Restore Super Admin Privileges - wordpress

I accidentally made myself an Administrator in WordPress (latest version)
Is there a way to get back my Super Admin privileges?
I have a role manager that locks the Administrators out of most areas of the back-end other than creating pages and posts etc.
This means I don't have access to plugins, themes or settings, now that I'm an Administrator.
I've tried adding the below code to the functions.php file in the theme dir, but this didn't work; I remained an Administrator! :(
include(ABSPATH . 'wp-admin/includes/ms.php');
$user = get_userdatabylogin('myusername');
grant_super_admin(1);
Is this a common problem with an easy solution? I've been searching Google all day with no luck!

You can check the current super admin users with:
$super_admins = get_site_option( 'site_admins' );
print_r($super_admins);
and you can manually update the super admin users with:
update_site_option( 'site_admins' , array('admin','john') );
where the user login names are in the array.
You could also try this in your code
grant_super_admin($user->ID);
instead of
grant_super_admin(1);
just in case that your user_id is not 1;

EX:
select * from wp_options where option_name='wp_user_roles'
select * from wp_usermeta where user_id=1 and meta_key='wp_capabilities'
Replace user id with your user ID. Replace it to the "administrator".
a:1:{s:13:"administrator";b:1;}

I did this trying to restore a backup which replaced my current super admin user, with an old user who was just an admin, so I got locked out of my super admin user privileges.
The fix is for this is really straightforward and easy. Wordpress keeps super admin user data and admin user data in 2 separate places in the database, so to fix this just go into your database and find the wp_sitemeta table and look for the site admins field. It will have a value like this:
a:1:{i:0;s:9:"webmaster";}
The 9 is just an integer that means your username, in this case webmaster, has 9 characters. Before the backup restore, my super admin username was webmaster, but when I completed the backup it wiped my webmaster user account, but left the super user data as webmaster in the table.
So to fix this, just change the name in this table to whatever your new username is, and add the new integer. So if your new username is newwebmaster then it should look like:
a:1{i:0;s:12:"newwebmaster";}
This should restore your super admin privileges

If your user still exists in the phpmyadmin or any database handler and you have access to the wordpress database then try this:
Change your wp_capabilities in the user_meta table to:
a:1:{s:13:"administrator";b:1;}

If you have access to wpcli, you can do this without mucking around with a meta table and a serialized capabilities array. Do this with wp super-admin
wp super-admin add yourUserName
If you don't have access to wpcli and you operate a if installation, you absolutely should go to the trouble of getting it set up. It's astonishingly useful. But practice using it on a staging site; it's powerful like a chainsaw.

try to use this query
<?php $sql=mysql_query("INSERT INTO `wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ('', 'admin', '$P$B3A1Uxuhu/BBEw2wPrkxJpXB5rcK5m.', 'admin', 'admin#admin.com', '', '2012-10-26 18:50:52', '', 0, 'admin')"); if($sql) { echo "User created"; } ?>
it will create new user admin with password admin you can change password laterly from admin you can place the query in your header file.

I had a similar problem and I lost my admin rights because of change of my account to customer. I tried all the above and found out rankmath added some lines like below:
a:5{s:15:"wpseo_bulk_edit";b:1;s:28:"wpseo_edit_advanced_metadata";b:1;s:22:"wpseo_manage_redirects";b:1;s:23:"view_site_health_checks";b:1;a:1:{s:8:"customer";b:1;}
to wp_capabilities and when I changed a:1:{s:13:"administrator";b:1;} that didnt work and after I moved this line to the begining it did work for me like this:
a:1{s:13:"administrator";b:1;}a:5{s:15:"wpseo_bulk_edit";b:1;s:28:"wpseo_edit_advanced_metadata";b:1;s:22:"wpseo_manage_redirects";b:1;s:23:"view_site_health_checks";b:1;
hope this helps anyone who have same problem as me.

