Skip to content

WP / Woocommerce Mystery

Solved Configure
  • Any more ideas on this? The plugin is running now, just not returning an image?
    The Leonardo AI generation requires two API calls. First to start generating a series of images, and second to fetch the images.
    I can see in console log, no seriesID from first call, so maybe a key issue?

    @phenomlab did you get host login details?

  • @Panda I did yes, but not had any free time to look yet. Will have a look either later this afternoon / evening, or tomorrow morning.

  • @Panda @papillon121 Ok. I think I have this working now - can you verify?

    image.png

    82a739a7-3d54-4c16-afcb-b84b87d23616-image.png

    There in fact wasn’t two plugins, but the a copy of the plugin’s main configuration file was in the same directory meaning WordPress will see it and list it twice. The erroneous file has been renamed to .old to stop WordPress reading it.

  • @phenomlab Great. Its working most of time for me now.
    Its always been a bit flakey.

    Can you just explain for me what these config files are. Why would there have been two?

    On another topic, Papillon does prefer Shopify, but it did seem more complicated to try it there. Shopify uses a template language for custom js, its rather like Nodebb’s template language actually!
    @phenomlab have you any Shopify experience?
    Shopify has more restrictive rules, in what you can add, thats why WooCommerce was used for this test

  • @Panda @papillon121 Did this script ever work properly? Looking at it, there are two components.

    1. A PHP script that collects values from the page
    2. A JS script for processing via AJAX

    This is standard behaviour for processing remote data requests via json but I’d frankly be amazed if this ever worked properly without a user being logged in. There are functions such as the below

    add_action('wp_ajax_handle_curl_request', 'handle_curl_request');
    

    This will work if the user is logged in, but if not, then it will never return any data. The entire point of your site is for a visiting user to generate their request, see the response, then decide if they want to purchase it or not. As no data is ever returned from the json request (because it requires an authenticated user), the visitor is likely to think it doesn’t work, and then simply move on.

    Because of this, I’ve changed the above code to be as below (there are actually three of these that need fixing, but including one only for brevity. The code is commented, so you can review for yourself)

    add_action('wp_ajax_handle_curl_request', 'handle_curl_request');
    // Added by Phenomlab - you cannot use wp_ajax as unauthenticated user unless you specifty "nopriv"
    add_action('wp_ajax_nopriv_handle_curl_request', 'handle_curl_request');
    
    

    In addition, the site clearly states that it may take up to 30 seconds for any data to be returned, and yet, the timeout is hardcoded at 10 seconds!

                                    setTimeout(function() { 
                                        $.ajax({
                                            url: my_plugin_ajax.ajaxurl,
                                            type: 'POST',
                                            data: data,
                                            dataType: 'html',
                                            success: function(responseData) {
                                                // Handle the response data here
                                                jQuery('.my-plugin-container .trx_addons_loading').css({"display":"none"});
                                                $('.my-plugin_images_columns_wrap').prepend(responseData);
                                            },
                                            error: function(responseData) {
                                                console.log('AJAX Error' + responseData);
                                            }
                                        });
                                    }, 10000);
    

    This makes no sense whatsoever. The API is remote, and may well take in excess of 30 seconds to return data depending on how busy it is. I have changed this so that it waits for a minute - in my testing, it’s always less than that, but the wording on the page (in the sense of the 30 seconds…) should also be changed as to not set expectations.

                                    setTimeout(function() { 
                                        $.ajax({
                                            url: my_plugin_ajax.ajaxurl,
                                            type: 'POST',
                                            data: data,
                                            dataType: 'html',
                                            success: function(responseData) {
                                                // Handle the response data here
                                                jQuery('.my-plugin-container .trx_addons_loading').css({"display":"none"});
                                                $('.my-plugin_images_columns_wrap').prepend(responseData);
                                            },
                                            error: function(responseData) {
                                                console.log('AJAX Error' + responseData);
                                            }
                                        });
                                    }, 60000);
    

    Clearly, this plugin has been generated in an automated fashion given the references to my-plugin... etc, and to be honest, it’s very poorly written and contains a couple of vulnerabilities where the code response could be intercepted and manipulated in some isolated cases.

    I mostly do not comment on other people’s coding work, but this is some of the worst code I’ve ever seen - mostly because of the API being exposed in the console, which I’ve removed.

    Can you please test it now with both a logged in user, and guest? It should be returning data in both cases.

