Hey all - I have a question for you, and this one is for a paid client that I'm designing for. (Just wanted to make that clear up front, I am getting paid for this one.)
This client has a daily radio show that generates quite a few questions and interest in his blog. He's revamping his site right now, and he wants to add a WordPress installation that he calls the "Listener Blog". What he *wants* is scary to me, but I'm trying to figure out a way to give him what he wants without compromising his server and site safety.
So, what he wants is a blog where people can subscribe, login in, and have the ability to write posts and upload files. To me, that's terrifying - he wants the *general public* to have this access. So anyone who subscribes would be given immediate "author" status. I've explained the risks of that, alone, and that if he *seriously* wants to do this, he's going to need some kind of full-time moderator to be sure stuff doesn't get compromised.
I don't think he wants to spend the money to go that route, but he still wants this stuff to happen. I'm fairly familiar with the "Role Manager" plugin, and I planned to use that to help with these issues, but I was wondering if there were any other plugins out there that would ...I don't quite know how to put this. I know I can make posts be forced into moderation, so that *anyone* who writes a post has to have it approved by the admin before it's made public. I can't remember if Role Manager does this or not, or if WordPress itself has an option for this. So if someone can refresh my memory on that, I'd appreciate it (and if they don't, what plugin *does* do it?).
But the files are what scare me the most. Worst-case scenario, I can see some jerk uploading a virus or something that'll tear through the server while everyone's sleeping, and by the time the moderator gets to it, it's way too late. So I was wondering if there's some kind of "queue" system/plugin? Probably not, I guess, because the files would have to be uploaded to the server. But I'm kind of thinking like, when someone makes a post and uploads an image, that when WordPress sends it to moderation it would send an attached file to the moderator, rather than saving it to the server. Then if the mod deems it appropriate for the site, they can upload it themselves or something. At least then, then damage would be restricted to the mod.
I don't know if I'm nuts, but I'm just trying to see if there's a way to give this guy what he wants. I think the *posting* part I can handle, but the file thing just makes me queasy. So if anyone has any ideas, workarounds, or experience with this kind of thing, I'd appreciate some advice on how to handle it. (I've already tried talking him out of it, but he really wants this.) I'm even going so far as to ponder the possibility of having some kind of separate form in the posting area that would use the mail() function - you could post the text, but the form for uploading images would email the image directly to the mod - I guess that's a possibility, and I could restrict filetypes...Is there anything out there like that?