Hi Wilma,
I can’t really help you too much with the layout of the form…it is up to your theme to make it look good, and if that does not work, you’ll have to change the theme CSS to make it look that way you want.
When you export a CSV, it has to be imported correctly into your spreadsheet program. This is not the fault of the plugin, this is just the way CSV works, it is not a strict standard format.
Yes, the problem with visiting the page with “id=” in the URL is a bug. It is possible to fix the bug, but it is usually not a problem.
If you need to fix it, the fix is in this thread: http://wordpress.org/support/topic/receiving-tons-of-fake-subscription-emails?replies=9
Thread Starter
WilmaW
(@wilmaw)
Thanks. Followed the steps, but still got the problem. This is what I mean: When you go to http://tjoa.biz/imanage/become-a-member/?pdbid=5, I’ll receive an email. So if you f5 the page like 10 times, I receive 10 emails. Also when you go to that url, you can see the message: “Thanks you, Name, for… Ok, I can fix this by removing the persons name in messages, but then I still have the problem that people can abuse the link and spam me. 🙁
Wilma,
Yes, that wil occur even with the fix. All it does is make sure the ID is valid. The question is: is it happening on your site because someone is coming by and doing this? If someone is actually exploiting this, it becomes more urgent.
The plugin has always worked this way, and it hasn’t really been a problem–not that I don’t intend to fix it, but it won’t be until the next major release.
Thread Starter
WilmaW
(@wilmaw)
Okay, thanks for the quick response. The website will be launched somewhere next week, so this is not a problem yet. I hope the students won’t figure out this bug before your update then. They are smart though. Also other study associations might abuse this bug when they figure out. 🙁 When do you think the update will take place? Days, weeks, months?
Well, I’m not to the point of making promises yet, but the timeframe is at least a month. It’s big release.
However, you shouldn’t have trouble with this because there is a time lockout that happens so that for two minutes after the emails are sent, another email for that ID cannot be sent. These situations you’re seeing on that thread have to do with websites that are sending these emails because of automatic processes the site itself is generating…in other words it’s doing it all the time, so eventually the timeout gives out and an email is sent…every two minutes.
In order for someone to exploit this, they would have to go to quite a bit of trouble…they couldn’t just refresh and send an email as you suggest. You can test this yourself if you like.