Receiving tons of fake subscription emails

Mind sharing a link to the signup form so I can have a look?

Oh yes of course! Sorry I should have done that in the first place.
https://www.vacationinpuertovallarta.com

It’s in footer at bottom

Thank you so much and I love this plugin by the way! Great work!

OK, I am seeing some errors on that page which should probably be addressed. If you load the page and check the Javascript console you’ll see that 3 plugin files are generating 500’s. Not sure what the problem is there. You may see something in your PHP error log, but likely not, as the files are Javascript and CSS.

As to the spurious emails, I don’t see anything that would cause this, but I do have a fix for one of the files that I think will help.

In the files classes/PDb_Signup.class.php on line 91, you’ll find:

$this->submitted = true;
$this->participant_values = Participants_Db::get_participant( $this->participant_id );

Replace that with this:

$this->participant_values = Participants_Db::get_participant( $this->participant_id );
if ($this->participant_values) $this->submitted = true;

Let me know if that doesn’t help.

k Looks like the fix has stopped the fake signups from coming… might still be a bit too soon to really tell but I haven’t received a single one since your change was applied… so far so good.

On the other hand, I am still receiving new signups from site but they are from old signups… not new at all.

Here’s an example:
_______________________
A new signup has been submitted

Name: Don Doty
Email: [email protected]
Edit this new record here: https://www.vacationinpuertovallarta.com/wp-admin/admin.php?page=participants-database-edit_participant&action=edit&id=2
_______________________

These signups dates back to couple weeks ago… we just launched this site a couple weeks ago and we have only 3 signups so far but I am receiving emails of these same ones almost on a daily basis..

Help? Thanks a bunch!

OK, well wat’s going on is this: when a web page with either the [pdb_signup] or [pdb_signup_thanks] on it is loaded, it checks for a variable named ‘id’ in the URL. This is how it knows that a successful submission has just been made, and uses that ID to send out the email notice.

What you have going on on that website (although I don’t see it) is that a variable named “id” is in the $_GET array when the page is loaded, and if it matches a record, it sends out the notification. It’s partly my fault for using such a generic variable name, but it hasn’t been a problem so far…most of the time, the URL is free of spurious variables. You need to go in and see how that page is getting requested with an ‘id’ variable in the URL.

ok.. I think I understand… I do have widgets on home that call a page and those widgets are numbered 1 & 2. That was a customization we had to implement on the theme. But because this might be more complicated to change, I am wondering how difficult it would be to add a prefix to your ID’s?
Something like say: ID=pd1, pd2, pd3 etc.. instead of just the number 1, 2, 3. I am wrong to assume that then I wouldn’t be having this problem anymore?

Would that be a very difficult change?

That is assuming that it is this widget call that is causing the mixup between the page call from widget & the ID call from your plugin. Or it could be from the slider which also uses ID’s like 1, 2, 3, 4 etc

I suspect the slider since you have so many coming in. Best way to fix this probably, (although I hate to recommend this because you’ll lose it on the next update) is to change the name of the variable. You can do this by making a couple of edits:

First, in participants-database.php line 1953 find:

wp_redirect($_POST['thanks_page'] . $conj . 'id=' . $_POST['id']);

Change that to:

wp_redirect($_POST['thanks_page'] . $conj . 'pdbid=' . $_POST['id']);

See: we just changes the name of the variable from ‘id’ to ‘pdbid’ which we can assume is not conflicted. Now, in the file classes/PDb_Signup.class.php on line 88 find:

if ( isset( $_GET['id'] ) ) {

      $this->participant_id = $_GET['id'];

We replace the name of the id with the new name like this:

if ( isset( $_GET['pdbid'] ) ) {

      $this->participant_id = $_GET['pdbid'];

That’s it. In the next update, it won’t work like this, but there is a way to customize the name of that variable in case there is a conflict, such as with your website. You’ll have to make that change when you update the plugin.

K thanks, will have my coder try it… I agree this fix isn’t perfect because of updates but something has to be done… I have to reset this plugin for emails to go to owner of site, not to me, but he couldn’t handle the flood of emails so until it’s fixed I’m the one getting them. Not very useful to my client lol.

I do appreciate your help tremendously… and I do really love this plugin..

Thanks! I’ll let you know if the fix works.. I suspect it will ??