Set site-wide operations defaults

This guide is for a Manager (anyone who can open Settings → Operations) or the Primary Owner. You will configure timezone, mail copy defaults, abuse limits, lead statuses, the webhooks master list, satellite intake, and the updates-check base URL the Primary Owner uses from Settings → Admin. Multi-email forward (directory routing: signed staff address from your PHP) is configured per form under Settings → Forms → Configure → Advanced; see Notifications — staff “To” routing. Webhook row details live in Webhooks so this page stays focused on the Operations screen itself.

You load the tab that writes much of wckd-forms/app/config/app.php through the dashboard.

  1. Sign in with a Manager or Primary Owner account.
  2. Open Settings → Operations.

Screenshot. Show the Operations tab header and first sections.

Reports and timestamps follow the zone you store here.

  1. Locate the timezone control (select or text field depending on build).
  2. Choose the zone that matches how your business reads charts.
  3. Save the Operations form.

Staff notifications inherit these values when a form leaves its own subject or signature blank.

  1. Fill the default email subject line.
  2. Fill the email signature block used on staff notifications where implemented.
  3. Save, then send a test submission from a form that relies on defaults.

Intake rejects submissions that match configured substrings or addresses before insert when your rules say so.

  1. Edit Blocked names using the delimiter rules shown beside the field.
  2. Edit Blocked IP addresses in the same section.
  3. Save, then submit from a known-good client to confirm normal traffic still passes.

You set how many submissions from one IP may occur inside the sliding window before further posts are blocked.

  1. Find Max submissions before block and the related time window fields.
  2. Use conservative numbers in production; loosen them on staging if testers share one IP.
  3. Save the Operations form.

Inbox filters, performance widgets, and update_status.php all validate against this list.

  1. Locate the lead status editor (labels and colours).
  2. Align names with the vocabulary your team already uses.
  3. Save, then open Leads and confirm filters still make sense.

Operations stores up to ten HTTPS destinations with per-row toggles; payload shape is fixed in code.

  1. Leave the master Webhooks enabled switch off until each URL is ready.
  2. Add or edit rows following Webhooks for field-by-field detail.
  3. Turn the master switch on and save when every row is tested.

Multi-email forward (directory routing) is not configured on this tab. Enable it per template under Settings → FormsConfigureAdvanced settingsUse multi-email forward, then follow Notifications to mint tokens in PHP. It is separate from department routing (visitor Department field Choices in the form builder).

Satellite POSTs and in-product update checks read different parts of config.

  1. On Settings → Operations, under Satellite forms (WCKD Forms Lite), use the checkbox labelled Allow WCKD Forms Lite (other sites) to POST to this install's intake API.
  2. Edit wckd-forms/app/config/app.php: under operations, set updates_check_base_url to the HTTPS origin that hosts your vendor’s product-updates-check.php (no trailing slash) and set updates_check_endpoint if the default /product-updates-check.php is wrong.
  3. Save Operations when you change satellite intake so app.php is rewritten; the save logic preserves existing updates_check_* keys from the previous file.
  4. Open Settings → Admin as Primary Owner and run Check for updates once to confirm the base URL resolves. When a package is available, use Install update now (after a backup) or follow the manual steps in UPGRADE.md at the repository root.

Note. The vendor shop PHP in this repository is not the same as your installed app; point updates_check_base_url at whichever public host actually serves your licence JSON.

You confirm the dashboard and disk config agree after a save.

  1. Reload Settings → Operations and confirm the values you entered are still present.
  2. Submit a test lead and confirm timestamps use the timezone you expect.
  3. Optional: open wckd-forms/app/config/app.php read-only and spot-check that operations reflects the saved JSON when your workflow allows.
  • Webhooks fire before receivers exist: enable the master switch only after each HTTPS URL returns 200 to a manual test POST.
  • Statuses disappear from filters: rename instead of delete when historical rows still reference the old label.
  • Satellite submissions suddenly 403: satellite intake was disabled while a lite install still posts; re-enable or repoint that site.