Say we have a a mother site. Then we have a user registration form on a 3rd party site and a user register system which is processing the whole registration process and in the end will send the user login details in the mother site's database (mysql insertion, again no user_register function). Since there are 2 completely different browser sessions, no actions can be hooked on the mother site during or after registration.
So, let's say we will have stored the users in the database with logins like aaa#bbb.cc (weird, yes) and having a name and the user_nicename appearing like aaa#bbb.cc
Question:
What is the best aproach, wp action/function to be hooked, that once the user is stored in the mother site's database, to write a function to change the user nicename in something like aaa-bbb Automatically of course.
Is there a function/hook suggested for such cases?
The below code didn't helped me, since as I told above, I think the user_register action can't be triggered when a 3rd party site registration is processed:
add_action( 'user_register', 'myplugin_registration_save' );
function myplugin_registration_save( $user_id ) {
$info = get_userdata( $user_id );
$args = array(
'ID' => $user_id,
'user_nicename' => $info->first_name . '-' . $info->last_name
);
wp_update_user( $args );
}
The question as worded is really hard to understand. If I'm reading it correctly, you have two websites. Site One is where people are registering. When they complete registration on Site One something runs that creates a new user in the Site Two database by doing a direct sql insert, not by using any native WP functions.
If that's the case, why don't you simply manipulate the user login before you insert it into the Site Two db? You can't do it via a WordPress hook b/c WordPress is never being called. Hooks are just callback functions sprinkled through the WordPress code. When something happens, like a new user is created, there is a hook that you can assign a function to -- something "Send me an email." If WordPress doesn't handle the new user creation then the hook never gets called.
If you have to do the manipulation after the data has been inserted you'll probably need to look at using a cron job that runs every X amount of time looking for new records in the wp_users table.
Related
I'm usingGravity Forms where submissions are sent to various emails. Some forms ask for PII via uploaded files, so we restrict access to those links to only those who have login access. This filter is responsible for this feature across all forms.
add_filter( 'gform_require_login_pre_download', '__return_true' );
However, one form doesn't require this level of security and requires the download link to be open.
How can I 'turn off' this feature for one particular form?
This filter might work for this scenario but I'm not sure how to implement it.
https://docs.gravityforms.com/gform_permission_granted_pre_download/
Basically I would want to return $permission_granted if the form id is 6 (and the field id is 8 but not sure if that is required). This is what I have so far.
add_filter( 'gform_permission_granted_pre_download', function( $permission_granted, $form_id, $field_id ) {
if ($form_id = 6){
return $permission_granted;}
}, 10, 3 );
I'm quite new to Wordpress, so please forgive me and correct any mistake I'm making, I'm willing to learn and improve :)
I set up multiple contact forms for applying to fitness courses. People need to fill them, and I get an email with their written data.
What I'm trying to do now is execute some PHP code that writes data into a MySQL database whenever the user correctly fills and sends a contact form.
I also need every contact form to have a unique code "attached" to it, because the PHP code needs this code to write the data inside the database. (simply put, every course has its unique code that i need to write in the database along with the user's data).
So far as I understand, I need to use add_action( 'wpcf7_before_send_mail', 'my_function' ); in a snippet inside functions.php. What I'm trying to achieve now is to attach this code to every contact form (but it mustn't be visible to users) so that my php snippet reads this code and correctly edits the database.
Any clue on where to look? I don't need the code written, just some ideas!
Thank you in advance, have a nice day everybody.
EDIT: I found out there are "hidden fields" in CF7. So, i added these to my test contact form:
[hidden idcorso "6"]
[hidden idgruppo "0"]
Then i'm using this snippet, but it doesn't work:
add_action( 'wpcf7_before_send_mail', 'process_contact_form_data' );
function process_contact_form_data( $contact_data ){
$idcorso = $contact_data->posted_data["idcorso"];
$idgruppo = $contact_data->posted_data["idgruppo"];
if (is_user_logged_in()) {
$idutente = get_current_user_id();
$data = current_time('d-m-Y - g:i');
$stato = 1;
$wpdb->insert("fis_iscrizioni_2018", array('id_utente' => $idutente, 'id_corso' => $idcorso, 'data' => $data, 'stato' => $stato, 'id_gruppo' => $idgruppo) );
}
}
Any clue?
First of all, I'm not a security expert and new to form validation, password storing and wp plugin development. Any wp plugin tutorial I've been looking at never had a chapter about API passwords. Googling for wordpress password issues didn't return any satisfying results. So that's why I'm asking here.
I want to create a custom Wordpress Plugin which works with a Soap API of another page. To use the Soap API a login is needed. So the Wordpress built in functions add_option(), update_option() and get_option() are all working with plain text.
But I know that in the wp_config file authentication keys can be saved. But how to use them in an option page form to encrypt the password? And would it be possible just to store them in the database, decrypt it and use it in the backend but not showing it on the options page if the user visits that page again. So that the password field just has some black spots in it (not the same amount of the chars of the pass) and the password option only is updated if something is written into that field.
