moskalak on "$_SESSION variable not being properly unset"

August 7, 2014, 2:49 am

≫ Next: sinemac on "Any way to add exceptions for sanitize_post() ?"

≪ Previous: javawpscript on "Redesigning My Search Results"

$

0

0

Hi,

I'm trying to create a "hidden page" functionality in my theme. It should work like this:
1. User goes to a page.
2. When something happens, a $_SESSION variable is set that allows to access a certain page.
3. When they go to the page, the $_SESSION variable should be unset, so that it's impossible to access that page again.

The problem is, even though the variable gets unset (I check for that), I can always access the page again.

Here's the code


<?php

/**
* Extensions for functions.php
*/

function conditional_session_start() {
if( session_id() == '' || !isset($_SESSION ) ) {
session_start();
}
}

function allow_create( $value = true ) {
conditional_session_start();

$var_name = 'allowed';

$_SESSION[$var_name] = $value;

session_write_close();
}

function allow_destroy() {
conditional_session_start();

$var_name = 'allowed';

unset( $_SESSION[$var_name] );

session_write_close();
}

function allow_check() {
conditional_session_start();

$var_name = 'allowed';
$output = false;

if( isset( $_SESSION[$var_name] ) && $_SESSION[$var_name] == true ) {
$output = true;
}

session_write_close();
return $output;
}

function allow_404() {
// Show 404 error
global $wp_query;
$wp_query->set_404();
status_header(404);
}

Then in functions.php:


/**
* Implement the 'protected' functionality.
*/

function add_protects_functionality() {
global $post;
if( !isset( $post ) ) {
return;
}

if( get_post_meta( $post->ID, 'protects', true) == "true" ) {
allow_create();
}
}
add_action( 'wp', 'add_protects_functionality' );

function add_protected_functionality() {
global $post;
if( !isset( $post ) ) {
return;
}

if( get_post_meta( $post->ID, 'protected', true ) == "true" ) {
if( !allow_check() ) {
allow_404();
}
}
}
add_action( 'wp', 'add_protected_functionality' );

function add_unprotect_functionality() {
global $post;
if( !isset( $post ) ) {
return;
}

if( get_post_meta( $post->ID, 'unprotects', true) == "true" ) {
allow_destroy();
}
}
add_action( 'wp', 'add_unprotect_functionality');

---

sinemac on "Any way to add exceptions for sanitize_post() ?"

August 6, 2014, 8:24 pm

≫ Next: danni.gutierrez@gmail.com on "functions in function.php"

≪ Previous: moskalak on "$_SESSION variable not being properly unset"

$

0

0

I've edited a quiz plugin to get the report content added as a post. The problem is that when it's added, some of the content necessary to achieve what I'm after gets stripped out.

I'm trying to do a tabbed layout instead of paginated - using:

<ul class="uk-tabs" data-uk-tabs="{content:'#report_content'}">... </ul>

but the

data-uk-tabs="{content:'#report_content'}"

is getting stripped out.

Here's the wp_insert_post() code I'm using (the stripped content is within $output):

wp_insert_post( array(
		'post_title' => $exam->name.' Report',
		'post_type' 	=> 'my-reports',
		'post_name'	 => $taking_id,
		'comment_status' => 'closed',
		'ping_status' => 'closed',
		'post_content' => $output,
		'post_status' => 'private',
		'post_author' => $user_id,
		'menu_order' => 0,
		'comment_status' => 'open',
		'post_category' => array(43),
		'page_template' => 'single-my-reports.php'
));

I've done a quick test by commenting out

//$postarr = sanitize_post($postarr, 'db');

in post.php, but if there's a safer way by just making an exception for "{connect:'#somediv','param':'xyz...} I'd prefer to go that route.

Or can I disable sanitize just for the post insert above by removing and then re-adding it?

Thanks,
Scott

danni.gutierrez@gmail.com on "functions in function.php"

August 7, 2014, 5:56 am

≫ Next: djones8520 on "get_posts the_content() problem"

≪ Previous: sinemac on "Any way to add exceptions for sanitize_post() ?"

$

0

0

Hi there.

As I am relatively new to this topic I did not realize where I should put the call to a function (declared in functions.php) to hide a menu item admin panel.

If it's not too much trouble could you give me an example.

Thank you.

Daniel.

djones8520 on "get_posts the_content() problem"

August 7, 2014, 7:44 am

≫ Next: honza.skypala on "Using "Add Link" dialogue in my own plugin"

≪ Previous: danni.gutierrez@gmail.com on "functions in function.php"

$

0

0

I originally used $key->{"post_content"} in the code below, but that didn't take any of the formatting into account. From what I've read the_content() should work with get_posts(), but it isn't working.

