Bug: Age Verification Can Be Broken

THAT (redirecting/locking out) would be amazing indeed, any indication this is ever going to happen? Thanks to the dev in advance! ??

Re-presenting the date input drop-downs after an initial failure to qualify is a major flaw with this plug-in, as it encourages the submitter to lie on a subsequent attempt. If they are not clever enough to lie on the first try, then hopefully a child has been blocked.

Suggestion: Add a second challenge after the DOB with an admin-configurable question AND answer, such as “What is the square root of sixteen?” or similar adult-targeting query.

Also, separate redirects to admin-configurable pages upon success AND failure would be highly desirable.

This is not something I’m interested in implementing at this time, but I believe I’ve provided ample actions/filters to allow a third-party dev to add this quickly.

If there is a specific action/filter that you’d like me considered for inclusion, feel free to open an issue via the Github repository here: https://github.com/ChaseWiseman/age-verify

It seems that because this plugin is using the wp_redirect() function, assuming another plugin does not override this pluggable function, this task is do-able.

Here is a sample code snippet that will allow you to change the URL that the user is redirected to on success or failure:

/**
 * Override the redirect URLs for Age Verify plugin
 */
add_filter( 'av_passed_verify', 'av_custom_passed_verify' );
add_filter( 'wp_redirect', 'av_custom_wp_redirect' );

/**
 * Global variable to store the verified status
 * Default to null so that
 */
$av_is_verified = null;

/**
 * Grab the verified status from Age Verify and store in our global variable
 */
function av_custom_passed_verify( $is_verified ) {
	global $av_is_verified;

	$av_is_verified = $is_verified;

	return $is_verified;
}

/**
 * This only changes $location when $av_is_verified is TRUE or FALSE
 * Please take note of the === comparative operator. THIS IS REQUIRED!
 */
function av_custom_wp_redirect( $location ) {
	global $av_is_verified;

	if ( $av_is_verified === true ) {
		// User has PASSED age verification
		$location = 'https://www.google.com/';
	} else if ( $av_is_verified === false ) {
		// User has FAILED age verification
		$location = 'https://www.disney.com/';
	}

	return $location;
}

This is not the ideal way to do it, but it works. Add this code to your theme’s functions.php file. Please do not forget to change the URLs in the last function. Also, this just overrides the redirects and does not lock the user out. I will work on that when I have more time.

@gamesaga @pouipouidesign
if something is working as intended within it’s bounds, how can you call it broken? and how can you call it broken if you throw circumstances at it when it wasn’t designed to react to those circumstances?

FIRST, how can anyone possibly believe this plugin is actually for authentic age verification? it’s not — it was not intended to be. it is a “responsible behavior and liability cushion”. in other words, it relies on someone telling the truth to work.

if the content on a site is for 18+ and there is nothing in place to ask a visitor’s age before proceeding, then the site provider MAY be liable in some situations (note: i can’t imagine any such situations myself). also, it may be important that the provider is seen as acting responsibly.

a great example of this is “e-cigarettes”. nicotine products of any kind cannot be sold to minors — even e-cigarettes — and that industry is under extreme legislative scrutiny right now. so, adding an age-verification screen is a good way to show scrutinizers that the industry is doing all they can to act responsibly.

if there is an age checking process, and the visitor lies about their age to gain access, then it is fraudulent on the visitor’s part — thereby relieving liability from the provider.

if said site proceeded to sell a product that was illegal to someone under 18 without a more strict age-verification process, that’s an entirely different ball game. by the way, the minimum age for having a credit card is 18.

SECOND, if i visited a site that required me to be of a certain age, and i was indeed that age or older, but when i entered my age and made a typo as i was doing it, i would be quite upset to get locked out of a site. in fact, i have done that before, but the site blocked me only to notify me that i entered an impermissible age and allowed me to correct it.

if visitors are not allowed to correct typos while filling out a form, and get illegitimately locked out of a site as a result, i’d expect a lot of upset visitors — or at least, ones prone to typos.

if a site needs to be very strict about the ages of it’s visitors, then it will need to implement a much more advanced process than this plugin.

another note: there are browser addons/extensions that will allow you to remove objects from the page. for example, Nuke Anything Enhanced (for Firefox at least) allows you to right-click on an object and select “Remove Object” from the pop-up/context menu. of course, you could use javascript to disable right-clicks, but then a user can simply turn off javascript and reload the page.

it is sooo easy to bypass things like this… the idea is to be responsible and clearly notify someone they are not allowed if they don’t meet the age requirements. if they bypass it, that responsibility is on them.