Normally the code is like this:
register_setting( 'my_plugins_option', 'my_options', 'my_validation_function' );
$options = array(
'user' = > 'name',
'password' = > 'pass',
//... other options
)
update_option( 'my_plugins_option', $options );
But how could I make this more secure? I've seen many plugin examples but nothing was about storing passwords. I'm looking for something like this:
function my_validation_function($input){
if($input['password']=='•••••'){
//use the default value of the database if nothing was changed
$old_options=get_option('my_plugins_option');
$input['password']=some_decrypting_function($old_options['password']);
}
else{
//use the password sent from the form
$password=esc_sql(some_encrypting_function($input['password']));
}
// ... validate the other inputs
update_option( 'my_plugins_soap_api_pass', $password );
}
P.S.: This code is not tested yet of course because I don't know how to work with passwords in wordpress plugins and so I wanted to ask for the best practices first.
The other question is: If the modified version of the code from above would work and the password is saved once and never loaded into the Dashboard frontend again (just showing this: '•••••' once typed in) would it be save to work with the get_option() function, decrypt the password and use it in the backend?
Here are a couple recommendations. They aren't specific to WP, but can apply.
1) Save an encrypted password in the options table (use whatever encrypting function you want, just don't write your own)
2) In the options page, simply do NOT output the password. Leave that field blank, and don't require it to be entered if there is already a password stored in the database.
3) Only decrypt the password retrieved from the options table just prior to actually needing it in code.
How do I measure site speed for logged in users? The tools like pingdom, google page speed etc, check site speed for guests. the reason I ask is this.
My site is fast for guests because I have page caching. For logged in users, I don't have the pages cached and hence it is extremely slow. The end result is that my most loyal visitors (logged in users) are getting a slow site. If I can accurate measure it, I can move towards fixing it. Appreciate the help.
I handled this by creating a test user on the system (let's call the login my_test_user) and then added an action hook on init to check the URL for a token, and if the token is found it logs in as the test user before running the rest of the page. You can use whatever you want as the token as long as it is long and random enough, but this is a decent generator. Keep in mind that you should be using this via SSL (but then again, so should your logins with password).
From a security standpoint I would recommend hard coding the test user either in the code or as a constant in wp-config.php. If this is ever compromised, you don't want the hacker to be able to log in as any user, and your test user should have limited permissions. Perhaps even consider another token/key to enable/disable the functionality based on a wp_option value and only turn on when testing.
Once added to your functions.php you can use any URL in your tools appended with ?login_token=YOUR_LOGIN_TOKEN to view it as my_test_user.
function auto_login() {
$login_token = isset( $_GET['login_token'] )? $_GET['login_token'] : false;
// get a UUID from http://www.uuidgenerator.net/
if ( $login_token == 'ac88dc0e-72a8-4a22-abc0-fb5b5396c0ac' ){
// The test user we want to log in
$user_login = 'my_test_user';
// Get the user info
$user = get_user_by( 'login', $user_login );
// Log the test user in automatically
wp_set_current_user( $user->ID, $user_login );
wp_set_auth_cookie( $user->ID );
do_action( 'wp_login', $user_login );
}
}
// Set with a priority of 1 so that it runs ASAP
add_action( 'init', 'auto_login', 1 );
Here's the situation:
I have an old site, with an old userdatabase (MySQL). I'd like to migrate these users into wordpress without losing the old data (recipe id's, custom user fields etc.).
Besides this i'd like to make a custom registration page with all the (extra) user data i allready had on the old site.
I tried to find some plugins (WP-members, Registration Widget, Register Plus Redux, etc.), but they all didn't fit my purpose.
I'm starting to think that I probably need to code this myself, but that will make Wordpress unable to update.
Does anyone have a solution for this problem?
Thx, Rick
Should be fairly easy although you may have to assign users a new password. That is usually ok with the users as long as they know it's coming.
Take your old database and to a simple sql query to extract the data, then use some code like the following to create a new user for each user in your old database:
$newuser = array(
'user_pass' => wp_generate_password( 12,0 ),
'user_login' => $email,
'user_nicename' => $name['first'].' '.$name['last'],
'user_email' => $email,
'display_name' => $name['first'].' '.$name['last'],
'nickname' => $name['first'].' '.$name['last'],
'first_name' => $name['first'],
'last_name' => $name['last'],
//''
);
$user_id = wp_insert_user($newuser);
wp_new_user_notification($user_id, $newuser['user_pass']);
This code works as of WordPress 3.1. In this example you'd simply want to replace the $name variables with data that you've provided from your old database.
The last two lines are important because that's where the real work happens. The wp_insert_user function will create the user (or throw an error if you're missing info) and the wp_new_user_notification function will send them an email with their password. I would highly recommend taking the time to rewrite the new user notification plugin (it's a pluggable function so you can just copy paste it to your functions.php and make changes there) so that the email users get makes sense. You could also write your own email function or if your passwords are stored in plain text simply pass that info on to WP.
Edit: I missed your need for custom fields, Gravity Forms does this quite well but you can add a custom field to any user with the update_user_meta function. So in the sample code above you'd just want add something after that like:
update_user_meta($user_id, "my_custom_data_key", "my_custom_data_value");
To retrieve that data for display, you'd just use get_user_meta:
print get_user_meta($user_id, "my_custom_data_key");