Home › Forums › Suhaib Siddiqi
Suhaib Siddiqi
My Latest Replies (From Various Topics)
Author | Replies |
---|---|
Author | Replies |
Posted: Monday Jan 14th, 2013 at 9:24 pm #37557 | |
|
|
Thanks Bruce, |
|
Posted: Monday Jan 14th, 2013 at 9:08 pm #37554 | |
|
|
Thanks Bruce, After reading your post, I did through s2hack.php in mu-plugin. I used the following:
It does redirects to the desired page. I hope it is correct way of doing it. |
|
Posted: Monday Jan 14th, 2013 at 4:05 pm #37525 | |
|
|
Jason, Thanks. I believe, I may have found a simpler solution. Only registered users can fill the form, but the uploaded images are visible to visitors. Registration page take them to payment page. I moved the existing features protected by s2Members to level2, and this new one to level one. On the development, concept seems to work. |
|
Posted: Monday Jan 14th, 2013 at 2:57 pm #37517 | |
|
|
Sorry, I am not being clear. Let me try again. The http://www.shaadiconnections.com/hotornot-2/ is a page which has form and a field to upload image, then a button “Create Competitor” When a user click on “Create Competitor”, the image is uploaded. I want the page to be visible to all the visitors, but when the click that is onclick or onsubmit the “Create Competitor” button after uploading the image, it should take them to a payment page. It look like a way to needed to protect an onclick or onsubmit button, not the entire page. |
|
Posted: Monday Jan 14th, 2013 at 2:27 pm #37507 | |
|
|
Well, those are blocking whole page from visitors to see, I wanted them to take to membership payment page when they click “Create Competitor” button after uploading the image and filling in the form field.
|
|
Posted: Monday Jan 14th, 2013 at 1:49 pm #37499 | |
|
|
That would protect the whole page? I want visitors to see the Page without registering, but when they click on “Create Competitor” button to submit an image, they are taken to the payment page and after payment is made return to the site. |
|
Posted: Monday Jan 14th, 2013 at 1:20 pm #37488 | |
|
|
One time charge. |
|
Posted: Tuesday Oct 16th, 2012 at 9:00 am #28522 | |
|
|
Jason, I am not aware of specific security issues. However, I do see hacking attempts on daily basis from China, India, Russia and Ukraine. All of those hackers try the string http://www.example.com/wp-content/plugins/s2member/s2member-o.php?ws_plugin__s2member_js_w_globals=1&qcABC=1&ver=120703-120703-1784216801. Therefore, I assume that there is something known to hackers about it. I have ZBBlock from spambotsecurity.com installed, which blocks these kind of remote queries. My ZBBlock log files have over 100 these querries from various hackers.
|
|
Posted: Sunday Oct 7th, 2012 at 11:39 am #27722 | |
|
|
I did a little search on this issue. This issue was discussed on your free plugin public forum in 2011 Q1. Anyone can execute http://www.example.com/wp-content/plugins/s2member/s2member-o.php?ws_plugin__s2member_js_w_globals=1&qcABC=1&ver=120703-120703-1784216801 |
|
Posted: Saturday Oct 6th, 2012 at 7:33 am #27641 | |
|
|
Thanks Cristian, I noticed in log file, a couple Russian hackers also tried same query remotely. Looks like some hackers know someting about it? Anyway, I feel safe, because ZBBlocck instantly ban anyone who try to execute queries remotely. |
|
Posted: Sunday Sep 16th, 2012 at 9:06 am #25483 | |
|
|
Cristian |
|
Posted: Thursday Aug 23rd, 2012 at 8:05 am #22847 | |
|
|
I already tried the PHP, but it always insert it on a new line, either after other badges or beffore. |
|
Posted: Wednesday Aug 22nd, 2012 at 8:45 pm #22798 | |
|
|
