Image courtesy of Stuart Miles / FreeDigitalPhotos.net
This is basically a repeat of what I posted on the tech blog, but there are some changes being made to the poll plugin on this site as well.
Well WP-Poll served well for quite some time, although it occasionally had some quirks. It never really did like the sidebars on themes, or at least the 3 column themes seemed to confuse it too much. Worse, the fact that it is AJAX meant on a hardened site that a user that wasn’t logged in could not vote, so the combination of the two really just made it all confusing and frustrating. It looks like it is time for a replacement.
For WP-Poll, I see no workaround for the column issue, and it is even worse that it doesn’t try to display an error. Even if I did find a workaround for that, the whole sidebar thing has almost gotten it scrapped to begin with. So, I tried out a couple of others. The reviews I initially saw of YOP Poll didn’t look all that exciting, but those reviews were quite old. I saw the ratings (4.9 out of 5 stars) and decided to give it a try. This really does look like it will do the job!
I tried it out locally, and even with the permissions set on wp-admin, it at least popped up an error box when I was not logged in. More technical details later on how I was able to modify the error boxes under the two conditions needed to prompt the user to login first.
It actually has another advantage. I’ve long considered that sometimes perhaps the answers I give to choose from might not be complete. YOP Poll allows users to add answers themselves, which I can see as a big advantage. Of course, this could lead to poll poisoning, but since they would have to be logged in, it is trivial enough to block their IP addresses.
There is also another feature I might take some time to play around with. Rather than simply posting that there is a new poll up, YOP Poll allows the poll to be embedded within a page (I assume a post would work as well). So, instead of saying there is a poll, I could actually display it within the post presumably. Also, poll results could be posted in another post after the poll was closed out. These are not my major concerns, and I did not test them, but they could be useful.
The biggest disadvantage is that all previous polls will be removed. Honestly, though, they are probably only as good as the timeframe within which they were given, as things in this world change so rapidly.
When will this take place? There’s no time like the present! Expect changes to start rolling out today. I will put up the default poll so you can play with it and get the idea on the look and feel.
AJAX and Logging In
First of all, I don’t understand the entire layout of the AJAX piece of the WordPress puzzle. All of the security experts advise protecting the wp-admin directory, but then all AJAX actions break. Why is it even in there in the first place? If there truly is nowhere else to put it, then why is it assumed that normal users or even nonusers would be running it?
Still, that is the limitation that has to be dealt with for now. Unfortunately, it is the case where YOP Poll presents a rather generic box. I discovered, though, that there were several similarly worded errors in a JavaScript file. By changing two lines of yop-poll-public.js, I was able to handle both the vote and view results cases by asking if they had logged in yet:
197c197
< alert('An error has occured!');
---
> alert('An error has occured! Did you login yet?');
336c336
< alert('An error has occured!');
---
> alert('An error has occured! Did you login yet?');
The problem with doing this, obviously, is that any updates to the plugin are likely to overwrite these changes, so they will have to be carefully vetted and managed (and an emergency copy of the file kept around just in case).
Until something changes, however, this is a reasonably small change to accommodate the functionality.
Once this is rolled out, and I have verified that it is working like I intend it to work, I will contact YOP to provide feedback.