Adam

[Adam]

Bumping to hopefully get some info on the best way to more-heavily modify the horz search form.

There are at least three other desirables here:
* Adjust labels for fields (currently no way to adjust labels based on 3rd-person context)
* Insert other content between fields (helpful notes, etc.)
* Adjust the column assignments from their default settings, e.g. ‘two columns’ for most fields.

[Adam]

Note: simply running a search and clicking page 2, 3, etc works fine. This problem only occurs if you leave the members page and use ‘back’ button to return.

[Adam]

Thx Abe! 🙂

Attachments:

You must be logged in to view attached files.

[Adam]

thanks @abe,

we’ve added #jumplinks to most places in order to bring the scroll down to the relevant area

(closed)

[Adam]

Thanks @abe,

I’ll post my modification in my own functions.php when I get it working

[Adam]

@catalin:

the site is meetmindful.com

to replicate:

* create account (http://www.meetmindful.com/register) and note the exact formatting of the e-mail address you provide
* activate via link sent to your e-mail
* login and make sure password is OK
* log out
* go through log-in flow again but choose “I forgot”
* enter e-mail address with funky ChaRaCTer CapITaliZatiOn
* – you should see a valid e-mail address will fail if not entered exactly as submitted during registration –

again, this is mostly an issue because:
* people sign up using all-lower case e-mail addresses
* on some mobile devices (iPhone) the first letter may get auto-capitalized
* the conflict between first-letter capitalization on password retrieval and NO caps during registration results in the user being told their e-mail address doesn’t exist in our system, when in fact it does.

thanks for checking this out!

[Adam]

@catalin,

We’ve disabled all caching plugins/features offered by our host (wpengine), for now.

We also haven’t installed any caching plugins of our own.

This really only happens on mobile. Feel free to create an account and try to replicate: meetmindful.com

[Adam]

@abe – thanks!

Yes, if there is rotation when taking the photo, supposedly, meta data is saved with the photo that tells *certain* image-reading applications to correct the rotation when viewing photos.

Obviously we’re missing this ability on the web server, or with buddypress.

I can create a thread on the buddypress forums to try and investigate further.

If other users of sweetdate have this issue hopefully they’ll just find my thread, and update if they find a solution..

[Adam]

Any chance this kind of thing is being rolled into sweetdate at some point?

[Adam]

and my modified members loop code

COPY CODE

<?php if ( bp_has_members( bp_ajax_querystring( 'members' ).mm_saved_search_params().'&per_page='.sq_option('buddypress_perpage') ) ) : ?>

[Adam]

COPY CODE

/************** AUTO FILTER MEMBERS PAGE ******/

add_action('bp_before_members_loop', 'mm_autofilter_members'); 

function mm_autofilter_members() {
  
  // Only offer feature to logged in users who havent yet answered prompt and are not executing a search already..
  if(is_user_logged_in() && !isset($_GET["field_4"]) && $_COOKIE['mm_autofilter'] != 'true' ): 
    
    // Prepare info to be saved to cookies
    global $bp;
    $loggedin_user_id = $bp->loggedin_user->id;
    
    $user_sex = xprofile_get_field_data('Sex', $loggedin_user_id );    
    
    $user_looking_for = xprofile_get_field_data('Looking to meet', $loggedin_user_id );
    
    $translated_user_sex = ($user_sex == 'Male' ? 'Men' : 'Women' );
    
    $translated_user_looking_for = ($user_looking_for == 'Men' ? 'Male' : 'Female' );
    
    $expirestring = 'Thu, 18 Dec 2015 12:00:00 GMT; path=/';

    ?>
    <script>
      if(confirm('Only show <?php echo $user_looking_for ?>?')) {
        document.cookie='mm_autofilter=true; expires=<? echo $expirestring; ?>';
        document.cookie='mm_results_looking_for=<? echo $translated_user_sex; ?>; expires=<? echo $expirestring; ?>';
        document.cookie='mm_results_gender_is=<? echo $translated_user_looking_for; ?>; expires=<? echo $expirestring; ?>';

        window.location = '/members';
      } else {
        document.cookie='mm_autofilter=false; expires=<? echo $expirestring; ?>';
      }
    </script>
  
  <?php
  endif;
  
}

function mm_saved_search_params() {
  
  if($_COOKIE['mm_autofilter'] == 'true') {
    
    return mm_custom_ids('Sex', $_COOKIE['mm_results_gender_is']);
        