If you want your login/registration page to have your WP theme look, I would recommend download WP Custom Login plugin from WordPress. Install it and activate it. Your login page will have a headers, footer and background of your theme. |
|
Posted: Thursday Aug 16th, 2012 at 10:19 am #22237 | |
|
|
It seems to be a permssion issue. I setup a couple of test cron jobs, which gave error, “The You don’t have permission to access /wp-admin/tools.php” |
|
Posted: Wednesday Aug 15th, 2012 at 11:10 am #22105 | |
|
|
Hi Raam Yess that did work. |
|
Posted: Tuesday Aug 14th, 2012 at 10:05 am #21996 | |
|
|
Hi Raam Yes, users are signing up with Level 1. They should be demoted to level 0 after EOT expirres, which is not happening. I have to manually change their level to level 0 from level 1. |
|
Posted: Monday Aug 13th, 2012 at 8:18 pm #21932 | |
|
|
Cristian Here is the screen capture of EOT panel Looking forward to your suggestions. Thanks
|
|
Posted: Sunday Aug 12th, 2012 at 2:31 am #21812 | |
|
|
Raam, Thaks for reply. Yes there is a date set in the Automatic EOT Time field. But, the user is not demoted after the date and time set in the Automatic EOT Time Field. |
|
Posted: Tuesday Aug 7th, 2012 at 4:02 am #21333 | |
|
|
Thanks Cristian. Your hack is fool proof to protect URI. It is very much appreciated. |
|
Posted: Friday Aug 3rd, 2012 at 9:38 am #21104 | |
|
|
Hi Cristian, Yes, I tried URI restrictions without the /members/? part. It did not work. Anyway, the hack is working perfect. I edited it to accomodate my URIs. |
|
Posted: Thursday Aug 2nd, 2012 at 5:31 pm #21052 | |
|
|
Hi Jason My WP Permalinks do include trailing slash, and my URI Restrictions look like this:
It does not work. I am using Month and Name option from WP Permalink, which looks like http://www.mydomain.com/2012/08/sample-post/ However, the hack protects URI
I do not understand why URI Restriction from Dashboard will not protect /members/?pid=14&pagetitle=my_email&message_template=inbox, but hack will do it.
|
|
Posted: Thursday Aug 2nd, 2012 at 9:10 am #21008 | |
|
|
Hi Cristian Thanks for your help. If I put /members/ in the level1 and nothing for level0 for URI Protection, level0 can still access /members/. But if I put a URI which does not has /members/ in the URI then that URI protection works. For example I put /cometchat/chometchatjs.php for level1. level0 cannot access it. It means URI protection does work, but not for members. I used your code with a little modification to protect different URI for different levels. I put in mu-plugins/s2-hack.php. It worked. It allowed /members/ to level0 and level1, but redirected level0 to Members Option page for ‘/members/?pid=14&pagetitle=my_email&message_template=inbox’. Maybe I should use the hack to protect various URI which have /members/ in it?
|
|
Posted: Thursday Aug 2nd, 2012 at 4:03 am #20976 | |
|
|
Hi Raam Can you also use this against against membership levels? Do something like?
Thanks |
|
Posted: Wednesday Aug 1st, 2012 at 9:15 pm #20950 | |
|
|
I believe, I have same problem as discussed in this thread http://www.s2member.com/forums/topic/buddypress-url-restriction-trouble/. URI protection is not working due to conflicts because /members/ is present in all the URI. Can lead developer Jason look into it. Or, should I hopelessly give up on s2Members? |
|
Posted: Tuesday Jul 31st, 2012 at 9:39 pm #20846 | |
|
|
URI Restrictions from Dashboard -› s2Member® -› Restriction Options -› URI Access Restrictions are not working. However, if I edit the code of plugin in question and do following
It does work. But, it messes up CSS layout. This is not a good a solution because it will require editing a lot of php files. I do not understand why Dashboard -› s2Member® -› Restriction Options -› URI Access Restrictions does not restrict URI.
|