How can I allow non users to delete posts?
I am currently using this code:
<?php
global $wp_query;
$cat = get_the_category();
if ($cat[0]->cat_ID == 86){
$url = get_bloginfo('url');
echo "<a>ID) . "'>Delete post</a>";
}
?>
This adds a delete link if the current post is in a certain category. It works perfectly but It requires a user with edit privileges to be logged in. How can I change this to allow for regular, non registered users to delete posts?
Any help is appreciated.
You have two options:
1) Promote non-users into users by giving them a session to uniquely identify them and relate each poster with their posts. This requires additional session storage for non-users.
2) Generate a unique hash for each post and provide in the view page a once-only option to delete the post. Similarly to imgur.com, they can still delete the post if they saved the link but will not be presented again. This saves server state.
Related
I am a new WordPress plugin developer. I tried submitting my plugin in WordPress repository, but recieved an error from the review team. The error is like
Data Must be Sanitized, Escaped, and Validated
When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues. Below are the paths they mentioned:
woolive/templates/livecall.php:18: $prodid = $_GET['id'];
woolive/admin/register.php:201: $prodid = (isset($_GET['id']) && !empty($_GET['id'])) ? $_GET['id'] : "";
woolive/admin/settings.php:20: update_option('button_loc_shop_page', $_POST['button_loc_shop_page']);
woolive/admin/settings.php:28:
update_option('button_loc_product_details_page', $_POST['button_loc_product_details_page']);
woolive/admin/settings.php:30: update_option( 'loginpage_slug', $_POST['loginpage_slug'] );
woolive/admin/settings.php:31: update_option( 'howtojoinpage_slug', $_POST['howtojoinpage_slug'] );
Anyone can share how can I do that? Any comments or directions would be really appreciated.
If someone visit my website then how can I show them their name when they visit and show them a welcome message like welcome Atul. My website is created in WordPress.
Your visitor need to be registered on your website. This is the only way WordPress can find his information. To know more about displaying information of USER read this article "http://codex.wordpress.org/Function_Reference/get_currentuserinfo"
To allow this to happen the user of the site will have to be registered as otherwise there is not a method to find their name. When they are logged in by default it will say something like "Welcome, Woolnut". There are some small plugins that can change the welcome message for you but you will need to get the user to log in before you have access to name for them. If they are logged in already and you want to display their username / name then take at look at this >> link, it may be of use!
Edit
Turns out my link is the same one as the other answer! (Is probably the best link however...)
A slightly better way is to call wp_get_current_user instead, like so:
$user = wp_get_current_user();
if ( 0 !== $user->ID ) {
echo $user->display_name;
}
This is a wrapper for the get_currentuserinfo that actually returns the user to you directly instead of just setting a global variable. It returns a WP_User object with the information of the current user in it.
If the user is unknown or not logged in, then the function will return a WP_User with the ID set to zero, so you can check for that and also handle unknown users.
Say we have a a mother site. Then we have a user registration form on a 3rd party site and a user register system which is processing the whole registration process and in the end will send the user login details in the mother site's database (mysql insertion, again no user_register function). Since there are 2 completely different browser sessions, no actions can be hooked on the mother site during or after registration.
So, let's say we will have stored the users in the database with logins like aaa#bbb.cc (weird, yes) and having a name and the user_nicename appearing like aaa#bbb.cc
Question:
What is the best aproach, wp action/function to be hooked, that once the user is stored in the mother site's database, to write a function to change the user nicename in something like aaa-bbb Automatically of course.
Is there a function/hook suggested for such cases?
The below code didn't helped me, since as I told above, I think the user_register action can't be triggered when a 3rd party site registration is processed:
add_action( 'user_register', 'myplugin_registration_save' );
function myplugin_registration_save( $user_id ) {
$info = get_userdata( $user_id );
$args = array(
'ID' => $user_id,
'user_nicename' => $info->first_name . '-' . $info->last_name
);
wp_update_user( $args );
}
The question as worded is really hard to understand. If I'm reading it correctly, you have two websites. Site One is where people are registering. When they complete registration on Site One something runs that creates a new user in the Site Two database by doing a direct sql insert, not by using any native WP functions.
If that's the case, why don't you simply manipulate the user login before you insert it into the Site Two db? You can't do it via a WordPress hook b/c WordPress is never being called. Hooks are just callback functions sprinkled through the WordPress code. When something happens, like a new user is created, there is a hook that you can assign a function to -- something "Send me an email." If WordPress doesn't handle the new user creation then the hook never gets called.
If you have to do the manipulation after the data has been inserted you'll probably need to look at using a cron job that runs every X amount of time looking for new records in the wp_users table.
I have something a client wants me to build, and I can with wp_mail, but I am wondering if how it should be built is fessable - no they dont want to use third party websites or software.
Essentially a widget will take in the clients email address, with this we can:
Have some kind of interface so we can say that send out 5, 10, 15 posts of category x, y, x on a daily, weekly or monthly basis
Thats not hard, but the question is: how would I store the emails that come in? a new column?
Use these emails and a custom post type to create email templates, newsletters and so on that could be sent to a set of emails (in this case all emails stored for now) at a specified time.
This one isn't hard either, its the custom post type part, how would I create a custom post type that when a post is published the post is not published the same way a post is, or a page. but instead its stored like one, but I can use its content in an email body instead of displaying it like a post or page.
essentially I shouldn't be able to go to:
site.come/email_templates/post_id
So the second one is a bit more complicated but I am wondering how you guys might approach this situation or idea.