What happens is it appears to get stuck in the loop, because the title of the first post is the only thing that displays on the page and it is repeated multiple times. I didn't count it, but I would guess 100+ times.

// $att sets up the parameter to pull the posts.  The array(...) is used if there is no parameter in the shortcode
	$att = shortcode_atts ( array('category_name' => 'none', 'orderby' => 'post_date'), $args);
	// Pulls the posts
	$posts_array = get_posts($att);
	//print_r(array_values($posts_array));

	// $posts_array is a array of WP_Post objects.  To use a element use $key->{"name"}
	// The div has to be created her, because if you put the shortcode in a div the html content doesn't get put into the div
	echo '<div id="post_allnews">';
	foreach ($posts_array as $key){
		echo '<div class="post_allnews">';
		// guid is the address to the post.  post_title is the title
		echo '<h1><a href="'.$key->{"guid"}.'">'.$key->{"post_title"}.'</a></h1>';
		// post content
		echo '<p>';
		the_content();
		echo '</p>';
		echo "</div>";
	}
	echo "</div>";

	// This line was recommended when using get_posts()
	wp_reset_postdata();

I'm not sure what I'm doing wrong.

Thanks for any suggestions.

honza.skypala on "Using "Add Link" dialogue in my own plugin"

August 7, 2014, 8:00 am

≫ Next: queenielow on "Allow user to edit/view/create their own page only"

≪ Previous: djones8520 on "get_posts the_content() problem"

$

0

0

HI,

in my own plugin (in the admin part of the plugin), I would like to use the dialog for adding a link, the one that is normally used in the post editor. Is there a simple way how to use this?

Thx, Honza

queenielow on "Allow user to edit/view/create their own page only"

September 16, 2013, 4:17 am

≫ Next: Serensites on "Scan post for YouTube embed and insert into custom Field"

≪ Previous: honza.skypala on "Using "Add Link" dialogue in my own plugin"

$

0

0

Hi There,

Is there a way without hacking the core to only allow user to edit/view and create their own page in the Dashboard, so they are not able to view other pages that is not created by them?

Serensites on "Scan post for YouTube embed and insert into custom Field"

August 7, 2014, 3:21 pm

≫ Next: Kittyridge on "Custom featured image size on first post only"

≪ Previous: queenielow on "Allow user to edit/view/create their own page only"

$

0

0

Hi,
I am migrating a fairly large wp site and changing themes. The old theme has youtube videos embeded but the new one requires the youtube url to be entered into the custom field.

Can anyone help me out? I can't find a plugin for this.

The custom field's key is 'Iframe' so I need to be able to get from the the current post's content the " http://www.youtube.com/embed/xxxxxxx " (src="www.youtube.com/embed/xxxxxxx") then use it to insert into the the custom field the value "www.youtube.com/embed/xxxxxxx" where the custom field's key=iFrame

Any help or pointer would be very much appreciated.

Kittyridge on "Custom featured image size on first post only"

August 7, 2014, 9:58 pm

≫ Next: AMcCarrick on "Is get_results Already Escaped?"

≪ Previous: Serensites on "Scan post for YouTube embed and insert into custom Field"

$

0

0

Can anyone provide a function to specify the featured image size for the first (most recent) post only? The featured image size needs to be untouched for all the other posts. Only the first post in the loop on page 1 needs a special featured image size. Below was my very lame attempt at it, which not surprisingly did not work:

if (have_posts() and has_post_thumbnail()) :
$post = $posts[0]; $c=0;
while (have_posts()) : the_post();
$c++;
if( !$paged && $c == 1) :
the_post_thumbnail('full');
endif;
endwhile;
php endif;

Any help appreciated as this is obviously over my head.

---

AMcCarrick on "Is get_results Already Escaped?"

August 7, 2014, 8:22 pm

≫ Next: bigmike7801 on "How to structure WordPress plugin to display data from API"

≪ Previous: Kittyridge on "Custom featured image size on first post only"

$

0

0

Question regarding the get_results method on the wpdb class...

Is the query entered into the get_result method escaped by get_results or should I be placing a call to the prepare method inside of get_results?

$wpdb->get_results($sql);

or

$wpdb->get_results($wpdb->prepare($sql));

Digging through the wpdb class file it seems like no, but would like some assurance.

bigmike7801 on "How to structure WordPress plugin to display data from API"

August 7, 2014, 9:26 pm

≫ Next: queengab on "Manage image problems after migration from wordpress.com to self-hosted blog"

≪ Previous: AMcCarrick on "Is get_results Already Escaped?"