  } else {
    return '';
  }
}

function mm_custom_ids( $field_name, $field_value = '' ) {
  
  if ( empty( $field_name ) )
    return '';
  
  global $wpdb;
  
  $field_id = xprofile_get_field_id_from_name( $field_name ); 
 
  if ( !empty( $field_id ) ) 
    $query = "SELECT user_id FROM " . $wpdb->prefix . "bp_xprofile_data WHERE field_id = " . $field_id;
  else
   return '';
  
  if ( $field_value != '' ) 
    $query .= " AND value = '" . $field_value . "'";
  
  $custom_ids = $wpdb->get_col( $query );
  
  if ( !empty( $custom_ids ) ) {
    // convert the array to a csv string
    // had to switch to exclude here??
    $custom_ids_str = 'exclude=' . implode(",", $custom_ids);
    return $custom_ids_str;
  }
  else
   return '';
   
}

[Adam]

I changed that up to this. Does anyone know why this only works when I EXCLUDE based on the query? I expected this to select IDs to INCLUDE but it works perfectly inverse..

COPY CODE

/************** AUTO FILTER MEMBERS PAGE ******/

add_action('bp_before_members_loop', 'mm_autofilter_members'); 

function mm_autofilter_members() {
  
  // Only offer feature to logged in users who havent yet answered prompt and are not executing a search already..
  if(is_user_logged_in() && !isset($_GET["field_4"]) && $_COOKIE['mm_autofilter'] != 'true' ): 
    
    // Prepare info to be saved to cookies
    global $bp;
    $loggedin_user_id = $bp->loggedin_user->id;
    
    $user_sex = xprofile_get_field_data('Sex', $loggedin_user_id );    
    
    $user_looking_for = xprofile_get_field_data('Looking to meet', $loggedin_user_id );
    
    $translated_user_sex = ($user_sex == 'Male' ? 'Men' : 'Women' );
    
    $translated_user_looking_for = ($user_looking_for == 'Men' ? 'Male' : 'Female' );
    
    $expirestring = 'Thu, 18 Dec 2015 12:00:00 GMT; path=/';

    ?>
    <script>
      if(confirm('Only show <?php echo $user_looking_for ?>?')) {
        document.cookie='mm_autofilter=true; expires=<? echo $expirestring; ?>';
        document.cookie='mm_results_looking_for=<? echo $translated_user_sex; ?>; expires=<? echo $expirestring; ?>';
        document.cookie='mm_results_gender_is=<? echo $translated_user_looking_for; ?>; expires=<? echo $expirestring; ?>';

        window.location = '/members';
      } else {
        document.cookie='mm_autofilter=false; expires=<? echo $expirestring; ?>';
      }
    </script>
  
  <?php
  endif;
  
}




function mm_saved_search_params() {
  
  if($_COOKIE['mm_autofilter'] == 'true') {
    
    return mm_custom_ids('Sex', $_COOKIE['mm_results_gender_is']);
        
  } else {
    return '';
  }
}



function mm_custom_ids( $field_name, $field_value = '' ) {
  
  if ( empty( $field_name ) )
    return '';
  
  global $wpdb;
  
  $field_id = xprofile_get_field_id_from_name( $field_name ); 
 
  if ( !empty( $field_id ) ) 
    $query = "SELECT user_id FROM " . $wpdb->prefix . "bp_xprofile_data WHERE field_id = " . $field_id;
  else
   return '';
  
  if ( $field_value != '' ) 
    $query .= " AND value = '" . $field_value . "'";
  
  $custom_ids = $wpdb->get_col( $query );
  
  if ( !empty( $custom_ids ) ) {
    // convert the array to a csv string
    // had to switch to exclude here??
    $custom_ids_str = 'exclude=' . implode(",", $custom_ids);
    return $custom_ids_str;
  }
  else
   return '';
   
}

[Adam]

That last part ^ seems to be corrected by updating to the latest version of the theme, which may mean this was fixed or was the result of some erroneous modification I had made to the base theme.

In any case, if anyone works out a solution for saving search results for later use (automatic use) pls share? I’ll do the smae.

Right now I’m thinking the shortest way to this would be to modify all links to the members page to automatically include the necessary parameters?

[Adam]

I’m also looking for a way to save these preferences now, ideally only when confirmed by the user after their first search.

We’ve also noticed that if you navigate to a user’s profile, and then ‘back’ (back button) to the search results, and then move forward to an additional page of results, the app returns users that are outside of the search criteria.

