Move Notification Settings page to User’s Profile, advice

@sam11nedj66

Subscribe2 doesn’t allow admin access – that comes with WordPress registration and Subscribe2 then takes advantage of that access granted to present your user with options.

There are filters in place that allow you to further limit access to the Subscribe2 pages, see the ‘s2_capability’ hook as documented in the API information.

It would not be an easy task to move the options to the bottom of the Profile page as the form presentation and processing would need separating and adding to different core hooks for that page.

I’m also not clear on why you consider that accessing wp-admin/profile.php is not a security risk but accessing the Subscribe2 Profile page is.

Thanks for a quick reply. I’ll try to clarify the situation the best I can.

I understand that it is WordPress that grants access. Sorry for not expressing it clearly.

The reason why I consider accessing the User Profile much less of a security risk, and annoyance, than Subscribe2 Profile is that I can access the User Profile from front end. Since I easily can restrict access to back-end for editors, authors, contributors and subscribers and still access and update User Profile from front-end the problem with unwanted access to back-end for registered Subscribe2 users is a greater security risk.

The situation is this. If a registered Subscriber2 user (contributor) gets access to back-end it means the user can write posts (cannot publish), write FAQs (cannot publish) copy shortcodes in Contact7, view all types of comments (pending, approved, spam and trash) and access Tools (Press this). On top of that the user can access the User Profile page in backend and Notification Settings in Subscribe2. To sum it up, the user has access to stuff that he does not need to have access to and that is not beneficial to me, or other site owners. I can sort this by changing the capabilities in the “other functions/plugins”. I cannot see how I can fix it by changing caps for Subscribe2 users.

On top of this, when a registered user (contributor) on my site he has access to his User Profile page from front-end and can update all relevant data (except subscriptions) he is faced with three different “Profile Pages”. One is the front-end version. The other is User Profile in back-end. And the third is what you refer to as “the profile”. That is the Notification Settings page. Strictly speaking that is not a “Profile page”, it is a settings page.

I think you can see I have some problems. And I don’t think I am the only one having them.

The usual role for someone who is subscribing to Subscribe2 is subscriber. Then the back-end only shows User Profile and the Notification Settings. But the subscriber is still ushered into the back-end. There is not as much to “fool around with” as if the Subscribe2 subscriber is a contributor.

I understand that can you say simply can say, “Well, that’s my problem”. I do think that many users of the plugin would appreciate if the subscriptions could be handled from front-end. At least there are a number of them asking for it in the forum in the last couple of years. There is no purpose in letting Subscribe2 users get into back-end if they can be kept outside. I think you agree.

If you could, in the paid version, arrange that Notifications Settings were in the User Profile I’ll be happy to supply you with the Premium Themes that transfers full User Profiles from back-end to front-end. And I would be pleased to pay for the Paid version and getting images and HTML as well. Hopefully there are many more that feels the same.

I don’t know if this makes sense to you. If you have any questions, I’m ready to answer all of them.

Thank you for spending time answering,

G?ran Rudling

P.S I think you understand that I am a programming midget. I know what functionality I want, but I have no clue of how to get there.

@sam11nedj66

I understand you scenario much better now – thank you.

In older version of Subscribe2 the user level subscription menu used to be under the User Profile heading but not on that page, this was changed based on user feedback!

Anyway, moving the page is of course possible, however that page also allows for Administrators and higher level users to edit the subscription for lower level users and it also handles across blog subscriptions when running in Multisite mode. I suspect that a good number of users don’t really care where the form is but having some flexibility would be nice – however this would require some level of abstraction of the current code to avoid widescale duplication.

In summary then, it’s possible and I’ll certainly investigate, but it won’t be quick. Final thing – there used to be an extension to Subscribe2 called TT Frontend, if you can find it, it delivers the profile form on the front end via use of a shortcode.

I am pleased that you do see the problem I’m having with the present Subscribe2 plugin because of having the default user being contributor. How many other people out there experiencing similar problems I don’t know. I just guess it is more than we think. I’m not trying to say you’ll get rich if you fix it. But it will be a better plugin and at least I will love it.

Since the settings for a user is very individual I think that including Notification Settings with the other personal settings will make sense. As I said earlier, I am happy to supply you with the Premium Themes that simply move the User Profiles to front-end if that in any way will help you.

For a non-programmer the “move” seems simple. I understand that there is a hell of a lot more to it than what is seen. I want you to know that I do think the plugin is cleverly constructed and it is much more useful than other subscribe to plugins. Beyond comparison. Putting the Notification Settings in front-end would make it even more attractive. It is also a more secure solution. Something that should be stressed in promotion of the plugin.

I’ll spend some time thinking about “real needs” for a user and if I have some more ideas I’ll come back to you. If you have any ideas of how to solve this I am more than happy to give you my opinion.

Thanks for your time and effort. I really do appreciate it.

P.S. I use the plugin for having customer subscribe to instant ad-updates. A version of categories. I think the benefit for the customer is greater than the security risk I am facing. I hope I am right. I’ll let you know.

• This reply was modified 8 years, 2 months ago by gorudin.
• This reply was modified 8 years, 2 months ago by gorudin.

After checking plugins for user roles/capabilities I’ve found a plugin, https://www.ads-software.com/plugins/advanced-access-manager/, that helps to reduce the problem with visible menus on back-end.

The plugin works fantastically well and reduces to main problem of showing a contributor menus that he should not be able to see. Still though, Subscribe2, displays the Notification Settings in back-end.

Still I would like it if you somehow could move the Notification Settings to User Profile.

Thanks for great support.

@sam11nedj66

I’ve done some work on abstracting the current code for the Your Subscriptions page that so far maintains all currently functionality (and also plugs a cross user security hole!).

I now need to check if I can add the content of that page to the Profile page and test it works there. These changes might make the next release of Subscribe2 HTML, I’ll keep you posted.

Brilliant!

I’m all ears.

@sam11nedj66 / G?ran

I’ve managed to abstract my code enough now and have some conceptual code that added the for to the admin side ‘Profile’ page with a little bit of code.

Let me know if you can arrange a test so we can see if this works with your theme, perhaps best contacting me via here:
https://semperplugins.com/contact/

Hi there,

I also wait the next version. Can You say something about the development status?

I want to use the plugin to sent post notifications to subscribers who are not wp-users (NO wp-role). They shouldn’t have any access to the backend. The actual profile page contains registered wp-users (“Do not send notifications for post made by these authors” …). This part they shouldn’t see also. But on the other hand the top part
“Notification Settings
Receive email as …
Automatically subscribe me …
Subscribed Categories
Select / Unselect All …”
is essentially for my users/subscribers. But if they have no wp-role, in the actual version 10.21 they don’t get the profile page at all.
Unfortunally I cannot help You to code, but if You want, I can test. And if the plugin is ready and usable (for my purposes) I’ll translate it in german.

Thank You