$

0

0

I am creating a plugin that connects to a remote API that has car listings and displays the data that's returned in that call.

The plugin essentially does not need to interact with the WordPress database at all.

I already know I can use things like wp_remote_get, file_get_contents and file_get_contents to retrieve that data.

My problem is that I'm not sure if I should be creating a plugin for this or just shortcodes or page-templates or what.

I want the urls to look like

`example.com/cars/ //Cars listing results
example.com/cars/2 //Page 2 of Cars listing results
example.com/cars/?doors=4&engine=v8 //Search parameters for Cars listing results
example.com/car/1234 //Car info page 1234 is the car_id`

I was thinking I could create pages in WordPress called cars and car and then create custom shortcodes that would hook into some functions I build to interact with the API, but for some reason that doesn't seem like the best idea to me.

Can anyone recommend a better structure for setting this up?

queengab on "Manage image problems after migration from wordpress.com to self-hosted blog"

August 8, 2014, 8:18 am

≫ Next: queengab on "Modify comment form"

≪ Previous: bigmike7801 on "How to structure WordPress plugin to display data from API"

$

0

0

Hi to all,

how are you? It's a very long time i don't post on wordpress forum.
I have some question and some suggestions for all about the migration from a blog on wordpress.com to a self-hosted wp site.

I'm migrating a blog with very large number of images (2500!).
I create new istance of wp on my host, i installed all plugins that i need (without installing jetpack) and then i create a export file from wordpress.com blog.

I imported it to my blog (i create first developer instance and not directly on production). I checked all options and also check donwload all images and then import on new site.

Onb my hosting aruba perhaps i think i have some problems and i had to click on import many times on the same files to upload all images and posts...

All goes ok!

Posts are perferct and images are displayed on media manager.
But there some problems after migration.

Images are now unatacched (2300 on 2500) with posts. And naturally all refers of links and tags fro my old blog are different.

I resolve the problems of the wrong links with a plugin "Real time find and replace". I've searched for wrong path and i correct it perfect!

For images, i discovered too late this plugin "https://wordpress.org/plugins/media-tools/screenshots/" that import images from posts.

All images and galleries on my site are ok and the paths are correcct but i don't know if there are some problems without reassociate all images with posts.
Exist a tool that scan my posts and automatically re-associate all my images?

Or there are some filter fro media manager that help my self?

Thanks for all!
Gabriele

queengab on "Modify comment form"

August 8, 2014, 8:20 am

≫ Next: dgomez1 on "Adding HTML to Post not Possible - Can't click "Text""

≪ Previous: queengab on "Manage image problems after migration from wordpress.com to self-hosted blog"

$

0

0

Hi to all,

i have another little question for you!
I'd like transform my comment form like jetpack comment plugin.

How can i do?
How can i have a form only with the field leave a reply and deleting all others fields?

Thanks
Gabriele

dgomez1 on "Adding HTML to Post not Possible - Can't click "Text""

August 8, 2014, 5:50 pm

≫ Next: xennex81 on "Anti-spam registrations"

≪ Previous: queengab on "Modify comment form"

$

0

0

I am trying to add a Bootstrap template to a single page of my Wordpress site. However, when using the VISUAL EDITOR, I am not able to click on the TEXT editor in order to add the appropriate HTML.

How could I circumvent this method and insert HTML another way?
All answers welcome

xennex81 on "Anti-spam registrations"

May 5, 2014, 1:59 pm

≫ Next: danhoat on "retrieve_password for customizer"

≪ Previous: dgomez1 on "Adding HTML to Post not Possible - Can't click "Text""

$

0

0

Hey I'm just curious...

I opened up registrations on my live beta site, and immediately started receiving a (few) spam registrations.

Now I know that there are plugins that can guard against it, but I wonder if it would not be more effective to just mess with the code myself in a way that no plugin would do.

The way I see it there are only two ways a spammer can find the registration url

- it just assumes wp-login.php?action=register will do the trick
- it is going to parse the html for anything that resembles a hyperlink labeled "Register" or anything of the kind, and then follow that.

I changed the "register" action to "register-strange" to see if that would do the trick, but I had one more spam registration tonight. I have to rule out one more thing, ... alright the whole site should have only one link to the registration page left.

Anyone who can find the registration form will be able to parse it, recognise it, and use it.

But they have to follow the link called "Criminals enter here" :P.

Well, I'll have to see for the coming days. I guess the spambots are using a million different techniques. Even the name of the PHP file is a hint to follow that link...