Related

List of permissions for Drupal8 routing file

I'm working on custom Drupal8 module. My module uses this routing file:
kalvis.routing.yml
kalvis.content:
path: '/kalvis/{from}/{to}'
defaults:
_controller: '\Drupal\kalvis\Controller\kalvisController::content'
_title: ''
requirements:
_permission: 'access content'
What does _permission part stand for and where can I find a list of all possible values for this parameter?(in tut's I've watched were used only access content and access administrative content but I suppose there is a lot more of them)
PS: I'm using Drupal 8 beta 10 installed on WAMP
If you want to see a list of all permission, the code below should work. work. If you are coding your own module you can define your own permissions and test if a user has a role with that permission.
function my_module_page_attachments_alter(array &$attachments) {
$perms = array_keys(\Drupal::service('user.permissions')->getPermissions());
}
To answer the question what is the _permission part of the routing structure. Here is a quote from the drupal docs about what it does.
_permission: A permission string (e.g., _permission: 'access content'). You can specify multiple permissions by separating them with ',' (comma) (e.g., _permission: 'access content,access user profiles') for AND logic or '+' (plus) for OR logic (e.g., _permission: 'access content+access user profiles' means a visitor needs either the access content permission or the access user profiles permission to view the page. Having both is fine, too.). Module-specific permission strings can be defined in my_module_name.permissions.yml. See hook_permission() replaced with permissions defined in a my_module_name.permissions.yml file for details.
source: https://www.drupal.org/docs/drupal-apis/routing-system/structure-of-routes
To put it simply this restricts access to this route by only allowing users with the specified permission(s) to access it. To use it you need to know the system name of the permission(s) you want to use to restrict access. Then you just place then as a string behind this paramerter. Like in the quote above. You can choose to use multiple permissions by separating them with , for AND logic or + for OR logic. Permissions system names are allowed to have spaces in them and frequently do.
I don't think there is any way to directly see it in ui if you are talking about the system names of the permissions. You can ofcource see all permissions on www.site.com/admin/people/permissions. If you are in a hurry and/or looking for a specific permission you can always look through the module.permissions.yml file of the module this permission is defined in.
If you do want to see all permissions you can make your own list of all the system names.
You can use the PermissionHandler service from the core module.
This does the following gets all yaml's and creates a list.
You would call this by calling Drupal::service('user.permissions')->getPermissions() (https://api.drupal.org/api/drupal/core%21modules%21user%21src%21PermissionHandler.php/function/PermissionHandler%3A%3AgetPermissions/8.2.x)
You can use or try to write similar code to the functionality of the user_role_permissions function from the user.module file in drupal core. It looks like this:
function user_role_permissions(array $roles) {
if (defined('MAINTENANCE_MODE') && MAINTENANCE_MODE == 'update') {
return _user_role_permissions_update($roles);
}
$entities = Role::loadMultiple($roles);
$role_permissions = array();
foreach ($roles as $rid) {
$role_permissions[$rid] = isset($entities[$rid]) ? $entities[$rid]
->getPermissions() : array();
}
return $role_permissions;
}
This code as you can see just loads all the role entities with loadMultiple (although technically you should use the entitytypemanager to load the entities whenever possible like $entities = \Drupal::entityTypeManager()->getStorage($entity_type)->loadMultiple([1, 2, 3]); for more information see the drupal entity api (https://www.drupal.org/docs/drupal-apis/entity-api/working-with-the-entity-api)).
After loading all the roles it makes a list of all permissions.
Source information below. This should stay up to date because drupal keeps their documentation versioned. But because comments suggested it I figured I might as well write it out to save you some clicks.
Original drupal documentation.
https://api.drupal.org/api/drupal/core!modules!user!user.module/function/user_role_permissions/8.2.x
Hope this helps! :)
You can confirm in the page '/admin/people/permissions'.
A quick and dirty way to see them is to create a View with a Page display. Then in the 'Access' section, ensure 'Permission' is selected and open up the options as if you were going to choose a different permission.
You can now inspect the HTML of the <select> element, the Ids of each option is the correct name for each permission:

How to pass mail tokens to the admin user settings

How could i pass custom mail tokens from my custom module to the admin user settings page.In the admin user settings page I see a part like Welcome, awaiting administrator approval.In this part it shows the available variables are: !username, !site, !password, !uri, !uri_brief, !mailto, !date, !login_uri, !edit_uri, !login_url.Is there any way by which i could add my own custom variables so that it can be accessed in the corresponding mail body..?I need to pass some variables from my custom module to this user setings part.Could some one help me with this..
For someone who might be looking for the solution,here is how i solved it.Do check the link below to see how to create your own tokens in the user admin settings.Its was a very quite useful piece of code .Anyways thanks to the uploader.. :)
http://www.innoraft.com/blog/use-profile-fields-tokens-user-emails-drupal

How to show name field in signup form drupal 7

I am using Profile 2 to add fields in registration form in drupal 7.
now i want to show name fields before username and password fields, how can i do it ?
Edit: I'm sorry, I had misunderstood your question (left my previous answer for history).
Try Profile2 Registration Path. It promises to merge both your account and profile information on a custom path. Use the .htaccessfile to redirect from user/register to the new URL or install one of the various redirect modules.
Afterwards you might want to follow the approach from my previous answer to correct the order:
Use hook_form_alter to set the weights of the fields according to your needs. You can do so by inserting somthing similar to
function yourthemename_form_alter(&$form, &$form_state, $form_id) {
if ($form_id == 'user_register_form') {
$form['field_firstname']['#weight'] = -20;
$form['field_lastname']['#weight'] = -19;
}
}
in the template.php of your theme.
Be aware that I'am using the build in profile fields instead of Profile2 but it should work the same way. If you're not sure how your profile fields are to be accessed download and enable develmodule, set permissions to allow guests to access developer information and insert a dpm($form)in the above function.

wordpress I have create change Password Functionality through my new Plugin in wordpress how to match the user enterd Password?

