The latest updates to RSVPMaker were inspired in part by this post on the WordPress.org support forum for the plugin.
Users within my organization tend to forget that they’ve registered for an event and wind up RSVP’ing multiple times. How can I restrict duplicate entries with an error message that says that they’ve already RSVP’d to an event?
A user can follow the link in that prompt to update their previous registration, if necessary. Or they may just need to be reminded that a registration for them is already on file.
This mechanism is actually a fallback. The standard email confirmation message includes an Update RSVP link users can follow to update their record. However, that only works if they go back and find the confirmation message.
Similarly, when you invite people using the MailChimp integration, their email address is embedded in the RSVP Now button. The idea there was always to save them some typing by looking up profile data from any previous RSVPs so they would not have to type it in again. (In the process of updating this code, I fixed a few bugs that were preventing this process from working properly).
If someone responds to the invitation, forgetting that they previously registered, RSVPMaker will ask them if they want to update their previous response. Similarly, if RSVPMaker detects a cookie associated with a previous response to the same event, it asks if they want to update that response rather than entering a new one.
What is the scenario where the user would NOT want to update the previous RSVP? There are scenarios where the user wants to enter multiple independent RSVPs under the same email address. Maybe an administrative assistant is registering several executives but wants all the confirmations to come to his or her email address. Another example is a couple that shares an email address, where the husband’s RSVP should not overwrite the wife’s or vice versa. My preference would be that one person enter an RSVP with one or more other people indicated as guests, but it doesn’t always work that way in practice.
There are a few potential security concerns with this scenario. The high security option would be to require users to login with a password before completing the RSVP form, and their identity would be tied to that login. RSVPMaker supports making logins required, but in many cases the more important goal is to make it as easy as possible for people to register without having a pre-assigned password.
If any information gathered on the form is sensitive, I recommend tagging it as private. You can see that with the tagging of the phone # and related fields in the default form:
[rsvpfield textfield="phone" guestfield="0" private="1" ]
The form builder utility (the popup you get when you click the “Generate form” button) also allows you to mark fields as private. If data has been recorded for that field, the message “Private data on file” is displayed instead of the private content. In other words, this prevents people from using your email address to look up your phone number or other information designated as private.
However, a mischievous or malicious user could use the lookup by email function to alter someone else’s RSVP response. I haven’t seen this be a problem, but it’s not impossible.
In the AJAX-powered email lookup example shown above, the data entry field for email appears before those for first and last name. The idea is to get them to enter their email address first. If we match it to a record, we want to do that before they have reentered a lot of the same information.
I’ve made this the new default form layout for new users, but established users of RSVPMaker may need to tweak their RSVP form code. The form builder now includes an option to specify that the email field should come first.