[Adam]

Going to mark this resolved and post the code that WPEngine is using to fix sites with this issue:

COPY CODE

<?php
/**
 * Plugin Name: Fix AJAX 403
 * Plugin URI: https://gist.github.com/JPry/c8ad046c49f3f4a54377
 * Description: Prevent bad AJAX login requests from generating a 403 code
 * Version: 1.0
 * Author: Jeremy Pry
 * Author URI: http://jeremypry.com/
 * License: GPL2
 */
 
// Prevent direct access to this file
if ( ! defined( 'ABSPATH' ) ) {
	die( "You can't do anything by accessing this file directly." );
}
 
add_action( 'muplugins_loaded', 'jpry_adjust_wpe_hooks' );
function jpry_adjust_wpe_hooks() {
	remove_action( 'wp_login_failed', 'wpe_login_failed_403' );
	add_action( 'wp_login_failed', 'jpry_login_failed_403' );
}
 
function jpry_login_failed_403() {
	// Don't 403 for Ajax requests
	if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
		return;
	}
	
	status_header( 403 );
}

[Adam]

Hi Abe, I believe I updated to 2.6.1 some time ago, at least with the main /sweetdate/ theme folder anyway. I didn’t grab and over-write the child theme… I’m still fuzzy on best practice for rolling in sweetdate updates, and what to do with the child theme folder.

Anyway. WPEngine will be making some changes to their core (‘required’) plugin as a result of my ticket. They pushed a fix to a bare-bones/vanilla install I had setup (‘mmstock.wpengine.com’) and their fix solved this issue.

[Adam]

Oh sorry this is the top-members thread. I’m still excluding by IDs there.

I used that ^ link for the /members page..

this forum reeeeeeallly needs and [edit] button D:

[Adam]

Yep – I found that and made a togglable plugin out of it. Should have updated this thread.. thanks!

[Adam]

Oh man, I just switched everything back to checkboxes, haha Thanks Abe

Our registration.php is highly modified so I’ll have to try and figure out how to implement vs. total replacement.

Any background on what the underlying issue is here with select multiple??

[Adam]

How do we fix this for <select multiple> used on registration form?

[Adam]

Disregard the above. That was an issue with caching.

The fix provided allows multi-select data to save as-expected. Thx!

[Adam]

I’m also not sure where to drop that file.

When dropped in sweetdate-child/members/single/profile/edit.php, my profile/edit screen repeats all the profile fields twice.

[Adam]

Does this help multi selects used in registraton, too? The DB is only receiving the last selection used in registration.

[Adam]

(from the Netherlands)

[Adam]

are you ‘chrismanners’ ? if not i’m incredibly shocked that someone seemingly random has already signed up. Haha

[Adam]

also see post 18183? not sure if that helps..

https://archived.seventhqueen.com/forums/topic/login-modal-not-exposing-issues-with-passwordsadmin-ajax-permissions#post-18183

[Adam]

I just published literally 5 minutes ago .. 🙂

http://www.meetmindful.com

[Adam]

so right now I’m just adding all of the admins/editors/contributors user ids to an &exclude= .. but this doesn’t seem ideal. So any shortcuts to a by-role solution would be appreciated!

[Adam]

I should say – I’m using BP 2.0 so is it easier to a custom bp loop other than the Top Members bp_parse_args instead of kleo_top_members?

[Adam]

I had ‘Sex’ as a radio option and it wouldn’t show up in the settings until I changed it to a <select> D:

[Adam]

Yes I would be OK with that as a temporary solution, but now need to figure out why that isn’t occurring in our customized version of the theme, elsewhere, where the modal just hangs on ‘Sending info…’

[Adam]

wp-admin/admin-ajax.php is accessible in all other functions of the website, except when handling a bad password.

The 403 header is applied by the wpengine plugin

COPY CODE

function wpe_login_failed_403() {
status_header( 403 );
}
add_action( ‘wp_login_failed’, ‘wpe_login_failed_403′ );

In my case.. it may not actually be an appropriate header?

Since the modal hangs on “Sending info..” then it seems the wp_signon is never actually taking place? Because if it was, then the check immediately afterward should either be showing me the “wrong password” message OR redirecting me elsewhere. Right? But it’s doing nothing.