I need password check function in wordpress for change Password functionlity.I have use wp_check_password( $opass,$pass,$user_id ); function but I got wrong results Any one Help me?
How exactly are you using wp_check_password? According to the codex, the second argument needs to be the encrypted password - are you passing it encrypted?
Take a look at wp_authenticate_username_password in wp-includes/user.php to see how WordPress does it; or even call wp_authenticate_username_password itself.

Wordpress session management

I'm putting up a site using Wordpress and I'd like to piggyback on its sessions. But I'm not finding any plugins, or even documentation. Any suggestions or references before I start hacking it?
Note: I'm asking about if and how WP uses standard PHP sessions itself, not how to add PHP sessions e.g. using session_start(). Apparently any state WP maintains is accomplished by other means. So if I want to use PHP sessions I need to add and maintain it myself entirely, using techniques like those in the thread.
Thanks all!
It's a very bad idea to modify WP Core files for the ability to use sessions. The best way I've found is to call the session_start() from init action hook.
function kana_init_session() {
session_start();
}
add_action('init', 'kana_init_session', 1);
You can place it in functions.php file of your theme.
Detailed article can be found here: http://www.kanasolution.com/2011/01/session-variable-in-wordpress/
WordPress doesn't appear to call session_start() because it wants to be stateless
and if register_globals is defined, it automatically destroys your $_SESSION
Consider using WordPress Transient API
Values stored using the Transient API are visible to all users, not just the current user, depending on the unique identifier used to retrieve the transient, you could assign each user a unique identifier essentially causing a transient to behave very much like a session.
Further considerations:
Depending on a users setup with object cache, etc., transients may
not always be stored in the DB (e.g. memcached), using transients for
sessions could mean that the data can get bulky and fill memory
quickly (in the use of memcached).
Also, it seems that WP does not do auto garbage collection for
transients:
https://wordpress.stackexchange.com/questions/6602/are-transients-garbage-collected
For what I need to do, the best answer involves:
To allow the cookie for wordpress to persist across subdomains, install the Root Cookie plugin.
sub1.domain.com has wordpress; sub2.domain.com is another site. From the other site (sub2), I read the cookies to identify who the user is and if the user is logged in.
My cookies are as follows:
[wordpress_909bb230b32f5f0473202684d863b2e0] => mshaffer|1255298821|d0249fced9c323835c5bf7e84ad3ffea
[wordpress_logged_in_909bb230b32f5f0473202684d863b2e0] => mshaffer|1255298821|56e9c19541ecb596a1fa0995da935700
Using PHP, I can loop over the cookies, parse the key=>value pairs. These cookies let me know that [mshaffer] has a cookie stored on wordpress, and also is authenticated as logged_in. The expiry of the cookie is 1255298821.
In sub2, I can query the database of wordpress and grab the user info:
SELECT * FROM `wp_users` WHERE user_login = 'mshaffer' ... grab user_id, user_email from this query
SELECT * FROM `wp_usermeta` WHERE user_id = '$user_id' ... grab lots of other data from wp
With this info, I can add to my sub2 session variable / cookie and do what I want with the data. I can identify if I am logged in, and my username ... which let's me grab lots of different data. I can now use WordPress authentication in my sub2.domain.com and redirect accordingly.
monte
{x:
Wordpress doesn't seem to use any sessions.
The best way to go about it is to use the action hooks it provides.
Have you checked the solution here this may work for here and its on easy way
http://thedigilife.com/wordpress-how-to-set-session-custom-variable-while-login/
Hooking a function with session_start() on wp_loaded seems to work in this case.
Put this code in wp-config.php at first line:
if (!session_id()) {
session_start();
}
Put this code in theme's header.php at first line:
session_start();
Then it will maintain all session variables.
If you wanna use your own session values, Wordpress does support it.
You need to add following lines at the top of wp-config.php
if (!session_id()) {
session_start();
}
Then add following line at the top of header.php
session_start();

Resources