms from being processed for non-admin users. The plugin I’m referring to is my own plugin. It is only used by my company. This is pretty easy to duplicate on a site where Simple Membership is installed and activated. As either a non-admin user or not logged in at all, submitting a form that uses admin-post.php as the action will show the problem.
<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post" > <input type="hidden" name="action" value="our-id-form"> <input required type="text" name="book_id" value="" placeholder="Book ID" width="50" maxlength="20"/> <input type="submit" name="submit" value="Review" /> <?php echo wp_nonce_field('enter-pmt-id', '_pmtnonce'); ?> </form>Hi,
The plugin I’m referring to is my own plugin.
Currently our plugin works with many contact form plugins in wordpress repository. I have submitted a message to the developers to investigate further your issue.
Regards
Thank you for looking into this. I suspect the other contact form plugins don’t use admin-post.php as the action on their forms, so the admin_init event is not fired on submit.
I am not sure why you are posting the form to admin-post.php. Normally a form is submitted on the front-end of the site. Anyway, the “Disable Access to WP Dashboard” feature will prevent anyone except admin to access the admin side. So you won’t be able to use that feature and have your custom plugin’s code the way you have it.
Using admin-post.php for form submissions is pretty standard practice:
https://premium.wpmudev.org/blog/handling-form-submissions/
https://www.sitepoint.com/handling-post-requests-the-wordpress-way/
http://blog.osmosys.asia/2016/05/07/handling-form-submissions-in-wordpress/
http://www.adaptiveweb.com.au/handle-post-and-get-requests-in-wordpress-using-admin-post-php/
- You must be logged in to reply to this topic.