Support » Plugin: Easy Digital Downloads » EDD Discount code Flaw? (Invalid emails can be used!)

  • Resolved Musicalman


    EDD V. 2.6.6
    EDD – Mail Chimp V 2.5.6

    I am offering certain tracks for free (one per customer with a download limit set)

    This is the process that happens.

    1. Customer clicks on a free track link on my website.
    2. Customer is taken to a subscription page via MailChimp.
    3. Customer subscribes.
    4. Customer receives email to verify subscription.
    6. Customer is then taken to a Mail Chimp campaign that contains the discount code and link to the tracks.
    7. Customer picks a valid track, enters discount code / details and the success page with the appropriate download link appears.

    My concern is the customer can pick another track, enter the same discount code and enter any invalid email and names in the required fields etc i.e. (Email = Name = E Surname = E tick accept terms and conditions and the success page comes up with another download link) With an invalid email I do not know who is getting the free tracks…

    Is there any more secure ways to do this please? (I really want make sure everything is valid and one customer can only download one valid free track)

    Thanks for any advice…

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author mordauk


    The only way to truly limit customers to a single-use is to require that they register an account on your site prior to gaining access to the files. Account creation (or log into an existing) can be enabled on the checkout screen from the Misc settings tab.

    Thanks for the advice Pip, I have implemented this easily.

    My main concern with this process is I think it might confuse the average Internet customer when they click on their confirmation registration email and then they are taken to the http so://mywebsite/wp-admin/profile.php page and see a dashboard with WordPress logos etc.

    Any way to implement this username and password process where they only have to enter their details at the checkout page and nothing else distracts them from my website?


    Plugin Contributor Phil Johnston


    Another thing you could do is put the download links to the song into the confirmation email from MailChimp. That way they only get the links if they actually put in a valid email address. They wouldn’t need to do a checkout process on your site at all after signing up for your email list that way.

    Alternatively, to keep going with the current setup you have, if you want to redesign your WordPress login page, there are ways to do that with custom CSS or other plugins. Here’s a link on the many different ways you could potentially go about making that happen:

    You can also make it so that if a subscriber goes to your their wp-admin profile page they automatically get redirected to another page. This could be a page on the “front end” of your website.

    Here’s another link to get you started on the many different ways that can be done:

    Thanks Phil, a few things to think about here. Don’t think I could put the download links to the song into the confirmation email from MailChimp – because they have a choice of picking one from several free tracks, so I would not know which track they had actually picked until they had placed this free order…hope that makes sense? (Plus I want theses free orders to go through the great EDD system so I can keep tabs etc)


    Hopefully I have resolved my issue.

    I installed plugin ‘Peter’s Login Redirect’ and pointed all subscribers to my cart page.
    On the cart page I also placed the text (login required when track(s) are added to your cart)

    Initially I had some major problems with Peter’s Login Redirect plugin; with it totally making my wp-admin page unable to log into as an admin or subscriber, after deactivating the plugin in my host control panel I was then able to log back into WordPress (reactivate the plugin in control panel) go back to WordPress Dashboard; went to ‘Peter’s Login Redirect’ plugin and choose option ‘Add any URL on the same domain’ under the settings ‘Redirect subscriptions’

    All seems well


    Sorry please take away RESOLVED…

    I have just tested my set up process again, and the flaw still remains…
    A potential customer goes through my steps as stated above for 1 only free track per customer; and then goes to my free tracks page – picks a free track – enters the discount code and then they have to register their personnel info and create an account. (Again they can enter anything here valid or invalid and the success page pops up with the free track link. This means I could have no idea who is downloading the free tracks and they could repeat the process for multiple free tracks.

    (It’s a pity the free download link only went to their valid email address for verification purposes)

    I wanted this to be a easy painless operation for potential customers to obtain a free track to tempt them into sales…but at the moment it’s anything but…

    Any further help appreciated


    Plugin Contributor Phil Johnston


    There really isn’t a way around that. If you send out a non-unique discount code to a user, it can be re-used. Theres nothing that can really be done about that – unless you manually change the discount code given in MailChimp every time it is used.

    This is why I would recommend just putting the free download link directly into the email itself. This will guarantee they only get the download if their email is valid.

    One thing you could do is set up a different list for each song in Mail Chimp and put the signup form for that list onto that song’s page. This way, they can choose which song they want and you get to know which song they picked.

    Thanks Phil,

    I am working on a few ideas for a solution, will report back…


    Just thinking; is there any way to make a free purchase bypass the success page popping up containing the free download link, thus just leaving the download link being sent to the customers valid email address?

    Thanks in advance…

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘EDD Discount code Flaw? (Invalid emails can be used!)’ is closed to new replies.