COPY CODE

$user_signon = wp_signon( $info, false );
        if ( is_wp_error($user_signon) ){
            echo json_encode(array('loggedin'=>false, 'message'=> '<i class="icon-warning-sign"></i> ' . __('Wrong username or password. Please try again.', 'kleo_framework')));
        } else {
            $redirecturl = apply_filters( 'login_redirect', '', '', $user_signon );
            echo json_encode(array('loggedin'=>true, 'redirecturl' => $redirecturl, 'message'=> '<i class="icon-ok-sign"></i> ' . __('Login successful, redirecting...','kleo_framework')));
        }

[Adam]

I tried the suggested fix and nothing changes. I see the form action now has the extra parameter but this doesn’t help… admin-ajax stil 403, it seems the wp_signon is never taking place.

[Adam]

Wordpress Engine says this about the issue:

The 403 comes from our plugin. You can find the code for that here: /wp-content/mu-plugins/wpengine-common/plugin.php

function wpe_login_failed_403() {
status_header( 403 );
}
add_action( ‘wp_login_failed’, ‘wpe_login_failed_403’ );
The form action for the modal box has wp-login.php hardcoded, and bypasses our login protection which is part of the issue. Here is what the form action URL should look like: http://cl.ly/image/1S1e0l143c2R – And here is the code I suggest as an alternative:

<?php echo esc_url( site_url( ‘wp-login.php’, ‘login_post’ ) ); ?>
The modal box currently uses this code to generate the form action:

<?php echo wp_login_url(apply_filters(‘kleo_modal_login_redirect’, ”) ); ?>
The WordPress Codex also recommends site_url over wp_login_url.

http://codex.wordpress.org/Function_Reference/wp_login_url

[Adam]

I meant to say “ajaxurl” is defined properly on dev/staging, where the 403 issue STILL occurs.

For some reason on my bare-bones ‘stock’ install with just BP and SweetDate and no customizations, ajaxurl is not being defined before being called. BUT proper login/password combinations work. Again, only the bad combinations trip up.

[Adam]

admin-ajax is defined on my DEV install and STAGING install, and still suffers from the issue described here, where admin ajax returns 403 if the password is incorrect.

FYI the demo site shows 500 internal server error on admin-ajax.php when you load the home page.

QUESTION: Is there any to modify is_wp_error to include a case for 403 on admin-ajax?

COPY CODE

add_action( 'wp_ajax_nopriv_kleoajaxlogin', 'kleo_ajax_login' );

if (!function_exists('kleo_ajax_login')):
	function kleo_ajax_login()
	{
		// Check the nonce, if it fails the function will break
		check_ajax_referer( 'kleo-ajax-login-nonce', 'security' );

		// Nonce is checked, get the POST data and sign in user
		$info = array();
		$info['user_login'] = $_POST['log'];
		$info['user_password'] = $_POST['pwd'];
		$info['remember'] = true;

		$info = apply_filters('kleo_ajaxlogin_atts', $info);
		
		$user_signon = wp_signon( $info, false );
		if ( is_wp_error($user_signon) ){
			echo json_encode(array('loggedin'=>false, 'message'=> '<i class="icon-warning-sign"></i> ' . __('Wrong username or password. Please try again.', 'kleo_framework')));
		} else {
			$redirecturl = apply_filters( 'login_redirect', '', '', $user_signon );
			echo json_encode(array('loggedin'=>true, 'redirecturl' => $redirecturl, 'message'=> '<i class="icon-ok-sign"></i> ' . __('Login successful, redirecting...','kleo_framework')));
		}

		die();
	}
endif;

add_action( 'wp_ajax_kleoajaxlogin', 'kleo_ajax_login_priv' );

if (!function_exists('kleo_ajax_login_priv')):
	function kleo_ajax_login_priv() {
	$link = "javascript:window.location.reload();return false;";
		echo json_encode(array('loggedin'=>false, 'message'=> '<i class="icon-warning-sign"></i> ' . sprintf(__('You are already logged in. Please <a href="#" onclick="%s">refresh</a> page','kleo_framework'),$link)));
		die();
	}
endif;

Attachments:

You must be logged in to view attached files.

[Adam]

^ yes, but it is a better idea to give the user control of this as a filter in the search form.

“Only show (people/products) with images” is a common and increasingly-expected filter for dating/e-commerce sites.

I would be interested in a custom solution for adding this switch to the search form in the mean time.

[Adam]

Actually on my vanilla install of sweetdate/bp ajaxurl is not being defined on the home page at all? So password retrieval doesn’t work either

[Adam]

^nvm the above

ajaxurl is set properly and admin-ajax can be accessed when doing other things like retrieving a password.

It is only when a bad password is entered that this occurs.

[Adam]

“Expires: Wed, 11 Jan 1984 05:00:00 GMT”

??

[Author]

Posts