I wonder, I wo-wo-wo-wo-wonder....

danhoat on "retrieve_password for customizer"

August 8, 2014, 9:14 pm

≫ Next: dannydanny on "Google Webmaster Errors -- Theme Twenty Twelve"

≪ Previous: xennex81 on "Anti-spam registrations"

$

0

0

Hi WordPress,
In my site has form lost password and retrieve password, but i can not reuse the function retrieve_password().
Also, This function related to security and i think it will be change for each update security,
If i copy and create new function, it will don't take effect for security too.
Please move this function into wp-includes/user.php to developer theme can reuse.

Sorry for the pad english.
Thanks.

---

dannydanny on "Google Webmaster Errors -- Theme Twenty Twelve"

July 26, 2014, 1:38 am

≫ Next: Sandeep "The Shawn" Tripathy on "Conditional Tags on User or User Role/Type"

≪ Previous: danhoat on "retrieve_password for customizer"

$

0

0

Part 1 (part 2 below)

I'm using the theme Twenty Twelve and I have searched high and low across the Internet for the solution to my problem. I'm getting this error in google webmaster tools:

Error: Missing required field "updated".
Error: Missing required hCard "author".

My site is a site with hundreds of static PAGES, not posts. I do have a blog that goes along with the site, but I don't even have those posts indexed. I only care about the pages.

I have implemented the "entry-date updated" fix I've seen all over the place in the functions.php file (line 375; latest version of Twenty Tweleve; version 1.4). I still am getting the errors for all my static pages.

I have the message that authorship is working for the page.

However, in the "extracted structured data" section, I get the above-mentioned errors for all my site's pages.

As I said, I have authorship working. My google+ account is successfully linked with my site.

So, is there any obvious, simple fix to this problem that I'm missing?

Any help would be appreciated. I know there are multiple posts about this on the Internet and on these forums, but I can't find the fix for my specific problem.

My site: http://truthsaves.org/

Part 2 (a few days later)
I'm still working on the problem. Any assistance would be greatly appreciated. I've solved half of it.

I found this line in the content-page.php file:

<h1 class="entry-title"><?php the_title(); ?></h1>

and I changed it to this:

<h1 class="entry-title updated"><?php the_title(); ?></h1>

I just added the word updated.

Now the updated error that I posted in my original post is gone. Remember this is for the theme "twenty twelve" pages, not posts.

I still have the following error and not even sure it can be fixed! I'm sure it can. But maybe twenty twelve doesn't have any support for author markup in pages. I don't know.

Error: Missing required hCard "author".

Any help? Would love it if someone could help.

Sandeep "The Shawn" Tripathy on "Conditional Tags on User or User Role/Type"

August 9, 2014, 1:48 am

≫ Next: adams_000 on "my files gets leaked"

≪ Previous: dannydanny on "Google Webmaster Errors -- Theme Twenty Twelve"

$

0

0

I am trying to check if the logged in user is the same as the author who created the post/apge. If this results in true then I want to display some text, if not something else. for now I'm using :

[ Moderator note: code fixed. Please wrap code in the backtick character or use the code button. ]

<?php if(is_user_logged_in() == the_author() ) : ?>
  <p>You wrote this post</p>
<?php else: ?>
  <p>You didn't write this post</p>
<?php endif ?>

I also want to use the above to check the user role.
Turns out, it nothing works.
Help appreciated.

adams_000 on "my files gets leaked"

August 9, 2014, 4:00 am

≫ Next: rezahashemian on "user sign up time"

≪ Previous: Sandeep "The Shawn" Tripathy on "Conditional Tags on User or User Role/Type"

$

0

0

Hello Everyone, I need your help. I run my website on wordpress which is about my ebooks. But unfortunatley hackers are able to download those ebooks without going through legal steps I.e making payment. they find my files on WP-contents and some times they are able to find my website registration link. Please tell me how can I make them secure by hiding my ebooks from wp-content and how to hide my registration link or at least only those can be able who has made payment. Thank you

rezahashemian on "user sign up time"

August 8, 2014, 10:31 pm

≫ Next: Josefward on "How to get feed url in wordpress blogs?"

≪ Previous: adams_000 on "my files gets leaked"

$

0

0

hi
i need the hack that show user sign up time

Josefward on "How to get feed url in wordpress blogs?"

August 9, 2014, 10:33 am

≫ Next: wildmank on "Release 3.9.2"

≪ Previous: rezahashemian on "user sign up time"

$

0

0

Please How to get feed url in wordpress blogs ?