This is my first try to writing custom plugin in WordPress, Certainly there is a way to add CSRF tag to forms in WordPress and check form validity inside server. The question is how can I?
If you are using Wordpress 2.0.4 or above you can use wp_nonce_field and wp_verify_nonce field to verify. The Wordpress documentation has some examples (which I posted below).
In your form:
<form method="post">
<!-- some inputs here ... -->
<?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?>
</form>
In your processing action:
<?php
if ( empty($_POST) || !wp_verify_nonce($_POST['name_of_nonce_field'],'name_of_my_action') )
{
print 'Sorry, your nonce did not verify.';
exit;
}
else
{
// process form data
}
Related
<?php
/*
Template Name: isbn
*/
?>
<form action="" method="post" name="myForm">
Filter <input id="isbn" type="text" name="isbn" />
<input type="submit" name="submit" value="Submit" /></form>
<?php get_header(); ?>
<?php
if(isset($_POST['submit']))
{
global $wpdb;
$table_name = "isbn"; // change this to your table name
$field = $_POST['isbn']; // change this to your isbn field $_POST['ISBN'];
$retrieve_data = $wpdb->get_results( "SELECT * FROM $table_name where isbn = '".$field."'");
foreach ($retrieve_data as $retrieved_data) {
echo $retrieved_data->title;
// echo $retrieved_data->image; // for image
}
}
?>
This is a search form which i want to design. I have created this form in a page template named isbn. But when i am opening that page for editing i am unable to do this. I am using divi theme in wordpress.
So divi theme is not allowing me to edit this page. Due to which this page is looking very bad in look wise.
Can anyone help me for designing this page by giving their codes or simply by giving their suggestions?
I am facing one more problem whenever i am writing css code in above code i am not getting anything. So i am totally blank that how to deal with this
Just create a WordPress page and add shortcode which you added in functions.php before. Don't create template for this page just use your shortcode only.
First, you have to create a page using divi theme, then create shortcode for this form in functions.php and then use this shortcode in your page.
you are inserting the form above the get_header(); function, so it will be outside of the html tag and outside of the body tag. Move it into the body, then it should at least appear on the page, and you'll see what you need to do next.
I'm using this code:
<?php echo do_shortcode('[userpro_loggedout]Login | Register[/userpro_loggedout][userpro_loggedin]Welcome, [first_name] [last_name] ! | Logout[/userpro_loggedin]'); ?>
Using userpro but its displaying as a text. I want the links to be functional so that the text on which user can click to logout, login, or register and have that action happen.
How can I do this?
I think you need to have login page created for userpro.
Then you can just use link like:
login
and for logout url you would need :
Logout
You might also need to wrap all of that into if statement to check which url should be displayed based on user's login status:
<?php if(is_user_logged_in()) { ?>
Logout
<?php } else { ?>
login
<?php }?>
I am using the theme my login WordPress plugin, using the custom pages I have added my own registration fields and validated them with no issues.
However I have worryingly discovered that corrupt code can be added and update to the profile page once a user is registered, I am wondering if there is the same offering for the profile page in terms of validation as there is for the registration?
The best way would be to use "theme my login" template pages, it already have the registration and profile part. You can add and remove fields to your liking and also style it, here is a tutorial for that
http://www.jfarthing.com/development/theme-my-login/adding-extra-registration-fields/.
If you have your custom built profile page then i suggest you use wpnonce to check the validity of the POST requests. Secondly use wordpress's own functions for fetching and updating data. Functions like get_user_meta and update_user_meta, these come built in with all the validation and you dont have to worry about it.
EDIT : I have written this code to demonstrate how to use a nonce field and then how to check the validity of the nonce field (By default Nonces are valid for 24 hours). The code below adds a form and asks for users height. The first php part wont run until the post request has been made. Once the request has been made then it checks for the integrity of the request. If all conditions are met then it will add a new meta field in the database called 'user_height', and will be updated every time the user changes it. Once the height has been set, it will also auto populate this in the input box, so they can see what is their current height. I hope this code covers all your doubts of showing user meta, adding/updating user meta and also validation nonces.
<?php
// Checking if the post request has been submitted and then verifing nonce
if (!isset( $_POST['get_user_height'] ) || !wp_verify_nonce( $_POST['get_user_height'], 'user_body_built' )
) {
print 'Sorry, the request cannot be verified.';
exit;
} else {
if(isset($_POST['user_height']) && !empty($_POST['user_height'])){
update_user_meta( $user_id, 'user_height', $_POST['user_height']);
}
}
<form method="post">
// Fetching previous height of user
<?php $user_height = get_user_meta($user_id, 'user_height', TRUE);?>
// Getting user's height and then saving it to users meta, if height was already set it will also show the current height.
<input type="text" name="user_height" <?php if($user_height){echo 'value="'.$user_height.'"';} ?> placeholder="enter your height">
// Generating a nonce field which will be checked on post request
<?php wp_nonce_field( 'user_body_built', 'get_user_height' ); ?>
</form>
Second EDIT (showcasing how to use existing registration fields on profile page, replace input names with the ones on registeration page): Just add this code in your profile page or functions.php it will automatically show these fields in the profile page.
function tml_edit_user_profile( $profileuser ) {?>
<p>
<label for="phone_number">Phone Number</label>
<!-- replace name attribute with the ones used on registration page -->
<input id="phone_number" type="text" name="phone_number" value="<?php echo $profileuser->phone_number; ?>" />
</p>
<?php
}
add_action( 'edit_user_profile', 'tml_edit_user_profile' );
I have a blog, http://sweatingthebigstuff.com and I would like to add an extra line in the footer which will display only from the homepage. I found this code, but it is not working for me. Do I have the wrong syntax or is there something else I can try to get this to work?
