Will Brownsberger

HI Alana,

Here is a little video — does it answer your question?

• This reply was modified 5 years, 12 months ago by Will Brownsberger.

Thanks for the question.

WP Issues CRM anticipates this problem. In the main email view, go to “Controls” at the bottom of the menu on the left and select the “Disqualifiers” tab.

There, you can enter phrases that will disqualify an address as being the address of the sender.

A sender is likely to include your office address as well as their own address. You don’t want WP Issues CRM to get confused and think your office address is the sender’s address.

You want to disqualify your office address, but not any other address. So, you should use terms that typically appear in your office address, but not in any constituent address. For example “Statehouse” or “State House”. If your legislator’s name is very uncommon, you could also use their name, but that might disqualify a constituent address as well.

• This reply was modified 6 years ago by Will Brownsberger.
• This reply was modified 6 years ago by Will Brownsberger.

Thanks for the question.

WP Issues CRM does allow you to give access to users with lesser WordPress privileges.

Go to WP Issues CRM >> Configure and select the Security Tab. There you can set the level of privilege required for four different categories of WP Issues CRM functionality:

• WP Issues CRM general
• Bulk downloads/deletes
• Read and reply to email
• Send email to lists

The configuration functions remain available only to administrators — Options, Fields, Interfaces, Configure and Manage Storage.

Note that in each category of access you have an additional option above and beyond the usual WordPress roles ( administrator, editor, author . . . ). You can give access to “Only Constituent Managers and Administrators”. When WP Issues CRM is installed, you have the option of giving people the role of “Constsituent Manager” (in their User Profile) instead of one of the usual WordPress roles. You would use this role and the corresponding WP Issues CRM security setting in an installation that had a number of existing WordPress users that should not have access to WP Issues CRM and conversely some users that only need access to WP Issues CRM, not the blogging functions of WordPress.

• This reply was modified 6 years ago by Will Brownsberger.

Regarding the first question, the upload facility is part of the main WP Issues CRM page — click the upload Icon — it’s an up arrow. You can tranisition to it from any of the other functions.

Regarding the screen print, something is definitely wrong, but I’m not sure what. That doesn’t look like a problem we’ve seen or heard of in a lot of use of the system. It could be some kind of security issue, but you should just be blocked from the settings page if you lack privileges. Has it resolved? What URL was in the browser when you printed that page? Try a shift-refresh.

Regarding the state options, my recommendation is that you just hide it from the screen using CSS. Don’t remove all the options — leave a blank state at least an option. You can put this css into the Custom CSS tab of WP Issues CRM settings:
.wic-input.state {display: none;}

• This reply was modified 7 years, 11 months ago by Will Brownsberger.
• This reply was modified 7 years, 11 months ago by Will Brownsberger.

Thanks so much for your interest in translating this plug-in.

Unfortunately, you are right that it is not ready for localization.

It plugin is very language intensive — it uses English language at multiple code and data levels and true internationalization is going to be a big job. I want to get to it, but it is months or even years away.

Correct. This plugin, at this stage, is not ready to support full localization and internationalization.

Full localization is particularly difficult in the case of the plugin because many parts of it involve special handling of addresses which vary widely across localities.

I would like to get to this, but it will be a while.

• This reply was modified 8 years, 3 months ago by Will Brownsberger.

Bottom line of this piece is: If you are using gmail, you should be using two-factor identification security anyway and WP Issues CRM works with an app specific password.

WP Issues CRM supports both reading and sending of email through industry standard SSL/TLS encrypted connections. For incoming email, it uses the standard PHP extension that implements the industry standard Internet Message Access Protocol. For sending email, it support several different protocols, most importantly, SMTP which allows you to connect with essentially any outgoing mail server.

Gmail supports access for both sending and receiving using IMAP and SMTP over SSL. Google has also been part of an industry effort to develop a new login (“authentication”) approach for initiating IMAP and SMTP connections over SSL. That approach is known as Oauth. WP Issues CRM does not, at this time, support Oauth.

The central idea of Oauth is to allow apps to access to user-specific data (e.g. email messages ) that reside at Google without actually sharing Google login passwords with the apps. Instead, the app developer manually registers with Google and when users want to grant the app access to Google data, they do so directly from their Google account and Google then sends a unique access token to the app.

This approach is most important in the case of centralized apps like say your favorite sports activity logging application which you might want to give access to your Google (or Facebook) account to gather some personal data. Without Oauth, your sports app would have to know your Google account password and everyone else’s Google account password. So would every app that wanted to get Google information about you. The result would be multiple copies of login information for Google users residing on lots of servers and Google would be much less secure.

Oauth is not so relevant in the case of a WordPress plugin like WP Issues CRM. WP Issues CRM does not store information in any central place. You get your own copy of WP Issues CRM and it does not “phone home” to send data about you in any way. It is not like an app that runs on your phone and interfaces with a central server that supports other users. Your copy of WP Issues CRM only supports you.

WP Issues CRM does store the passwords that you supply for logging in to email and if your WordPress server was hacked, they could be exposed. But at that point, the app specific credentials that you get through the Oauth process would also be exposed. So, although the marginal security advantage offered by Oauth is not zero for a WordPress plugin like WP Issues CRM, it is much less than in it is for an app that is served centrally.

The best alternative to Oauth to protect your password is to use two-factor identification. That way if someone ever does steal your password, they will have a hard time logging into your account. Once you set up two factor security on your account, you can also get an application specific password that allows WP Issues CRM to login.

So, for now, if you wish to use WP Issues CRM to access a gmail account, you should be using two-factor identification to protect your password, but cannot use Oauth.

