Home › Forums › Ticket Products › Community Tickets › QR Code Scanner
- This topic has 44 replies, 5 voices, and was last updated 6 years, 8 months ago by Chris.
-
AuthorPosts
-
April 10, 2017 at 7:17 am #1267590ChrisParticipant
Hello,
I have a concern with the method used for QR code scanners for ticket validation. I understand, based on other submitted tickets that 1) Any QR code scanner works; QuickMark is mentioned 2) One must be logged into the the phones browser or the browser withing the scanner 3) One must have an editor role or “edit_post” and “read” access in their role 4) Tickets can be validated without the QR code by using the attendees list.
So far, I have had no issues with being able to scan QR codes with these guidelines, however, it is not secure due to the users being able to access the WordPress dashboard and view all event information. The goal for my website is to allow all users to create and sell tickets for events but a huge part of making this service the best for my users involves being able to quickly scan guest tickets but also maintain the integrity of their information (sales, attendee count, etc.).
I have already tried to use User Role Editor to allow and disallow permission but because the essential permission (edit_post) is checked, I cannot seem to work around this issue.
Please let me know if you need any more details or information so that we can find the best solution for this problem.
April 12, 2017 at 12:14 pm #1269066ChrisParticipantCan someone please reply to this ticket or let me know if you are looking further for a solution?
April 13, 2017 at 12:25 pm #1269674NicoMemberHi Chris,
Thanks for reaching out to us on this! I can help you here…
As you say, this is the way it works right now. Your concern (let me know if I’m getting this right) is that users should only see their events information in the backend? Or you prefer for them just to not be able to be in the back-end at all? Maybe it’s a possible solution to make a redirect from the checkin page in the admin to their Community profile in the ‘front-end’ of the site? If that’s the case let me know and I’ll try to make a snippet for it.
Please let me know about it,
Best,
NicoApril 14, 2017 at 9:03 am #1270012ChrisParticipantYes. The ability to access the back-end (where they can view other users’ events) due to Editor role permissions having to be enabled is the issue. If we could disable their ability to view the back-end but still be able to validate tickets for their own events, my problem will be solved.
April 19, 2017 at 8:07 am #1271622ChrisParticipantI have attempted to use plugins which disable the dashboard for non-admin users, however, the validation does not work for editors even when the [edit_post] permission is active.
April 20, 2017 at 12:29 pm #1272351ChrisParticipantThis reply is private.
April 24, 2017 at 6:55 am #1273373NicoMemberThis reply is private.
April 24, 2017 at 7:05 pm #1273811NicoMemberThis reply is private.
April 25, 2017 at 5:19 am #1273953ChrisParticipantThis reply is private.
April 28, 2017 at 2:49 pm #1276077NicoMemberThis reply is private.
April 29, 2017 at 5:38 am #1276241DirkParticipantHi guys,
We’ve been having exactly the same problems. We had to disable QR codes (which is a awesome feature) simply because we use community tickets and don’t want all the organizers to enter the wordpress backend.
Al lot of the replies were private, but I’m very interested if there is a solution!
Cheers,
dirkApril 29, 2017 at 8:13 am #1276269ChrisParticipantThis reply is private.
April 29, 2017 at 8:19 am #1276271ChrisParticipantHello Dirk. Unfortunately, the issue has not been resolved yet although Nico is helping me out a lot. I hope that this is something that will soon be added to the function of the plugin as it seems more like a loophole in the software and not something that must be fixed through customization. It may have just been overlooked in development or limited by user roles and permissions. The support is limited so now I’m trying to ask yes or no questions so that I can get some help. If you have any experience with codes or think of possible ways to counter the problem, please ask so that maybe we can all find a solution together.
May 3, 2017 at 7:29 am #1277975ChrisParticipantI have been thinking of other solutions to temporarily bypass this issue. Is there a way to automatically export the customer codes, or the pages that have to be validated, to a database that a qr scanner can reference without the need for someone to be logged in? Only those who have the account with the database will be able to validate. This makes it so that information is not compromised even with all event codes in the database being seen by everyone.
May 3, 2017 at 7:33 am #1277976ChrisParticipantI am not asking that anyone on the team create this. I would just like to know if this is something that is possible since the solution would have to retrieve info from your software and you are possible more aware of what databases are capable of doing.
Maybe, this could even be a separate add-on. One that creates a database from event codes (or whatever information the QR Code references) and make it so that [edit_post] permissions are no longer needed to validate an event. The ticket seller would still have the manual option by accessing their own account, but the QR code scanning option would not compromise security since the add-on closes that gap by working internally.
- This reply was modified 6 years, 11 months ago by Chris. Reason: I thought of a great add-on suggestion
-
AuthorPosts
- The topic ‘QR Code Scanner’ is closed to new replies.