WordPress admin_post not working

  • Hi

    I have the following code for my plugin. However it works as it should when I am logged in but when I am not logged in submitting the form takes me to a WP admin “Not Available” screen.

    How come and what can I do to fix this?

    <?php
    /*
    Plugin Name: Subscriber Check
    Version: 1.0
    Author: Shivam Paw
    Author URI: https://www.shivampaw.com
    Text Domain: subscriber-check
    Domain Path: /languages
    Description: Plugin that means a viewer must enter the email address for mailpoet to see content.
    */

    if (!session_id()) {
        session_start();
    }
    function subscriber_check_shortcode( $atts, $content = null ) {
    	if($_SESSION["subscriber_check"] == true){
    		return $content;
    	}else{
    		$message = "<p>Please enter the email you used when subscribing to our site to view this page. Once verified you will be able to access this page until you close your browser.</p>";

    		$error = "";
    		if( basename($_SERVER['REQUEST_URI']) == "?error"){
    			$error .= "<p style='color:red;'>The email you entered was not found. Please make sure you have confirmed your subscription. You must enter the email address you used when subscribing. If you can't remember the email then please re-subscribe.</p>";
    		}

    		$form = '
    		<form method="post" action="'.get_admin_url().'admin-post.php" id="subscriber_check_form">
    			<p>
    				<input type="hidden" name="action" value="submit-form-subscriber">
    				<input type="email" name="subscriber_check_email" id="subscriber_check_email" placeholder="Enter Your Email">
    				<input type="submit" name="subscriber_check_submit" id="subscriber_check_submit" value="Verify">
    			</p>
    		</form>
    		';
    		return $message.$error.$form;
    	}
    }
    add_shortcode( 'subscriber_check', 'subscriber_check_shortcode' );

    add_action('admin_post_submit-form-subscriber', '_handle_form_action'); // If the user is logged in
    add_action('admin_post_nopriv_submit-form-subscriber', '_handle_form_action'); // If the user in not logged in

    function _handle_form_action(){
    	if($_POST["subscriber_check_email"]){
    		global $wpdb;
    		$sql = $wpdb->prepare( "SELECT * FROM 2proiTFuxs_wysija_user WHERE email=%s AND confirmed_at IS NOT NULL",$_POST["subscriber_check_email"]);
    		$results = $wpdb->get_results( $sql);
    		$rows = $wpdb->num_rows;
    		if($rows != 0){
    			$_SESSION["subscriber_check"] = true;
    			header('Location: /free-downloads');
    		}else{
    			header('Location: /free-downloads/?error');
    		}
    	}
    }
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    It sounds to me like a security plugin is intervening. Or maybe server level security like mod-security? I’ve not had trouble with accessing admin-post.php when not logged in, but I have no additional security installed. Check file permissions too.

    The security either needs to be disabled or an exception added if possible.

    NuEngine Technologies

    (@nuengine-technologies)

    Use admin_post while submitting a form in wp-admin area;

    admin_post_* works well when user is logged in and has admin access, admin_post_nopriv_* is for guest users.

    But when you want to submit form in front end (for logged or non logged in users)

    You should use wp_ajax_* and wp_ajax_nopriv_* hooks, It works exactly same as admin_post.

    You will also need to change your form action to admin_url('admin-ajax.php') which is /wp-admin/admin-ajax.php wp_ajax is used for ajax form submission but you can also use it for normal form submissions.

    While doing normal form submission please also remember to redirect page at the end of your function. Avoid using PHP header function use wp_redirect instead.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WordPress admin_post not working’ is closed to new replies.

Tags