Rogue entries in database

  • Resolved pcgardner

    (@pcgardner)


    3 years, 7 months ago

    I have set up a membership database with email verification. It’s working fine, but someone has found a way to add blank records to the database – see screenshot at https://cofe-equal-marriage.org.uk/wp-content/uploads/2021/04/List-Participants-?-problem-records.png. Not quite blank: as you can see, the rogue records (marked with a red dot) have the ‘Approved’, ‘Private ID’ and ‘Date Signed’ fields completed, but nothing else.

    Debugging how this is happening might be quite complex, so is there a way to automatically delete records where the email field is empty? An action in functions.php, perhaps?

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author xnau webdesign

    (@xnau)

    Make sure you don’t have any kind of page caching active on the signup page, and also on the “thanks” page, if you’re using one.

    It is possible to “vet” submissions with a bit of code on the “pdb-check_submission” filter.

    I have posted a demonstration of this here:

    https://gist.github.com/xnau/f98cb9bffc07fde03ce841fa150a6f72

    Thread Starter pcgardner

    (@pcgardner)

    Thank you very much – I’ll try the pdb-check_submission filter.

    Thread Starter pcgardner

    (@pcgardner)

    I added the pdb-check_submission filter, but these rogue entries are still appearing. Presumably they are being added by a method that doesn’t use the normal submission route.

    I still think the easiest way to deal with this is to automatically delete them, as in my original question. Is there a way to automatically delete records where the email field is empty? For example, could I add some PHP code to one of the custom templates that would iterate through all the records in the database (unfiltered) and delete those with an empty email field?

    Plugin Author xnau webdesign

    (@xnau)

    I would certainly like to know how that is happening, but that would require some detective work. If they are bypassing the filter I gave you, then however those entries are happening, it is not via the plugin, all new record entries are passed through that filter, both on the frontend and admin.

    Your idea would work, the best way to deploy something like that is in a custom plugin or your theme functions.php file. Putting this into a display template runs the risk of slowing down the page.

    Are these extra records causing a problem? It is possible to avoid displaying them, for instance.

    Thread Starter pcgardner

    (@pcgardner)

    Thank you. I appreciate that these entries cannot be happening via the plugin. They are not causing a problem per se (they are not displayed), and there are only one or two new ones each day, but I am concerned that they might somehow be used for an attack, so I would like them to be deleted automatically.

    I don’t know if this would be the best way of doing it, but I am now thinking of a function that monitors the number of records in the pdb database and, when a new record is detected, checks to see if the email field is empty and if so deletes the record. That would be more efficient than my previous idea of iterating through all the records. Any old records with an empty email field can be deleted manually, which shouldn’t need to be done more than once.

    I don’t think I am competent to write such a function from scratch, unfortunately. Do you have any existing code that could be adapted?

    Thread Starter pcgardner

    (@pcgardner)

    Given that the problem turned out not to be due to the plugin, I’m closing this thread and will look for further help elsewhere. Thanks very much for your assistance so far.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Rogue entries in database’ is closed to new replies.