We’ve researched what would be entailed to add Oauth support to WP Issues CRM — overall, it would force big changes. On the outgoing side, it is not hard. It is easy enough, using standard libraries that could be packaged with the plugin, to access Google to obtain Oauth credentials. It is also straightforward to use those credentials for outgoing email. The standard PHPMailer, which is packaged with WordPress and which WP Issues CRM uses for SMTP outgoing mail, does support Oauth. However, the IMAP functions in PHP, which we use for reading email do not support Oauth, so we would have to switch to using a completely different library of IMAP functions. The only candidate we know about, the Zend framework does not support all actions that WP Issues CRM currently takes through IMAP (e.g., folder creation). Additionally, it does not appear to support message access by UID.

An interesting alternative would be to depart completely from the IMAP/SMTP framework and use the direct GMail API but Google does not seem to recommend this for heavier read/send activities.

One additional reason that adding Oauth for WP Issues CRM does not make sense is the burden involved for users. Since there is no central app, each copy of WP Issues CRM is its own app from the standpoint of Oauth. Each person who installed WP Issues CRM would have to master the Google credentialing process to create their app credentials. Google has made the process clearer, but it is still involves many steps in an environment that is unfamiliar to most users.

Given the availability of two factor identification as a password protection approach, it doesn’t seem like the benefit remotely approaches the cost and uncertainty involved in getting away from the PHP IMAP functions. That is especially the case since Oauth is not truly a standard, it is really an approach and the development involved for Google Oauth would not necessarily improve the interface with any other email provider. The main reason for us to do it would be to avoid having Google call us a “less-secure” app, but that labeling advantage does not seem like enough reason to invest in it.

But let us know if we are wrong — we’d be very interested to hear if you feel Oauth support would be valuable for you and why.

One additional reason that adding Oauth for WP Issues CRM does not make sense is the burden involved for users. Since there is no central app, each copy of WP Issues CRM is its own app from the standpoint of Oauth. Each person who installed WP Issues CRM would have to master the Google credentialing process to create their app credentials. Google has made the process clearer, but it is still involves many steps in an environment that is unfamiliar to most users.

I’ve further researched this issue. See my further comment under the title “Gmail and WP Issues CRM” in this forum.

WP Issues CRM is really not an “app” in the same way that other apps might be “less secure” — each WP Issues CRM user is creating their own app; there is no central place where passwords might be compromised.

• This reply was modified 8 years, 5 months ago by Will Brownsberger.

Thanks for writing.

I don’t think that is a comment on the app, but on how it is logging in to google.

Google also offers a new very complex login interface for its apps, know as OAuth 2.0. This protocol is desirable and basically a replacement for traditional password access.

I don’t support Oauth 2.0 at this time. It is a bear to set up on the google side (for you, the user — each account has to go through the process ) and unless you are using a lot of apps from google, it may not be worthwhile. I don’t think many users would be ready to go through that. But let me know how you feel about it after reading this page.

Are you using two factor identification for your google account? I use two factor identification for my regular google login. Then, to set up WP Issues CRM, I use an app specific password. That is one much easier way to improve security.

I am near the end of preparing a major upgrade of this app which will include big user interface improvements in the email functionality. It will be more intuitive — more like a typical inbox.

This is a good time to request enhancements in the email functionality, so please do follow up with more questions and comments and let me know if you really want Oauth — I might be able to work it in.

• This reply was modified 8 years, 5 months ago by Will Brownsberger.

The plugin has its own constituent table and does not automatically connect to the WordPress user table.

It does link via email address to the comments table (which includes email address, since WordPress allows email address to be entered with a comment and supplies it for logged in users). Links to any online comments are shown when viewing a contact.

If you describe a little more what you are looking for, we can keep it in mind as an enhancement for future releases. Would be interested to hear about your use case.

Thank you. We use it every day ourselves, so we will keep it up to date!

Thanks again for bringing this to my intention. I think I’ve nailed it now. There were some blank query requests being issued in the install process. The warning messages responding to those were generating the output you noticed.

Additionally, in the course of fixing this, I came across a bug that generated install errors for the reply email function in multi-site installations.

These bugs are all fixed in version 2.6.1 which is now live. Please do upgrade.

Thanks again for the feedback.

Thanks for letting me know about this! You shouldn’t be getting this message, but it probably does not indicate an actual problem and it should not recur (except possibly at the time of version upgrades).

This is the first report of it from others, but there is one harmless gremlin that I have been chasing:

WP Issues CRM does create new tables in your database for efficient storage of constituent data. It uses the standard WordPress database upgrade routine (dbDelta in upgrade.php) to do that. I have myself seen on a few occasions at the time of version upgrades a spurious message (originating from MySQL) suggesting dup key error in the table creation process.

However, there are definitely no dup keys being created by WP Issues CRM and the error is intermittent, occurring only on some upgrades/installs, so I chalk this up to a glitch in dbDelta — I’ve been unable to narrow it further to date.

If you install a log viewer plugin and turn debug on you can view the underlying error message.

You may see a message like the following:
[17-Apr-2016 09:37:10 UTC] WordPress database error Duplicate key name 'time_stamp' for query ALTER TABLE wp_wic_activity ADD KEY time_stamp ( email_batch_time_stamp ) made by require_once('wp-load.php'), require_once('wp-config.php'), require_once('wp-settings.php'), do_action('plugins_loaded'), call_user_func_array, WIC_DB_Setup::update_db_check, WIC_DB_Setup::database_setup, dbDelta

I’d actually be very interested to confirm that that is the message you are getting. That’s the harmless gremlin I am aware of and will continue to pursue, but if you see another message, I’d be even more eager to know about it.

Have you updated the plugin? You need to affirmatively do that on the WordPress plugins panel.

The other possibility is that you didn’t map phone number for this upload — it only shows the matches that are available for the fields you have mapped.