This post relates to WordPress and CIMY User Extra Fields. I do not think you need a knowledge of the latter to help with this problem, as it seems to be a WordPress issue more than anything.
CIMY User Extra Fields is a plugin that allows registered users to have much more information in their profiles. You can add as many fields as you want. You then have to edit "author.php" to pull in the new information.
I am currently using the following code to pull in the new user profile fields:
<?php if (have_posts()) { $flag = true; while (have_posts()) { the_post();
if ($flag) { $value = get_cimyFieldValue(get_the_author_ID(), 'dj-name');
if ($value != NULL) echo "<p><strong>Staff Bio: </strong>" . cimy_uef_sanitize_content($value);
echo "</p>";
$flag = false; }}}?>
The issue is this. Some of my users have 0 posts and this code will only pull the extra field content for the user if that have 1 post or more. This is due to the "if (have_posts())" function I suspect. Is there someway to modify the code to display the information even if the user has 0 posts?
Thanks
Zach
If it's not a need that a user must have a post to have CIMY values stored (which I assume), you just don't need to check for post-count > 0. You probably have copied that chunk of code over from a post template.
The following example just takes the value, and if it is set, will do the output via echo:
<?php
$authorID = get_the_author_meta('ID');
$value = get_cimyFieldValue($authorID, 'dj-name');
if (!empty($value))
echo '<p><strong>Staff Bio: </strong>'
, cimy_uef_sanitize_content($value)
, '</p>'
;
?>
Related
I have a custom field in WordPress called listing-two. listing-two is a simple repeater field which allows you to add another item to a list.
Since a list may have x amount of listings, what is the best way to retrieve the data from that field? At the moment I have
'listingTwo'=> get_field('listing-two')
Which will not work since there are multiple fields?
I've seen the AFC documentation to get an idea of how to get data, but none of them seem to work?
Edit:
I'm thinking the best way to go about this is via a for loop? I've tried the following, still not pulling anything through:
$textareaTwo = get_sub_field("listing-two");
if ($textareaTwo && count($textareaTwo)>0){
foreach ($textareaTwo as $textareaTwos){
$res = get_post($textareaTwos);
echo'Test'.$res;
}
}
Repeater field structure:
Field name: listing-two -> Has a sub field, with the field name list_item
Try this,
if(get_field('listing_two')){
$lists = get_field('listing_two');
foreach($lists as $list){
echo $list;
}
}
below is the code by which you can get all fields within listing_two
<?php if( have_rows('listing_two') ):
while( have_rows('listing_two') ): the_row();
// vars
$sub_field1 = get_sub_field('sub_field1');
$sub_field2 = get_sub_field('sub_field2');
$sub_field3 = get_sub_field('sub_field3');
echo $sub_field1;
echo $sub_field2;
echo $sub_field3;
endwhile;
endif; ?>
I've seen a solution here that I, quite frankly, don't understand.
On the administration side of a website I'm working on, an administrator can edit blog posts. When the administrator goes to the page to edit the blog post, it also displays all of the comments on that post. Instead of adding a new table for each new blog post which contains comments, I simply created one table which holds all the information for the blog post, including a column for the comments.
Comments and comment-content is delimited. I.E. internally, a blog post comment column would look similar to this...
Name:Content:Email>Name2:Content2:Email
Etc.
This is how I display the comments on the admin page:
$post_query = "SELECT * FROM `$blog_table` WHERE id=$identifier";
$post_result = $connection->query($post_query);
$post = $post_result->fetch_assoc();
$comments_value = $post["comments"];
$original_comments_array = explode(">", $comments_value);
$comments_array = [];
foreach($original_comments_array as $comment) {
$individual_comment_array = explode(":", $comment);
$comments_array[] = $individual_comment_array;
}
foreach($comments_array as $index=>$comment) {
if ($comment_deletions_array[$index] === $index) {
$checked = "checked";
}
echo '<div class="content-border comment-margin"><span class="comment-name">';
echo $comment[0];
echo '</span><br /><p class="comment-content">';
echo $comment[1];
echo '<br /></p>';
echo $comment[2];
echo '<br /><br /><input name="comment_deletions[]" type="checkbox" value="' . $index . '" ' . $checked . '/> Delete This Comment';
echo '</div>';
}
As you may have noticed from the code above, each comment renders with its own checkbox input, the value of which is determined by the index.
Each checkbox shares the same name. I get all the values of the checkboxes like this:
$comment_deletions_array = $_POST["comment_deletions"];
In the snippet I provided earlier, there is an if statement within the foreach loop which determines if the comment was marked for deletion, and if so checks the check box. (This function is to replace the user's input if there was an error.)
The problem is that the indexes do not line up. If there is a checkbox which is not checked, it does not return false or null or anything of the sort to the $comment_deletions_array rather the array is just populated by value of the next input which WAS checked.
Is there a way I can return a value if the checkbox is not checked in order to maintain the correct index?
