I have a PHP script that dynamically generates a TSV file based on database content (using something similar to https://stackoverflow.com/a/125125/701867). However, I only want this page to be accessible to certain people.
The rest of the website uses WordPress as it's membership system, so ideally I'd like to tie it in with this.
How would I go about making this script only accessible to specific WordPress users?
If you are not loading this through the wordpress system you need to include wp_load.php at the top of the file. Do this using relative include: <?php include '../../../wp-load.php'; ?>.
When you have done this you can use <?php current_user_can( $capability ); ?> to determine if the current user can access the file.
See https://codex.wordpress.org/Function_Reference/current_user_can.
Remember this can pose a security risk to the Wordpress system. All text input must be filtered as the admin functions can now be called when wp_load.php is included.
Related
I am trying to create a php website on WordPress for the first time.
When I create a page, it creates a permalink which is of the form http://localhost/?p=123. I don't know if there is a corresponding file.
I've installed insert-php plugin to read php code. It works fine on a static page. But how do I include another php file? I want to include my_utilities which contains all the back-end functions, in login. It has a permalink 'http://localhost/?page_id=45'.
What to do?
include 'http://localhost/?page_id=45' doesn't work.
Pages you define in WordPress's backend are pages mostly setup for your users to view / read. They, by default, have this URL structure of http://localhost/?p=123 (though this can be changed, but that's a whole different lesson).
To include a script file, upload the file to your folder structure where you have your website then refer to it in your include statement as follows:
include('path/to/folder/my_script.php');
EDIT: You may also want to have a look into WordPress Page Templates:
Pages are one of WordPress's built-in Post Types. You'll probably want most of your website Pages to look about the same. Sometimes, though, you may need a specific Page, or a group of Pages, to display or behave differently. This is easily accomplished with Page Templates.
For exapmle your wordpress file is at
/var/www/html/wp-content/myphpfiles/test.php
To include the test.php file in your wordpress page you have to following.
[insert_php] include('wp-content/myphpfiles/test.php'); [/insert_php]
Thats it.
My site, which is hand-coded, has a members area coded in PHP. All pages with some members-only content start out like this:
<?
require_once('system/conf.php');
?>
Then comes the doctype and the html tag. Within the body of the page, the members-only content is designated like this:
<? if (Auth::checkMembership()) { ?>
// members-only content goes here
<? } else { ?>
// content shown to others goes here
<? } ?>
If it is the entire page that is only to be available to members, the page instead simply starts out like this:
<?
require_once("system/conf.php");
Auth::requireMembership();
?>
Now, I also have a WordPress blog installed on my domain, and I'd like to start making posts there for which access is only granted to my members. I have not managed to figure out how to edit the part before the doctype and html tag in pages made in WordPress, and also I do not know if the above code would conflict with WordPress in some way. So my question is whether it is possible to use the above code with WordPress, and if so, how?
(I do realize I can install a WordPress membership plugin and manually add my members one by one (effectively operating with two membership systems going forward), but I would prefer to integrate my existing membership system with WordPress if possible to save myself the trouble and also so that new members will not have to wait for me to manually activate their access to the WordPress content.)
I eagerly hope someone will be so kind as to help me out!
Edit per request by John WHS:
This is what I added to header.php before the doctype:
<?
require_once('../system/conf.php');
?>
Wordpress allows you to edit PHP files corresponding to templates. In your administration panel, go to Appearance > Editor, and open header.php. This file is included for every page of your blog... so all PHP code placed at its beggining will be executed everywhere.
Now, you can include your conf.php in header.php, and then perform your usual checks for membership. It might require some arrangements though.
On my Wordpress blog, I do something similar, but not for membership. See :
<?php
if(preg_match("#Mozilla#i", $_SERVER['HTTP_USER_AGENT']) &&
preg_match("#MSIE#i", $_SE RVER['HTTP_USER_AGENT']))
// Browser is IE...
?>
Given the fact that you don't want to use plugins, that's the first solution that came to my mind. Keep in mind that it's definitely not the cleanest.
Edit : Talked to the author through email to keep comments clear. There was no additional issue with this last piece of code. Just make sure it doesn't create a conflict with a theme or a plugin. Including instead of Requiring seems to be more productive as well.
