WordPress.org

Ready to get started?Download WordPress

Forums

WP-CRM - Customer Relations Management for WordPress
delete admin without confirmation kil (6 posts)

  1. bren
    Member
    Posted 2 years ago #

    [Plugin: WP-CRM - Customer Relations Management for WordPress] delete admin without confirmation kill/404 your site in a swipe]

    I just installed your plugin via my iPhone and had the misfortune to delete admin when attempting to delete a test message sent via the shortcode forms.

    1 - why oh why do you have the abiliity to delete a user next the the delete message button
    2 - deletion of anything without confirmation is not only unnacceptable it's downright unprofessional
    3 - deletion of site admin is possible? come on...

    I dropped and restored the users and usermeta tables to get back in but my site is now reduced to a rendered but 404 no show site.

    I was able to get a blank site to show by going into privacy settings and hiding from then showing to the www search engines included.
    But posts/pages are still hiding.

    Just what exactly did you delete from my database when you deleted admin?

    Looks like the plugin has potential but until you put the kill pill on the top shelf out of harms way its not worthy of public release.

    http://wordpress.org/extend/plugins/wp-crm/

  2. bren
    Member
    Posted 2 years ago #

    well I had to do a complete database restore...

    pity the fool who uses this plugin for any realworld applications

    harsh words yes - but little did I know that deleting user 'admin' would delete all his image uploads as well.

    I shudder to begin what the paid/extended version of this tool does

    please do tell, what else do I have to check up on?

    Beta testing has never been so much fun ;o/

  3. Mandy
    Member
    Posted 2 years ago #

    pity the the fool who clicks 'Trash Message and USER' and then is shocked by the results...

    i'm new to this but i think anything with a version number less than 1 implies beta?

  4. bren
    Member
    Posted 2 years ago #

    oh it's a beta for sure, a public beta (a big difference to that and a private beta)

    for a public beta this is pushing the envelope when you are allowed to not only delete user data without confirmation but delete all that user's data (posts/comments/uploaded non database content such as images etc) without a confirmation before committing and no ability to roll back after pulling the trigger.

    and the fact that admin can delete himself and all his settings from the DB is definately not public beta ready.

    let's not forget that this plugin is supposed to be a customer relations (support) plugin.
    until they remove the database kill switch it's not worthy of any realworld (public beta) applications.

    don't get me wrong - looks like its going to be a great plugin - but lets remove the kill switch before we go public - I wouldn't release a car for public beta if the brakes didn't work - a private beta in closed circles where people are briefed about the brakes not working is fine.

    pitty the fool who doesn't know who Mr. T is (tounge in cheek) and that a beta without feedback is not a beta ;oP

  5. Andy Potanin
    Member
    Plugin Author

    Posted 2 years ago #

    bren -

    You are right, and sorry about that. Perhaps we jumped the gun on the "public" release, but we didn't have enough resources to conduct a more thorough QC at the time (we hired a full-time QC tester last week), but had a lot of requests from our customers us to release the plugin into the WP repository, for which I apologize.

    To answer your questions.

    1. We set up the trash message and user function to make it easy to get rid of spam message and users. Since WP-CRM creates a user account for every person who submits a message, it's important to be able to delete the user account easily when reviewing messages, in case they are spam, or whatever. We tried to streamline the process as much as possible. However, this has been fixed in the latest release by disallowing deletion of users who were not created via a contact form, and those who have been in the system for over 3 days.

    2. We added a confirmation to the deletion to be more professional - via a popup.

    3. We didn't add anything to prevent deletion of site admin since there is no site admin in WordPress, there are various roles, with different capabilities, but there is not a single site admin and defining one (such as user with lowest user ID) would be too subjective.

    As far as deletion of all the posts and pages, WP-CRM doesn't do anything special with that, simply passes arguments to the wp_delete_user() function from the messages screen. When deleting a user from the profile screen, there are additional checks, and a function that copies all the attached objects to the user performing the deletion action, to prevent them from being lost.

  6. bren
    Member
    Posted 2 years ago #

    hey Andy,

    thanks for the follow up!
    good to hear that you have put some safety checks in.

    I'll be checking back to see how this turns out.
    currently I'm hacking my own 'CRM' by hooking shopping cart and messaging plugins together
    maybe your plugin will have a place when we go for version 3 next time

    here's an idea of what we are looking at

    - shop owner can broadcast a message regarding an order
    message who: all account holders who are in Canada
    limit by: open and unshipped (current) orders
    message: CA post office is on strike - your order will be delayed
    - customer/shop owner can message one to one on an order
    subject: "regarding order # ->
    (drop down menu for customers order history)"
    body: textarea input

    currently rolling my own but would welcome whatever you can add on your CRM base

    cheers

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags