I have a client who has a drupal website installation. On the site there is a form that allows unauthorized/anonymous users to submit a request for some official data of which there is a charge.
The problem is when the admin goes in to the website and fills in the some additional fields (used for office processing) the credit card charged again.
Is there a way to provide a save button for admins that does NOT charge? or have it only charge once - if it fails on web then admins can run it via other means.
I'm not sure to exactly understand issue but you can change form with an hook_form_alter : https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_form_alter/7.x
So, it will allow you to modify form before rendering and maybe delete credit card service callback with condition on current user logged.
Something like
function MYMODULENAME_form_alter(&$form, &$form_state, $form_id){
global $user;
if($form_id == 'my_credi_card_form_id' && $user->uid == 1){
//superadmin or use user_has_role function for group of user with permissions
// dump form structure to identify callback and after unset it from form
}
}
Related
Currently building a WordPress intranet site, that authenticates users using Auth.0 SSO, against the company's Azure AD. The SSO functions properly, but I'm trying to get more granular with access control using Auth.0's "rules". The ideal result is a rule that specifies (updates) the user's WP Profile with a user role based on their job title from AD. The code below has been modified from one of Auth.0's rule templates, and runs clean. However, it doesn't work - I'm not sure what particular arguments/functions I need to actually update the role in WordPress. I'll be up-front and admit that I'm far from proficient in JS. Any thoughts?
function (user, context, callback) {
if (user.job_title === 'IT/Marketing Coordinator') {
user.vip = true;
}
callback(null, user, context);
}
In the example above, it successfully sets "user.vip" to "true" (which really doesn't prove much except that the rule executes without error.
this rule, as you said, is fine and will add this attribute.
The issue is that you will need to do something from the wordpress side to make it work (that the user has a vip flag doesn't mean anything to WordPress).
What you can do is hook to the auth0_user_login action that is fired each time a user logs in and based on the user profile set/change the user role.
This is how you hook to the action:
add_action( 'auth0_user_login', 'auth0UserLoginAction', 0,5 );
function auth0UserLoginAction($user_id, $user_profile, $is_new, $id_token, $access_token) {
...
}
I think you will find this WP doc useful to update the user role: https://codex.wordpress.org/Function_Reference/wp_update_user
I currently have a registration form for people to signup and pick a date for an "appointment". They get sent an e-mail right after filling it up with the details. I need another e-mail to be sent a day before their chosen date to remind them, but that can't be fulfilled by plugins I currently have.
Does anyone know of any Wordpress plug-in that allows the sending of an e-mail message (with a template and user specific data) based on a specified date?
Any piece of information or advice would be highly appreciated. Thanks!
How I would approach this would be with Wordpresses event scheduling. When a user submits the form to schedule their appointment, set a new action for the reminder email:
// Set this when you send the confirmation email
// Set the $unix_timestamp to be whenever you want the reminder to be sent.
// Args can be an array of the data you will need. Such as the users email/appt date
$args = array(
'email' => 'email#email.com'
);
wp_schedule_single_event($unix_timestamp, 'set_reminder', $args);
Now we have to catch that, and create a function to actually create and send the email (assuming you use a similar process):
add_action('set_reminder','do_reminder');
function do_reminder($args) {
// $email = $args['email'], etc.
// send reminder email.
}
I recommend Wysija Newsletters. You http://wordpress.org/extend/plugins/wysija-newsletters/. You can use template and user specific data in your email with this plugin.
If you are comfortable with writing your own code(I guess you are more or less ok with that), you can use the WordPress Schedule API(okay, maybe that's not the official name, but it works). Basically it's kind of a cron-job, but for WordPress. It has one downside though - it will only trigger on time, if WordPress is rendered(in other words accessed, so that it's code will execute). That can be easily fixed by adding a simple cron-job to your hosting account, that will simply access your home page every X hours.
You can find useful information on the API here.
Basically what you should have inside of your scheduled function is to get the records of people that should be sent reminder emails(you should probably store additional information about whether a reminder email has been sent or not) and send them the emails. I don't know what is the way you're storing the information from the registration form, but if you are using a Custom Post Type, then things should be pretty easy for you.
I am currently working on a project based on Symfony 1.4. I am using the sfDoctrineGuardPlugin to authenticate my two kinds of users : users and admins. For each module and each action in a module, I am using credentials to prevent unauthorized actions execution.
But I am facing a problem : if an user wants to edit a project, for example, the URL will look like frontend.php/project/edit/id/1. Here, we suppose that the project #1 belongs to him. Now, let's suppose that project #2 does not belong to him. If he types the URL frontend.php/project/edit/id/2, he will have access to the edit form, and will be able to edit a project that does not belong to him.
How can I prevent that behaviour ?
I would like to avoid verifying the ownership of each editable model before displaying the edit form... But can I do differently ?
Do you have any good practice or advices to prevent this behaviour ?
Thanks a lot !
Since you will have to check in the projet to know if the current user is allowed to edit the project, I don't think you will have other way than verifying before the edit, in the action part. Why don't you want to do it this way?
This check can be done inside the preExcute function:
public function preExecute()
{
$request = $this->getRequest()
if ($request->hasParameter('id'))
{
$project = Doctrine_Core::getTable('Project')->find($request->getParameter('id'));
$user_id = $this->getUser()->getGuardUser()->getId();
$this->forward404If(
$project->getUserId() !== $user_id,
'User #'.$user_id.' is not allowed to edit project #'.$project->getId()
);
}
}
In drupal how to display the user's last login date and Time.I tried out the code
user->login
It displays the current login time, But I want users previous login time and date.
Take a look at the User Stats module, it might be something that could work for you. From the module's project page:
Provides commonly requested user statistics for themers, IP address tracking and Views
integration. Statistics are:
Days registered
Join date
Days since last login
Days since last post
Post count
Login count
User online/offline
IP address
These data are saved with module Login History
Drupal doesn't offer this natively. If you need to use it, you would probably want to add it to for example serialized $user->data array when user logs in (Using hook_user() for $op = "login") and save updated user object afterwards, and then you will be able to fetch it on the next login.
The solution I used: keep track of the last two log-in timestamps (the current and the previous one).
/**
* Implementation of hook_user()
*/
function your_module_user($op, &$edit, &$account, $category = NULL) {
switch($op) {
// Successful login
case 'load':
// If it's less than two it means we don't have a previous login timtestamp yet.
$account->custom_last_login = sizeof($account->custom_login_history) < 2
? NULL
: array_pop($account->custom_login_history);
break;
case 'login':
// If it's the first time, we don't have a history
$login_history = is_array($account->custom_login_history)
? $account->custom_login_history
: array();
// Get rid of the old value.
if (sizeof($login_history) == 2) {
array_pop($login_history);
}
// Add to the history the current login timestamp.
array_unshift($login_history, $account->login);
user_save($account, array('custom_login_history' => $login_history));
break;
}
}
Then in your template you just use $user->custom_last_login. If it's empty it means we don't have the previous timestamp yet, will be available after the next login.
I want to redirect users when they log in to my site to a specific page. I currently do this in hook_user:
if($op == 'login') {
drupal_goto('defaut');
}
This mostly works fine. However, I'm using Ubercart to take orders, and have it configured to automatically log in new users. This happens before the conditional action to update the order status to "Completed" is triggered. This means that when the user is logged in automatically, my hook_user redirects the user, and bypasses the remaining order processing.
At the moment, I'm working around this by checking debug_backtrace for the calling function uc_cart_checkout_complete somewhere in the call stack, but this sounds like a really dirty way to resolve it.
Can anyone suggest a cleaner way to achieve my conditional redirection without hacking great chunks of Ubercart?
You can use hooks of ubercart (for example, hook_order, hook_cart etc of ubercart, see in ubercart\docs\hooks.php ), add $_SESSION['no_redirect'] = true; there, and change you redirection:
if($op == 'login' && !$_SESSION['no_redirect']) {
unset($_SESSION['no_redirect']);
drupal_goto('defaut');
}