How can we hide the list of fields audited to the regular user,but to admin the list of audited fields are need to visible,
the following line need to hide for the regular user and only admin be able to see the below line
Fields audited in this module: name, title, etc
I am using sugarcrm ce 6.5.x
I'm understanding your question as "when a Regular User views the Audit history, he or she should not see the list of fields that are audited. System Administrators can still see this list. All Users should still see the actual audit/history table." If that's correct, here is my advice:
The list (and popup itself) is handled and generated in modules/Audit/Popup_picker.php so you would start by reviewing the code there.
It seems to me that the two lines below are responsible for displaying this output:
echo $start_tag.translate('LBL_AUDITED_FIELDS', 'Audit').$fields.$end_tag; (on/around line 139)
echo $start_tag.translate('LBL_AUDITED_FIELDS', 'Audit').$end_tag; (on/around line 143)
With that code found, I would copy the file modules/Audit/Popup_picker.php to custom/modules/Audit/Popup_picker.php and make adjustments to add a check like if(is_admin($GLOBALS['current_user']) into the code. If you used this as an extra condition, you might get something like the following, note that my changes are annotated by a <-- in the PHP comment, and that I cleaned up some indentation and white space):
if($field_count > 0 && is_admin($GLOBALS['current_user'])) // <-- Added Admin-Check Condition
{
$index = 0;
foreach($audited_fields as $key=>$value)
{
$index++;
$vname = '';
if(isset($value['vname']))
$vname = $value['vname'];
else if(isset($value['label']))
$vname = $value['label'];
$fields .= str_replace(':', '', translate($vname, $focus->module_dir));
if($index < $field_count)
{
$fields .= ", ";
}
}
echo $start_tag.translate('LBL_AUDITED_FIELDS', 'Audit').$fields.$end_tag;
} elseif(is_admin($GLOBALS['current_user'])) { // <-- changed ELSE to ELSEIF and added Admin-Check Condition
echo $start_tag.translate('LBL_AUDITED_FIELDS', 'Audit').$end_tag;
} else { // added new ELSE statement
echo $start_tag.$end_tag; // <-- Regular users shouldn't see the message at all so render the empty table
}
I haven't ran and tested this code but I expect that this will give you a good strategy to dig in and create the customization yourself.
I have two MySQL tables. The first one is for the user's credentials i.e. username, password, business_id (system generated). The second one has the user's profile for multiple entities e.g. business name, location, profile_id and business id (system genrated - the same number for the business_id).
The user can edit the details of their business details i.e. their details in the second table. The business id would be say 'abcdef' and profile id would be say 1234567, if they have a second business profile it would be say 1235879.
In order to edit each profile I would have to have the following URL
Edit Business Profile
For the second one it would be
Edit Business Profile
In turn when the a href is clicked the url in the browser would be edit_profile.php?id=1234567 and for the second one would be edit_profile.php?id=1235879
Would it be possible that instead of having edit_profile.php?id=1234567 and edit_profile.php?id=1235879 in the URL I would have edit_profile.php?id=1234567 and for the second one would be edit_profile.php
I don't want the User to see the id i.e. have only edit_profile.php
Ideally, I would like to use a PHP solution, please.
Yes, it is possible, but not exactly what are you trying to do
Solution #1
Intoduction
First of all, it should work only on users who are currently logged in and are trying to see their profile. The final results to reach is to not display ID in URL if ID is equal to current logged user's ID. It is more common than Solution #2 but if you want to hide all IDs, skip this solution.
Pluses:
There is not too much to change, just add a few more lines for checking current user ID
You can still use <a></a> tags for Edit Business Profile links.
Minuses:
Only current logged user's ID will be hidden in the URL
So what to do...
You probably use sessions to let users remain logged in even if they refreshed the page. You are on the right path, but you should add at least one more element to $_SESSION (Profile identification, so we can call it as profile_id for example).
Assume you are using this login formula:
function check_login($username, $password)
{
// query to find user with these inputs (encrypted password, prepared statements, etc)
if($query->num_rows > 0) // user exists
{
// fetch your query
// ...
session_start();
// set the session probably user is logged
// some return on success (probably redirect)
}
else
{
// some return on false
}
}
Now you should add one more $_SESSION element to save your current profile_id value:
session_start();
// ...
$_SESSION['profile_id'] = $result->profile_id; // <--- THIS IMPLEMENT
// some return on success (probably redirect)
1/2 is done!
Half of the problem is already finished, now all you need to do is compare $_GET input with $_SESSION.
Again, assuming your edit_profile.php file looks like this:
if(isset($_GET['id']) && !empty(trim($_GET['id'])))
{
$profile_id = intval($_GET['id']);
// ...
}
else
{
// probably an error profile id is not defined
}
// rest of the code ...
So now instead of error profile id is not defined we can assign to $profile_id variable index profile_id of superglobal $_SESSION:
else
{
$profile_id = intval($_SESSION['profile_id']);
}
Notice that I am assuming you have condition to reject access to this script, if user is not logged (some condition at the start).