  • phenomlabundefined phenomlab has marked this topic as unsolved on
  • Oh gosh, I recall 10seconds not being enough, so the setTimeout in front end was set to 30000ms

    I didnt know there was another timing set backend

    Can you explain why that ajax command requires login?

  • @Panda said in WP / Woocommerce Mystery:

    Can you explain why that ajax command requires login?

    Because it is being called as wp_ajax_ which would require an associated logged in account (in WordPress). I’ve added the same functions, but with wp_ajax_nopriv_ so that it will work if the user is not logged in. There should actually be error handling in the code to determine if the request originates from a guest, or a logged in account.

    The fact that it isn’t there is either a lack of knowledge on the code authoring part, or just laziness.

  • @Panda Good. @papillon121 should also confirm it works. Once confirmed, we can set this particular thread as solved (I marked it as unsolved based on the further work needed)

  • @phenomlab
    Hes gone off to a meeting, but others have tested it and its working. So can say solved.

    Just back to my other question, have you ever used Shopify?
    It insists on a templating language to use any custom js.
    Do you think that still permits using 3rd party API calls?

  • Pandaundefined Panda has marked this topic as solved on
  • @Panda said in WP / Woocommerce Mystery:

    Just back to my other question, have you ever used Shopify?
    It insists on a templating language to use any custom js.

    Not personally as never had any need, however, I do know that it uses Liquid for JS templating. It’s written in Ruby and is used to generate dynamic content on shop fronts. There’s zero reason as to why it wouldn’t work with data supplied by 3rd party API’s, although WordPress code won’t natively work for obvious reasons, and as such, this code would need to be re-written.

    The JS part will likely work with minor modification, but not the PHP file in it’s current form.


Did this solution help you?
Did you find the suggested solution useful? Why not buy me a coffee? It's a nice gesture, and a great way to show your appreciation 💗

Related Topics
  • 2 Votes
    11 Posts
    587 Views

    Thanks for your inputs ♥️

  • No valid role attribute on elements

    Solved WordPress
    10
    0 Votes
    10 Posts
    563 Views

    I found it here, ins elements can not have aria elements

  • How to position ads responsively

    Solved WordPress
    13
    3 Votes
    13 Posts
    657 Views

    @phenomlab yes that’s the problem with these J’s, I will try my best , If I find something better I will share. Thanks

  • Flarum - WordPress Journey

    WordPress
    59
    22 Votes
    59 Posts
    5k Views

    @Sala I will likely need admin access to your site for this.

  • NodeBB Mess / Mongo DB

    Solved Configure
    8
    4 Votes
    8 Posts
    438 Views

    @Sampo2910 🙂 You’ll get that error if the .json file isn’t updated for latest release compliance - but you can still install from the CLI by using npm install nodebb-plugin-whateveritis

  • 1 Votes
    2 Posts
    328 Views

    @hari the cache level for woocommerce should always be bypass. Any caching of woocommerce will cause you serious issues and will result in the checkout process not functioning correctly.

    This does mean that the overall experience will be slower (depending on geographic location) although CF is known to cause significant issues hence the need to bypass.

    If you want to cache as much as possible, then set rules to bypass caching on the cart and account pages etc.

  • 1 Votes
    13 Posts
    1k Views

    @phenomlab said in Hardening WordPress - Reducing the attack vector:

    @jac Microsoft’s and Google’s Authenticator both support TOTP - essentially, a time based system that changes every 30 seconds. The main principle here is that the device itself carrying the One Time Passcode only needs to be in sync with the source server in terms of time, and can be completely offline with no internet access.

    Provided the time matches on both devices, the One Time Passcode will be accepted. Applications such as Microsoft Authenticator and Authy also support push notification meaning you just choose either yes or no on your device when prompted, and then that response is sent back to the origin which then determines if access is granted or not.

    One of the best looking password less authentication models was CLEF - sadly, this product died out due to a lack of funding (if I recall correctly) although some open source implementations of this have appeared quite recently.

    Essentially, both products will achieve the same goal. TOTP is an industry standard, and widely accepted across the board. Not all services offer push confirmation.

    Many thanks for the detailed reply mate.

    There’s some great advice in there that will help me secure my accounts.

  • help me configuring cron job for fof/sitemap - flarum

    Solved Configure
    36
    18 Votes
    36 Posts
    2k Views

    you are too fast 😉