Here are some thoughts when it comes to the e-mail subscription part. As for the custom post types - I don't have much experience with those, sorry :)
If you want a quick and easy solution for the e-mail subscriptions, create a wp option (see http://codex.wordpress.org/Function_Reference/add_option) that is essentially a hash table that maps categories to keys in the table.
For each category in the hash table, store an array of userIDs and/or e-mails of the users that are subscribed to that category.
Once you have this data structure in place, it's fairly easy to manipulate and use in with wp_mail. Here is some example code that I've written for one of my plugins:
$subscribers = get_option('subscribers');
$categories = get_the_category($post->ID);
if( !empty($categories) && !empty($subscribers)){
$emails = array();
//Go through each category and accumulate the necessary e-mail addresses
foreach($categories as $category){
$catID = $category->term_id;
if( !empty($subscribers[$catID]) ){
foreach($subscribers[$catID] as $userID => $trash){
$user = get_userdata($userID);
$userEmail = array( $userID => $user->user_email );
if( !in_array($userEmail, $emails) ){
$emails = $emails + $userEmail;
//you can use something like implode(", ", $emails)
//in the Bcc: part when you send out the e-mail.
}
}
}
}
}
Some things to note:
This is a quick and dirty solution. If the number of categories and number of subscribers grows big, you're better of creating a table in the database and maintaining it that way
Make sure to think of situations when categories are deleted (i.e. hook into actions when categories are deleted) and how that will affect your datastructure
The hash table approach works well assuming categories are NOT deleted/added frequently
Good luck!
I'm writing a custom php code in my Drupal website. I need to load the content of specific pages from PHP.
These pages are visible only for authenticated users, and it seems I cannot access them from php, even if I trigger the script when I'm logged in as user.
Is there a way to simulate "a logged in" user from php, so I have access to all the content of the website ?
update:
global $user;
if (user_access('access content')) {
require_once("dompdf/dompdf_config.inc.php");
$html = file_get_contents('http://mywebsite.com/admin/store/orders/45/invoice/print');
$dompdf = new DOMPDF();
$dompdf->load_html($html);
//$dompdf->load_html_file('invoices/' . $file);
$dompdf->render();
$dompdf->stream("sample.pdf");
}
I've tried with relative path and it is the same...
And this is with impersonating the admin user
//access as administrator
global $user;
$original_user = $user;
session_save_session(FALSE);
$user = user_load(array('uid' => 1));
//generate pdf
require_once("dompdf/dompdf_config.inc.php");
$html = file_get_contents('http://mywebsite/admin/store/orders/45/invoice/print');
$dompdf = new DOMPDF();
$dompdf->load_html($html);
//$dompdf->load_html_file('invoices/' . $file);
$dompdf->render();
$dompdf->stream("sample.pdf");
//logout as administrator
$user = $original_user;
session_save_session(TRUE);
Still I get access denied as resulting page (and generated pdf).
thanks
The code to do so is:
<?php
if (user_access('access content')) {
print "You have the permission 'access content'";
}
?>
Running code that circumvents the permission system might seem simple and easy, but is really a serious security hole.
However, since that is what you ask:
<?php
global $user;
if ($user->uid) {
print "You are a registered user"
}
?>
But again, never use this as a replacement for permissions.
These pages are visible only for authenticated users, and it seems I cannot access them from php, even if I trigger the script when I'm logged in as user.
Drupal checks if the user has permission to view a node using the global variable $user. To do what you are trying to do, if you cannot trust that the currently logged in user have the permission to view the node you are interested in, you should read Safely Impersonating Another User.
I am not saying that you should be doing that. Before to impersonate another user, I would verify if the followed approach is the only possible one.
For example, if you just need to access a field contained in a node, then you can use node_load(), which doesn't verify if the current user can view the loaded node.
If you need to show the body of a node, you can use the following code:
$node = node_load($nid);
if ($node) {
$body = check_markup($node->body, $node->format, FALSE);
}
Showing information for which the current user doesn't have access is considered a security issue, though.
Update
The issue with your code is that you are using file_get_contents('http://mywebsite/admin/store/orders/45/invoice/print'); doing so, you are opening a new connection to the site, and the new connection is opened as anonymous user. That is the reason the node that authenticated users are able to see is not returned.
Even if the code would work, what you get is not the HTML to render the node only, but also the full page, including the blocks Drupal normally show on the top, and to the left/right sides.
If you are interested in rendering a node, then you should use the following code. (It's just a skeleton, and it's not complete.)
// $nid is the node ID.
// Check the result, in the case the node has been deleted, or there are other errors.
$node = node_load($nid);
if ($node) {
// The arguments tell the function that you don't want to render a teaser, that the node is
// rendered as it is the only node in the page, and that you don't want the additional
// links that are usually rendered after the node content.
$html = node_view($node, FALSE, TRUE, FALSE);
// This is your code.
$dompdf = new DOMPDF();
$dompdf->load_html($html);
$dompdf->render();
$dompdf->stream("sample.pdf");
}
About the updated code.
Your file_get_contents will pull in the content as "anonymous user". That is just one reason why your code is a bad idea:
Whenever your code runs, it will open your own site and parse that code: resulting in at least two "Drupals" to be loaded: effectively at least two pageviews to show one page to a user. But many more problems with this approach are possible.
Instead, you should find the code/function that creates the page at http://mywebsite.com/admin/store/orders/45/invoice/print and use that as input for your PDF-creator.