cidram issue

  • Hi does this system/plugin still work, it did not work manually installed when calling the class. Also its not opening in wp settings or seem to do anything after installing as a plugin so where are the controls an logs located, after reading github for answers an as a developer myself am still lost to its real usage, so i decided to ask direct before i remove it an try something else where.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Maikuolan

    (@maikuolan)

    Also its not opening in wp settings

    As of CIDRAM v3 and onward, after installing CIDRAM, a link to the CIDRAM front-end *should* appear in the main dashboard menu (refer to the attached screenshot above).

    Are you seeing something similar at your end, or no such link?

    (Will split my response into separate replies, because the reply interface is doing something weird at my browser at the moment, switching between block options, and just doing separate replies feels like should be a little easier).

    Plugin Author Maikuolan

    (@maikuolan)

    @tec4sho Something is very wrong here. I clicked the link to your website shown at your profile here at www.ads-software.com, and it immediately showed me the CIDRAM front-end login page. Such a thing shouldn’t normally be possible.

    If you check the cidram.php file at the root directory of the CIDRAM plugin, you’ll notice that at the point where the view() method is called (the method responsible for displaying the CIDRAM front-end), the call is guarded by requiring the edit_plugins permission to be set, which by default, is only given to admins and super admins:

        add_action('init', function() use (&$CIDRAM) {
        if (current_user_can('edit_plugins')) {
            $CIDRAM->view();
        }
    });

    This is done for the sake of security, specifically, to prevent unauthorised access to the CIDRAM front-end (the rationale for using edit_plugins as a guard being that if a user is capable of editing plugins in the first place at all, then they must surely be authorised to use an interface intended to administrate one of said plugins, too).

    The fact that I’m seeing the CIDRAM front-end login page when accessing your website (which, given that I’ve never accessed it before, and therefore, naturally, won’t be logged into it, shouldn’t have edit_plugins permissions set) tells me that either (1) where the method call occurs at your WordPress installation, for some reason, that same guard isn’t in place, or (2) at your WordPress installation, for some reason, something has gone wrong with how the permissions for edit_plugins are being set.

    On the bright side, it *also* tells me that CIDRAM is, in fact, installed at your WordPress installation. However, until we’re able to figure out why the CIDRAM front-end login page is displaying for non-logged in users like that, I would recommend disabling the plugin, at least temporarily. The only one you want being able to see the CIDRAM front-end login page, in most cases, is just you.

    Plugin Author Maikuolan

    (@maikuolan)

    so where are the controls an logs located

    Logs and controls can be accessed via the front-end (which is why you need the front-end, but also why you don’t want anyone other than yourself being able to access it).

    Hi does this system/plugin still work

    Yes. ??

    When installed correctly, it should block requests in accordance with how CIDRAM is configured, its installed signature files, modules, etc. There is an “IP testing” page available at the front-end to simulate requests from various IP addresses, user agents, etc, in order to test whether a request would or wouldn’t normally be blocked.

    Non-blocked requests shouldn’t normally see anything different than usual, and so, as long as someone is not blocked, it’s unlikely they would even notice whether CIDRAM is installed at all.

    • This reply was modified 1 year, 8 months ago by Maikuolan.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘cidram issue’ is closed to new replies.