<?php if ( is_home() ) { ?>
text
<?php } ?>
Here is where footer.php is called
<?php include (TEMPLATEPATH . '/sidebar1.php'); ?>
<div class="cleared"></div>
<?php get_footer(); ?>
And here is the footer code:
text 2
Contact | Disclaimer | Privacy StatementCopyright © 2009-2010 Sweating The Big Stuff. All Rights Reserved.
and then some sitemeter crap.
is_home() sets a global var that doesn't seem to reset itself or re-evaluate, wp kinda strange.
Try putting wp_reset_query() at the end start of your if statement code
Actually, it'll be better to call it before as we can ensure the queries are reset
<?php wp_reset_query();
if ( is_home() ) { ?>
text
<?php } ?>
Now that the php is working, ideally you'd want the code above.
text
I just did a view source and I can plainly see the php code, which shouldn't be visible since it is meant to be parsed server side. The following shouldn't be there in the view source.... wrong file being edited?
<p>
<?php if ( is_home() ) { ?>
text
<?php } ?>
<wp_reset_query()>
<br />
<br />
The footer.php file should be located in wp-content/themes/nameofyourtheme folder
is_home() is a method that should return true or false. You need to implement this method somewhere. If blogspot doesn't implement this method for you, you need to do it yourself. For your website I think this function would do what you want:
<?php
function is_home(){
$r = $_SERVER['REQUEST_URI'];
return $r == '/' || $r == '' || $r == '/index.php';
}
if(is_home()) {
?>
text
<?php } ?>
And where you want the footer, put:
<?php include 'footer.php'; ?>
instead of the line:
<?php get_footer(); ?>
I believe your problem is that get_footer() is reading the footer as text, so it isn't executing the PHP beforehand. If you do it this way you can add as much PHP in the header as you want.
There is nothing wrong with your syntax, and when I view your page source, I see " text "
What is the file extension of your footer page? if it is "footer.php" then I shouldn't see the opening and closing terms for php (). php won't run unless the file extension is ".php"
as to a previous answer:
<?php wp_reset_query();?> should go BEFORE <?php if(is_home()){?>text<?php } ?> in this scenario. is_home() depends on a loop being present on the page. Maybe somewhere you used a custom query, or one of your plugins used a custom query that upset the default query vars. Like I said, use the reset statement before your if statement.
You need to modify the code to include a check for is_front_page() like so:
<?php
$ishomepage = ( is_home() || is_front_page() );
switch( $ishomepage )
{
case true :
echo 'Your homepage-only snippet of text goes here';
break;
case false :
default :
// Do nothing... or do something else...
break;
}
?>
Reference: WordPress Codex: is_front_page()
Default WP installations don't have a homepage defined, it uses your index.php and checks for other templates like a home.php template as a starting point (home.php only if your theme has it.) Here's a diagram from their online docs that shows how their hierarchy works: WordPress Template Hierarchy.
By default, WordPress shows your most recent posts on the front page
of your site. But many WordPress users want to have a static front
page or splash page as the front page instead. This "static front
page" look is common for those who wish to not have a "blog" look to
their site, giving it a more CMS (content management system) feel.
If you want to know how to set a static homepage, read this article and follow the instructions: Creating a Static Frontpage. When you set a static front page, is_home() will work as expected.
I am not sure where to start, but I want to add in a symbol or change the css for the comments for registered users. Show a difference between non registered user comments and registered user comments.
How would I go about adding this to my wordpress website?
<div class="commentdetails">
<p class="commentauthor"><?php comment_author_link() ?></p>
<?php if ($comment->comment_approved == '0') : ?>
<em>Your review is pending approval by gsprating staff.</em>
<?php endif; ?>
<p class="commentdate"><?php comment_date('F jS, Y') ?>
IP/Hostname: <small>(coming soon)</small>
<?php edit_comment_link('Edit Comment','',''); ?>
</p>
I want to add make it so that the entire class is a different color if the user is a registered logged in user.
Here's an all php version of Saladin's code using the standard if/else sysntax:
<?php
if ($comment->user_ID) {
echo "<div class='comment_registeredUser'>";
}
else { // The user is not logged in
echo "<div class='commentdetails'>";
}
?>
Putting all the code in php has fixed execution errors for me. Of course, that may have been because I was doing something else wrong.
As comments are displayed in the wp_list_comments() function, you will need to edit the code there. The easiest way to achieve this is to use a simple if/else statement checking whether or not the comment has a user ID associated with it. If it does, that means the comment was made by a registered user.
Of course, as well as this, you will need to create a new CSS class to give the distinction. Here is some example code:
<?php if($comment->user_ID) : ?>
<div class="comment_registeredUser"> <!-- Or whatever you decide to call the CSS class -->
<?php else : ?> <!-- The commenter isn't a registered user -->
<div class="commentdetails">
<?php endif; ?>
// Then include the rest of the code as is
The $comment->user_ID variable will return a true if the comment poster is a registered user and was logged in when they posted the comment. The code above will assign your custom CSS class to the div if it does indeed return true. If not, it will simply apply the standard class and styling.
There is also a really good tutorial for developing themes over at the Wordpress Codex. Definitely worth having a read through if you are unsure on what you need to do to create/edit your WordPress theme.
Edit: Cleaned up the answer and better explained the correct logic.