Use this forum to help each other on the Freebies offered at luiszuno.com.
NOVA THEME - how to call for contact form
  • seito
    Hy! I have some problems with contact form in NOVA WP template.

    I tried to put it on static page by simply coping HTML from my already tested and working HTML version of this page. But in WordPress it doesn't work. Then I also saw there is special section already in template administrative panel to set parameters for contact form...

    Should I use some SHORT CODE or something to call for contact form? How does this work?

    Thank you in advance! Any advice and help much appreciated!
  • h84ed
    Hi Seito. The familiar contact form from your HTML version of the site has been very conveniently integrated with this Wordpress theme.

    To use the contact form, or to have a "contact page" - create a new page from your dashboard and select the template "contact page" on the right of the screen. You can call it "Contact" but I imagine it could equally be called anything else and still have the same effect.

    This "Contact page" template, along with the "Front page" template are PHP page templates that output HTML in the same way you see in the HTML site. The Contact page theme options you see in the WP dashboard determine some variables of the final contact page - including success and error message wording, and options to configure a Google Map using their API instead of a dull static image.

    Hope this helps and isn't too much of an unnecessarily long answer.
  • seito
    Hi! Thank you for a fast replay! Now, when looking back I see how stupid this question was :)! Actually only thing I had wrong was reference to form-validation.js.

    But there are some more issues here now. And one is critical! Can you please help me with some guidance here too:
    - I adapted nova theme a little bit to suit my needs. I add couple of panels/pages in Nova Settings menu (added new *.php files in admin folder) and now to my problem! When someone subscribe to my blog (User role Subscriber), he can not only access his profile settings but also ALL Nova theme settings!
    Now, that is a BIG PROBLEM! Since anybody can change my website by his will (graphics, text, anything that is accessed from Nova settings administration board). And interesting is that not only one can access pages I added, but all the pages.

    Where are settings/functions or something for user role access hiding? Should I look in wp-config or somewhere else? Should I add any reference in functions.php for pages I added to Nova settings administration panel? Is maybe problem again in referencing path to some "check-user-role-and-apply-access-privileges.js/php" file?

    Thank you!
  • seito
    OK, resolved! I think this is a BIG security risk and so I will post a solution here if someone will need it in future.

    Problem is in function.php. At the end of file there is a call for Nova option panel:


    #--------------------------------------------------------------------
    #
    # OPTIONS PANEL
    #
    #--------------------------------------------------------------------

    function themeoptions_admin_menu(){
    // menu
    add_menu_page('nova', __('Nova Settings','nova'), 'read', 'ansimuz-menu', 'load_edit_page', get_template_directory_uri() .'/admin/img/bag32.png');
    add_submenu_page( 'ansimuz-menu', __('General settings','nova'), __('General settings','nova'), 'read', 'ansimuz-menu', 'load_edit_page');
    add_submenu_page( 'ansimuz-menu', __('Appearance','nova'), __('Appearance','nova'), 'read', 'appearance', 'load_edit_page');
    add_submenu_page( 'ansimuz-menu', __('Front page','nova'), __('Front page','nova'), 'read', 'front', 'load_edit_page');
    add_submenu_page( 'ansimuz-menu', __('SEO','nova'), __('SEO','nova'), 'read', 'seo', 'load_edit_page');
    add_submenu_page( 'ansimuz-menu', __('Slider','nova'), __('Slider','nova'), 'read', 'slider', 'load_edit_page');
    add_submenu_page( 'ansimuz-menu', __('Social networks','nova'), __('Social networks','nova'), 'read', 'social', 'load_edit_page');
    add_submenu_page( 'ansimuz-menu', __('Contact','nova'), __('Contact','nova'), 'read', 'contact', 'load_edit_page');
    }


    Problem is in third parameter which is capability parameter and is set to 'read'. So anybody with subscriber role or higher can access your theme settings, like text on front page, slider photos, logo, contact form ... NOT GOOD if you have your blog set to ''anybody can subscribe''.

    I recommend developer to change that for future users and if you have this ''anybody can subscribe'' set up change it yourself (I recommend 'edit_theme_options').

    Also welcome to check what I did out of Nova template here:
    http://www.anteros.eu

    Now you can subscribe, even if you have devious plans ;)...
Add a Comment