Table of Contents

Event Registration Configuration

Many topics could eventually be covered here. Add them as they appear.

Relevant Wild Apricot help pages

  1. To understand Wild Apricot's registration pages and Ticket Types, you should read these help pages:
  2. Event registration process
  3. Advanced events — Ticket types & settings tab
  4. Setting up an advanced event
  5. Registering and paying for others

About Ticket Types intended for use by FSGW members

How Wild Apricot handles Member-restricted Ticket Types

  1. By the rules in Wild Apricot's software, Member-restricted Ticket Types are for use by current members. This includes members shown as “Pending Renewal” but not yet past their renewal date. It does not include “Pending Renewal” members who are PAST their renewal date, or “Pending New” members who have not yet paid, or Lapsed or Suspended members.
    • Their Event registration process help page says: Members-only ticket types are not available to lapsed or overdue members, or to new members with a Pending status.
  2. Having the word “member” in the Ticket Type Name or Description does not make it Member-restricted. The Ticket Type's Availability must be set to “Members only” and 1 or more Membership Levels selected (for FSGW it should be “Life Member” and “Regular Member”).
  3. There is one way that Wild Apricot's software does NOT behave as documented about Member-restricted Ticket Types. Thankfully, this difference makes using Member-restricted Ticket Types easier than is documented. Here is how it works:
    1. Wild Apricot's documentation reads as if you must be logged in as a member to use a Member-restricted Ticket Type.
      • Their Advanced events — Ticket types & settings tab help page says: Depending on whether they are logged on or not, some member-only ticket types may not be available. If they are not logged in, but their email is stored in your contact database, they will be prompted to log in.
      • When you start a registration not logged in but using a contact email address, it displays this message in a box with a “Login” button: “Your email is already in our database. You can log in to auto-fill your contact information – and enable any member-only ticket types – or proceed with the registration without logging in.” This also suggests that you must be logged in to use a Member-restricted Ticket Type. However, if the email address is for a member, then any member-restricted ticket type is already select-able without you being logged in, which contradicts that if you notice the Ticket Type is select-able.
      • When you start a registration not logged in and using a non-contact email address, it displays this message in a box with an “Apply for membership” button: “Note: some ticket types are only available for members.
    2. So the reality is that to use a Member-restricted Ticket Type you only need to enter a current member's email address when you start the registration, then at the next step Wild Apricot will let you choose a Member-restricted Ticket Type even though you have not logged in.
    3. Note that a contact must be logged in to have it automatically fill in their contact information for the registration, or to use their stored credit card to pay.
    4. But when not logged in, they can register with a Member-restricted Ticket Type by filling in the registration information by hand, and can pay for it if they supply a credit card. The resulting registration and payment will be recorded as if made by the member whose email address was used, despite no login.
    5. However, the registration email address will be the members email address, which is what allowed the use of a Member-restricted Ticket Type in the first place. Thus, the member will receive all the email(s) about the registration(s), making it clear that it happened.
    6. This behavior causes several security vulnerabilities in Wild Apricot. Note that ALL Wild Apricot-based websites have these 2 security vulnerabilities. Since Wild Apricot is widely used, it's less unlikely than you might first guess that someone expend the effect to exploit these vulnerabilities,
      • First, someone could use this behavior to discover if an email address is a contact, or if it is a member.
      • Second, someone who knows a contacts email address can create registrations as if them, despite not knowing the contacts password, and there is no record of who actually did it. Registrations created while not logged in can easily use any name, since Wild Apricot does not require that the registration name or the the payer name be the same as the members contact name. Likewise for the address.
      • Thankfully, the name or address entered for a registration does not replace existing contact information, only exists in that registration.

How FSGW handles member ticket types

  1. When FSGW started using Wild Apricot in 2018, they chose to use the “Honor System” for member Ticket Types, where they were not made member-restricted. The 2 main reasons for this, to Will's recollection, were:
    1. The expectation that a significant number of members, especially older members, would not login to the FSGW web site. So if we wanted those members to use member ticket types when registering online, we could not require login for that.
      • We believed from Wild Apricot's documentation that login really was required to use a Member-restricted Ticket Type. Will cannot recall if we tested that belief, and if we tested it, whether the undocumented behavior described here existed at that time. Will only discovered this undocumented behavior while testing for the impact of the May 21, 2025 change to use a Member-restricted Ticket Type for weekly ECD.
    2. A desire to help leave behind the bad reputation of the previous (MON-based) FSGW web site, by making it easier to register for events online.
  2. Starting with the May 21, 2025 dance, the weekly English Country Dance registration was changed to use a Member-restricted Ticket Type for members.
    1. Mo Brachfeld made this change, following direction from Lynn Baumeister.
    2. Will does not recall any user support issues when this change happened, indeed he did not notice that it had happened until July 4.
    3. It's puzzling to Will that a significant change like this was made without any announcement inside or outside FSGW.
  3. What would the impact be on weekly ECD registration if Wild Apricot now made their online registration work as it is documented, by requiring a login to use a Member-restricted Ticket Type? Ditto for other events now using member-restricted Ticket Types, like Contrastock 13.
    1. It is common for FSGW members to register without logging in, by using their member email address, even though they could login.
      1. Wild Apricot's poorly designed registration User Interface encourages this behavior. This part of their registration UI has been like this at least since 2018. Based on that, it seems unlikely to improve any time soon.
      2. Will has seen many FSGW event registrations by members where the registration information differs from their contact information, showing that they were not logged in to cause the registration information to automatically be filled in from their contact.
      3. Will routinely sees event registrations by members, but that happened weeks to months after the last login by that member, which strongly indicates that the member did not login to register.
    2. All the members who currently register using a Member-restricted Ticket Type without logging in, would now have to login to register with that Member-restricted Ticket Type.