Plugin without ‘/wp-admin/admin-ajax.php’

  • Resolved Iyngvar

    (@iyngvar)


    8 years, 2 months ago

    Hi !
    Can you make new version of plugin without needed ‘/wp-admin/admin-ajax.php’ call in recaptcha.js ?

    For example, make a detached function for this purpose.

    P.S. Cause wp-admin closed by password for security reason and plugin does not work for other users.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author jmviade

    (@jmviade)

    Hello, Lyngvar,

    I’m sorry but I don’t exactly understand what’s your problem with the password…. For example, what password? WordPress password, Google password, ReCaptcha passowrd? And your configuration, the exactly step in which other user are blocked, etc.

    Please, send me more details about this change and I’ll study your suggestion. If you are right, I’ll introduce this change in the next version.

    Thank’s in advance, and happy new year.

    Sincererly,

    Joan Miquel

    Thread Starter Iyngvar

    (@iyngvar)

    .htpasswd for web server (HTTP authorization).

    Users don’t have access to wp-admin directory according .htpasswd rules.
    Only admin have access.

    So ‘/wp-admin/admin-ajax.php’ call in recaptcha.js can’t use any functions from admin-ajax.php and plugin does not work for users.

    And if I login as admin (HTTP authorization) – it’s worked normaly.

    Thank’s

    Plugin Author jmviade

    (@jmviade)

    Hello Lyngvar,

    Inside the file “recaptcha.js”, the unique point where the plugin uses ‘/wp-admin/admin-ajax.php’ is when it’s verifying the recaptcha field. Exactly, function ‘griwpcVerifyCallback’ (lines 90-109). And a website user never access this rutine.

    This rutine is used by a background call after the user fills the recaptcha request. And the background call is always executed in admin mode.

    In any case, I tested the plugin in a new and fresh WP installation and when I’ve accessed to the comments form as a disconnected user, the plugin works perfectly.

    I’m sorry but I coudn’t find any malfunction in the plugin: “non logged users” can perfectly access to the comments form, uses the recaptcha field and send comments…

    Perhaps… I didn’t understand your explanation, if this is the case, please, send me a detailed information about “What do you exactly want to do” with the plugin, what do you exactly need…

    Best regards.

    Joan Miquel

    Thread Starter Iyngvar

    (@iyngvar)

    I have a custom wp theme for my site and use “Forced javascript output = ON” on “Output Screen Settings” section to see the reCAPTCHA field (and can’t see it in other case).

    I have .htaccess and .htpasswd in my wp-admin directory for security reason (they are absent in fresh wp installation).

    In my case, any “/wp-admin/admin-ajax.php” call lead to http authentication window (you may see an example of this window on https://www.httpwatch.com/httpgallery/authentication/#showExample10) for all users after checking captcha.
    So, if user not entering name/password (in http authentication window) then button “send” is not active.

    And I think (IMHO of course), the best way – use standalone functions for use in ‘griwpcVerifyCallback’ instead of using ‘/wp-admin/admin-ajax.php’ functions

    P.S. What information do you need more? Make the test blog with the same error for you?

    • This reply was modified 8 years, 2 months ago by Iyngvar.
    Plugin Author jmviade

    (@jmviade)

    Thanks Lyngar,

    Now, I think that I understand you. I’m working on it.

    Please excuse my previous over-cautiousness about the verification function but you will understand that I really needed to know exactly what the settings were, how the environment was working and the purpose of the modification. It’s the verification process!!!!

    On the other hand, I did not know the exact configuration of your .htpasswd so I could hardly check all the options properly so, before anything else, I thank you for your patience in responding and showing me the details.

    Please contact with me via my website form (www.joanmiquelviade.com) and so, after publishing a new version of the plugin I’ll send you via email a new beta version and if it works (nobody is in a better position to test the beta version than you) I’ll introduce this new option in plugins’s settings panel.

    I look forward to your e-mail and, with your permission and if there is not more information that you want to say me in, a couple of days I’ll mark this thread as resolved.

    Thank’s in advance.

    Joan Miquel

    Thread Starter Iyngvar

    (@iyngvar)

    It’s OK.

    A lot of thank’s.

    P.S. I wrote to you trouhg the contact form on your site.

    P.P.S. Does not matter what is in .htpasswd – it’s only ‘user:password’ pairs ??
    And in addition .htaccess file:

    AuthType Basic
    AuthName “For registered users only”
    AuthUserFile “.htpasswd”
    require valid-user test

    • This reply was modified 8 years, 2 months ago by Iyngvar.
    • This reply was modified 8 years, 2 months ago by Iyngvar.
    Plugin Author jmviade

    (@jmviade)

    Ok. I see.

    I’ve already received your email so, I’m going to close this thread.

    In a few days I’ll say you something via e-mail.

    Best,

    Joan Miquel

    Thread Starter Iyngvar

    (@iyngvar)

    Hi !
    What about new version of plugin ?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Plugin without ‘/wp-admin/admin-ajax.php’’ is closed to new replies.