Participants Database uses a “private id” value as a key for users to edit their own record. The plugin uses a short 5-character code for this purpose, it’s not meant to be airtight security, just something impractical to guess.
Some administrators may want to use a larger term for their install, and it’s possible to do this with a filter. Using the filter “pdb-private_id_length” you can set a new length for your private ids. This length is used when the ID is generated, so any existing IDs will not be affected.
Here is an example of the filter in use:
That file should be uploaded into your plugins directory, then activated in the main Plugin page in the WP admin. You can also download a zip file of the plugin here… then upload and install it on the plugins page using “add plugin.”
Enabling Larger Values
To use lengths greater than 9 characters, you will need to alter the database. The database sets the datatype of the private_id column as a VARCHAR(9). Using phpMyAdmin (or a similar tool) you can change that length to whatever value you need. This database tool is often found in the hosting control panel.
You will need to make sure you are editing the correct database (many sites will have more than one) and then find the table. In most installs the table will be named wp_participants_database, although the prefix may be different for you. Go to the “structure” tab for the table and find the “private_id” column. You can change the datatype there, you really only need to change the value that follows the VARCHAR.
This would require that there be some way for the user to get the new code, so it’s not clear that this would be more secure. Given the skills, you could extend the security of the plugin in this way with some custom code, the plugin API gives you ways to do this.
We have a plugin Participant Login, that does implement this feature. It works because the user has a password-type login that is independent of the private ID code, so the private link becomes the login recovery method.
Is it possible to have the private id change after each use of the private link.
It seems that would be more secure in case the email with the link in intercepted.
I maybe looking in the wrong spot here. I am using a different form builder (Contact Form 7) to add records to the participates database rather than the built-in one as it had some needed features for my project. However, I do not know hoe to generate the private id for each record I add via the functions.php. Could you point me in the right direction?
There is a public method you can use to generate a unique private ID: Participants_Db::generate_pid()
Ok thankyou. I understand how to make changes to variables in phpMyAdmin and will go ahead and do this. I thought from the post, that I only needed to do this, To use lengths greater than 9 characters. I simply installed the plugin and thought I would get 9 characters, but I only got 6.
I used this filter :
add_filter(‘pdb-private_id_is_read_only’, function () { return false;});
so that I could edit the private_id from the front end. I can not seem to find the post that I found this information in. It doesn’t work once I have activated the plugin – Participants Database Set Private ID Length
The reason that I wanted to be able to edit the private_id after creation, was to prevent the subscribers access to their record, once they have completed it. So my idea was to change the last character to an X. I thought that if I had a longer length private_id, there would be less chance of generating a duplicate, if I needed to change the private_id back at any point to allow the subscriber access to edit their record.
Some older installs of the plugin had this database field size at 6 characters.
So, what’s happening is the field is strictly validated to prevent tampering, so if you have the length set at 6 characters, you can only save a 6-character value in that field. So, this means your plan won’t work as it is.
However there is another way to do this that might be easier: using the “approved” field to allow editing or not. You can set up a filter that will prevent the record from getting updated by the user:
I downloaded and activated this plugin, but the private id length only came to 6 characters, not 9.
Also, I had added the ‘fix’ to allow editing of the private id, so that I could change it, when a record was complete, so that a subscriber could no longer use their private id link, but the plugin caused the ‘fix’ to be overridden.
I would like to be able to add a special character to the private id to effectively lock it to subscribers when they have completed their record. Is there a way to do this please?
Hi Karen, you will need to take a look at your database directly to adjust the maximum length of your value. This is explained in this post. As to making the value editable…I don’t know what code you are using, so I can’t comment, but generally they would be independent of each other.