Membership Plugin

WordPress Membership Plugin

You are here: Home

twitort

Forum Replies Created

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • September 27, 2018 at 4:26 pm in reply to: admin-post is being blocked #16525
    twitort
    Participant

    Using admin-post.php for form submissions is pretty standard practice:

    https://premium.wpmudev.org/blog/handling-form-submissions/
    https://www.sitepoint.com/handling-post-requests-the-wordpress-way/
    http://blog.osmosys.asia/2016/05/07/handling-form-submissions-in-wordpress/
    http://www.adaptiveweb.com.au/handle-post-and-get-requests-in-wordpress-using-admin-post-php/

    September 26, 2018 at 11:23 pm in reply to: admin-post is being blocked #16519
    twitort
    Participant

    Thank you for looking into this. I suspect the other contact form plugins don’t use admin-post.php as the action on their forms, so the admin_init event is not fired on submit.

    September 26, 2018 at 6:10 pm in reply to: admin-post is being blocked #16515
    twitort
    Participant

    Yes, this issue is related to the documentation you reference since turning on the “Disable WP Dashboard for Non-Admins” option prevents site forms from being processed for non-admin users. The plugin I’m referring to is my own plugin. It is only used by my company. This is pretty easy to duplicate on a site where Simple Membership is installed and activated. As either a non-admin user or not logged in at all, submitting a form that uses admin-post.php as the action will show the problem.

    		<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post" > 
            <input type="hidden" name="action" value="our-id-form">
			<input required type="text" name="book_id" value="" placeholder="Book ID" width="50" maxlength="20"/>
			<input type="submit" name="submit" value="Review" />
            <?php echo wp_nonce_field('enter-pmt-id', '_pmtnonce'); ?>
		</form>
    September 25, 2018 at 11:15 pm in reply to: admin-post is being blocked #16507
    twitort
    Participant

    Looking at the code for the Simple Membership plugin, I can see why this is occurring. You have an action hooked to the admin_init event. Admin_init also fires when a form uses admin-post.php to process the form. In your admin_init_hook method, you display the “The admin of this site does not allow users to access the wp dashboard.” message and die if the current user is not an admin and the “Disable WP Dashboard for Non-Admins” option is turned on. This effectively makes it impossible for a site to use Simple Membership with the “Disable WP Dashboard for Non-Admins” option and also process forms using admin-post.php when non-admin users are on the site. I would suggest fixing the admin_init_hook method such that it distinguishes an actual attempt to access the dashboard from the processing of a form submission.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)