QR Code Scanner

Home Forums Ticket Products Community Tickets QR Code Scanner

Viewing 15 posts - 1 through 15 (of 44 total)
  • Author
    Posts
  • #1267590
    Chris
    Participant

    Hello,

    I have a concern with the method used for QR code scanners for ticket validation. I understand, based on other submitted tickets that 1) Any QR code scanner works; QuickMark is mentioned 2) One must be logged into the the phones browser or the browser withing the scanner 3) One must have an editor role or “edit_post” and “read” access in their role 4) Tickets can be validated without the QR code by using the attendees list.

    So far, I have had no issues with being able to scan QR codes with these guidelines, however, it is not secure due to the users being able to access the WordPress dashboard and view all event information. The goal for my website is to allow all users to create and sell tickets for events but a huge part of making this service the best for my users involves being able to quickly scan guest tickets but also maintain the integrity of their information (sales, attendee count, etc.).

    I have already tried to use User Role Editor to allow and disallow permission but because the essential permission (edit_post) is checked, I cannot seem to work around this issue.

    Please let me know if you need any more details or information so that we can find the best solution for this problem.

    #1269066
    Chris
    Participant

    Can someone please reply to this ticket or let me know if you are looking further for a solution?

    #1269674
    Nico
    Member

    Hi Chris,

    Thanks for reaching out to us on this! I can help you here…

    As you say, this is the way it works right now. Your concern (let me know if I’m getting this right) is that users should only see their events information in the backend? Or you prefer for them just to not be able to be in the back-end at all? Maybe it’s a possible solution to make a redirect from the checkin page in the admin to their Community profile in the ‘front-end’ of the site? If that’s the case let me know and I’ll try to make a snippet for it.

    Please let me know about it,
    Best,
    Nico

    #1270012
    Chris
    Participant

    Yes. The ability to access the back-end (where they can view other users’ events) due to Editor role permissions having to be enabled is the issue. If we could disable their ability to view the back-end but still be able to validate tickets for their own events, my problem will be solved.

    #1271622
    Chris
    Participant

    I have attempted to use plugins which disable the dashboard for non-admin users, however, the validation does not work for editors even when the [edit_post] permission is active.

    #1272351
    Chris
    Participant

    This reply is private.

    #1273373
    Nico
    Member

    This reply is private.

    #1273811
    Nico
    Member

    This reply is private.

    #1273953
    Chris
    Participant

    This reply is private.

    #1276077
    Nico
    Member

    This reply is private.

    #1276241
    Dirk
    Participant

    Hi guys,

    We’ve been having exactly the same problems. We had to disable QR codes (which is a awesome feature) simply because we use community tickets and don’t want all the organizers to enter the wordpress backend.

    Al lot of the replies were private, but I’m very interested if there is a solution!

    Cheers,
    dirk

    #1276269
    Chris
    Participant

    This reply is private.

    #1276271
    Chris
    Participant

    Hello Dirk. Unfortunately, the issue has not been resolved yet although Nico is helping me out a lot. I hope that this is something that will soon be added to the function of the plugin as it seems more like a loophole in the software and not something that must be fixed through customization. It may have just been overlooked in development or limited by user roles and permissions. The support is limited so now I’m trying to ask yes or no questions so that I can get some help. If you have any experience with codes or think of possible ways to counter the problem, please ask so that maybe we can all find a solution together.

    #1277975
    Chris
    Participant

    I have been thinking of other solutions to temporarily bypass this issue. Is there a way to automatically export the customer codes, or the pages that have to be validated, to a database that a qr scanner can reference without the need for someone to be logged in? Only those who have the account with the database will be able to validate. This makes it so that information is not compromised even with all event codes in the database being seen by everyone.

    #1277976
    Chris
    Participant

    I am not asking that anyone on the team create this. I would just like to know if this is something that is possible since the solution would have to retrieve info from your software and you are possible more aware of what databases are capable of doing.

    Maybe, this could even be a separate add-on. One that creates a database from event codes (or whatever information the QR Code references) and make it so that [edit_post] permissions are no longer needed to validate an event. The ticket seller would still have the manual option by accessing their own account, but the QR code scanning option would not compromise security since the add-on closes that gap by working internally.

    • This reply was modified 6 years, 11 months ago by Chris. Reason: I thought of a great add-on suggestion
Viewing 15 posts - 1 through 15 (of 44 total)
  • The topic ‘QR Code Scanner’ is closed to new replies.