ontraport / pilotpress Goto Github PK

When I turn on WP_DEBUG, I get this notice all over my site.
Notice: wpdb::escape is deprecated since version 3.6.0! Use wpdb::prepare() or esc_sql() instead.

I did a search for wpdb->escapse in my /wp-content folder and found 5 instances of $wpdb->escape being used in /pilotpress/pilotpress.php.

I am currently using autoptomize to minify my scripts and it looks like the sessionslap code in ping.php from the pilotPress plugin is being injected into the header before jquery is loaded. Because the minified.js file is being placed in the bottom of the <head>. It is leading to sessions breaking between logins.

Hi, we have been receiving complains from our clients that wordpress send unsolicited password reset mails. After some research, wordpress informed us that it had to be a plugin, in this case Pilotpress.

Below, what they told me:
"The password change email is triggered any time that the wp_update_user() function is called with a user_pass argument. If the plugin is not actually changing the password, then it needs to not update the user with a password field in the arguments array.

This is because whether or not you change the password, even to the same password, the database will be changed. WordPress doesn't know the password, only a hash of it. And the same password can be hashed pretty much an infinite number of ways. So if you send it a user_pass, then it actually is rehashing it and updating the entry in the database.

So, please stop calling wp_update_user() with a user_pass field over and over again. Then no more emails will be sent. Instead, consider checking if the user password has actually changed before trying to change it. You can use the wp_check_password() function for that."

I hope to see this solved soon, everyday we receive complains about this situation.

Kind Regards

On lines https://github.com/Ontraport/PilotPress/blob/master/ppprotect-categories.php#L345-L351 of the code, the method is expecting an array to be passed into the foreach loop. Looking into the database, and what the method does, the table wp_ppprotect is empty on my site causing:

Notice: Trying to get property of non-object in /wp-content/plugins/pilotpress/ppprotect-categories.php on line 344

Warning: Invalid argument supplied for foreach() in /wp-content/plugins/pilotpress/ppprotect-categories.php on line 345

Notice: Trying to get property of non-object in /wp-content/plugins/pilotpress/ppprotect-categories.php on line 358

This is a major issue as it halts the rendering of PHP.

This repo hasn't seen any activity in 2 years.

Should we submit pull requests to fix bugs, or just maintain our own fork?

Ping @arielle-ontraport

Hey there,

we are using PilotPress 2.0.1 and want WordPress to manage the passwords (not Ontraport). So we need to re-sync the passwords to Ontraport. There is already a method for profile_update where the password is given back to the API (by the way in plain text).
See:

But it seems that the password is not stored in Ontraport, because if we use the new password to log in, the API call to authenticate_user returns always false. If we set the password for the user in Ontraport (Memberships > Wordpress subscribers) the API call to authenticate_user returns data as expected.

We already tried to hash the password in the method profile_update to match the behaviour of the hashing in the method user_login, but that does not work. The API call to profile_update seems to work for nickname, so we are speculating that there is something broken with setting the password via the API call to profile_update.

Can you help us? How is it possible to set the password of an WordPress subscriber in Ontraport via the API?

WordPress strips + from plus-addressed email addresses (e.g. [email protected]), causing the username in WordPress to not match up with the username recorded into ONTRAPORT.

As a result, the user/customer can still log into the WordPress site with they're email address, since WordPress allows you to log in with either username or email address, but none of the unlocked membership levels are acknowledged since the username in WordPress no longer matches up with the username in ONTRAPORT.

To confirm my theory, I did the following:

• created an account with a plus-addressed username
• logged in and tried to view some restricted pages
• got the "You do not have sufficient access" message
• manually removed the plus sign from my membership username field in ONTRAPORT
• refreshed the restricted pages, and was able to view them just fine

Here's where WordPress is sanitizing the +:

https://github.com/WordPress/WordPress/blob/0c37fe30ac20264046bed70e10321d6d11f23cef/wp-includes/formatting.php#L2093

As a temporary workaround, I might override the sanitize_user function using a filter hook to allow plus-addressed emails. Is that a workaround you would recommend?

I am getting this error on Cloudways hosting. They replied that "Ping is blocked by us on server level". This is conflicting with tinymce and WordPress editor. Is there a fix/patch available?

Thanks!

Hi! Could you check my http://www.foodwifery.com/login/. Problem is when restart browser users always log out. And after 24 minutes of passive logged out as well...
But wp admin kepps logged in even after restart browser, session expiring and cookies are set at maximum.

Please help!!