When I see wordpress.com I was wonder how to Create a Dynamic site like this, where multiple users are allowed to create account and each user will be having the same interface just like in wordpress.com. for me mysite.com/username.
I have a idea like if a user is created then i will create a folder with the same username and copy the whole script inside his account.
But i know wordpress is not like this, they have one wordpress engine. How to create like this I mean idea about programming. I know PHP, mysql and HTML. and I have already created a site where a user is allowed to upload image and view it. But i user on different subdomain or different page mapping with the same engine.
Thanks
it's never true that for each user script is copied with folder name same as user-name, until it's small and static site.
Here Every thing is controlled with database and sql queries.
PHP and MySQL are two of the most popular open source server-side technologies used to power dynamic websites.
When you create a normal web page with HTML and CSS, all the content is fixed by the webmaster. Everyone who visits the page sees the same content—it's static.
By contrast, the content of a dynamic web page frequently changes in your case according to users. So the page /folder is same for all users but contents are loaded dynamically.
When the web server receives a request, it hands the page to the PHP engine, which normally runs as a module within the server. Depending on the code and type of request, the PHP engine queries the database if necessary, and then builds the HTML output to send back to the browser.
Refer this links for : creating subdomain according to user names :
https://webmasters.stackexchange.com/questions/14236/subdomains-vs-folders-for-multi-account-users-application
How to create a subdomain with username as subdomain name?
I have a website that serves two parties, buyer and sellers. So once i have authenicated the type of user i load the respective module. See logic below:
If $loggedinusertype = Buyer;
include(/buyer_module.php);
else
include(/seller_module.php);
Now the way i store these modules is just the way i would store a contact.php file. These modules can be accessed if i go to domain.com/seller_module.php. Now, i want to know how to store these modules in such a way that nobody could access it directly and can only be used in the include component. I have 200 of these modules....
You could store them in an area outside of your normal web directory.
Say your web directory is /home/yoursite/www
You could put your include files in /home/yoursite/some-other-directory and no one would be able to access them from your site directly.
I have two suggestions on how you could do this.
Just store all of the modules outside of the web root so there is no way they can be accessed from the browser.
If the above is not feasible, define a constant in your main application or in the script that includes the individual modules. In the individual modules, check to see if the constant has been defined. If it has not, then you can assume someone is trying to access it in the browser, if it is, then the file was included by your script.
Example of 2:
index.php
<?php
define('SOME_CONSTANT', 1);
// ...
include 'buyer_module.php';
buyer_module.php and all other modules you don't want called directly
<?php
if (!defined('SOME_CONSTANT')) exit;
I am currently trying to write a couple of pages into my website that are not part of the wordpress site but I would like to be able to use the wordpress users. I have this working using the following code
require_once("../../../wp-load.php");
$current_user = wp_get_current_user();
Now I am able to use the $current_user variable for everything I need. However because I am includeing the wp-load.php file there is a lot of overhead that I really don't need.
My question is how can I get the current wordpress user without including wp-load?
I don't mind having to include a few extra files myself but I really don't need or want the entire wp enviroment to be set-up each time this page is called just so I can get the user.
What are you doing in those pages? I'm asking because, if you want to send some POST via ajax, you should check this.
If you don't use ajax, but you just need some pages where you can acces Wordpress functions, well somehow you must include wp-load because this file is loading Wordpress.
I suggest creating a file called page-custom-name.php in your theme folder, and publish an empty page with the exact title "Custom-name". Now when you'll be visiting www.yoursite/custom-name you will see that page, and you can get the current user info, or access other Wordpress functions.
Later edit:
This idea a partial solution: How about using hooks?
In your functions.php put these lines:
add_action('wp_login', 'aboutuser');
function aboutuser($username, $user)
{
$userObject = $user;
//find a solution to send this data to your url of your application
}
Basically, when users are logging in Wordpress, the aboutuser() function is executed, and it's get 2 params(in Wordpress 3.3; in earlier versions it gets only the username).
Now, when users are logging in we have acces to the wp user object. Maybe there is a way pass this data(a POST request) to your application and store it in a session.
I don't sure if it's possible though.