Now your code should work but maybe you are asking the question what if user knows his ID and types it into URL?
So you have two choices:
Let it be as it is
Add condition to check if $_GET['id'] equals to $_SESSION['profile_id'] then redirect to edit_profile.php
Final thoughts...
Maybe if you are generating the list of the users, where the user can edit the others' users profiles including himself's, you want to remove id parameter of the edit_profile.php URL if the user's ID is equal to current ID in fetch loop. You can inspire by this simple function:
function generate_profile_edit_url($id)
{
session_start(); // for the case, you don't have started session yet
return 'Edit Business Profile';
}
Just in every fetch iteration you will use this function, like in the example below:
// ...
echo generate_profile_edit_url($result->profile_id);
// ...
Solution #2
Introduction
This solution will reach to the editing user's profile without any ID parameter in URL. It is designed for situation where user has rights to edit someone else's profile (for example, a moderator or an admin) and you still don't want to have the users' ID in the URL.
Pluses:
No ID parameter in URL needed for all users
Minuses:
you have to change every profile link to little form using POST action without JavaScript knowledge
no more <a></a> links for profile edit, again without JavaScript knowledge
users are still able to get their id if they want to
So what to do...
Firstly, we need to change edit_profile.php file. We have to recieve $_POST data containing target's profile_id.
Like in Solution #1, assume your edit_profile.php looks like:
if(isSet($_GET['id']) && !empty(trim($_GET['id'])))
{
$profile_id = intval($_GET['id']);
// ...
}
else
{
// probably an error profile id is not defined
}
// rest of the code ...
Most of the changes will be just replacing $_GET with $_POST:
if(isSet($_POST['profile_id']) && !empty(trim($_POST['profile_id'])))
{
$profile_id = intval($_POST['profile_id']);
// ...
}
else
{
// probably an error profile id is not defined
}
// rest of the code ...
For this file, it is enough.
Now there is some more work to do if you have a placed profile links in different files. But we can make it easier using one simple function like this:
function get_profile_edit_button($profile_id)
{
$html = '<form action="edit_profile" method="POST">';
$html .= '<input type="hidden" name="profile_id" value="' . intval($profile_id) . '">';
$html .= '<input type="submit" value="Edit Business profile">';
$html .= '</form>';
return $html;
}
The last thing is replace current edit profile links with this function. For example you have fetch loop of users:
// ...
echo 'Edit Business Profile';
// ...
So you will replace this string with your function get_profile_edit_button():
// ...
echo get_profile_edit_button($result->profile_id);
// ...
Final thoughts...
As I mentioned in minuses, profiles' ids cannot be totally hidden. If someone opened Source code of your page, he can see profile_id in hidden form type:
<input type="hidden" name="profile_id" value="1234567">
It is only on you what solution you prefer, but I can recommend you Solution #1. There is nothing bad about having IDs in URL. Stack Overflow has it too as you can see it on questions, answers, comments and users.
Useful resources:
PHP Session Security
PHP form token usage and handling
When logging in, try saving the user ID and business ID inside session.
As for example..
$logged_in = some_logic_stuffs();
if($logged_in){
session_start();
$_SESSION['user_id'] = SOME_ID_FETCHED_FROM_LOGIN_LOGIC;
$_SESSION['business_id'] = SOME_ID_FETCHED_FROM_LOGIN_LOGIC;
}
Now, when user goes to edit_profile.php, do
session_start();
$business_id = $_SESSION['business_id'];
$user_id = $_SESSION['business_id'];
For the login logic, try reading this tutorial:
http://www.formget.com/login-form-in-php/
If the user can edit multiple business profiles, the $_SESSION solutions would not work. You would need to disguise what gets sent to the address bar:
You would need to change your code to POST the data rather than sending it as a GET request.
To do this you could either use JavaScript to fake a form post on the link click, or wrap your link in a form tag and set method="POST".
POST sends the data "behind the scenes" rather than exposing it in the browser. I should add that this would still be visible to anyone wanting to discover your IDs, but it would hide it from the casual user at least.
If you really wanted security, #BobBrown's suggestion to tokenise would be a great way forward. You may find, however, that just hiding the ID from display on-screen is enough. Just make sure your user management system will restrict who can edit a particular business.
Try this
<?php
session_start();
include('dbconnect.php');
if(isset($_SESSION['username']))
{
$username = $_SESSION['username'];
$userid = $_SESSION['id'];
}
else
{
$_SESSION['id'] = "";
$_SESSION['username'] = "";
}
if($username <> "")
{
$username = 'username';
$userid = 'id';
}
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 900))
{
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
?>
then
<?php
#if the form is set (meaning that the information was submitted then define what the parameters are for each
if(isset($_REQUEST['username']) == TRUE)
{
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
#make sure there are no blank fields
if($username == "" OR $password == "")
{
echo '<p class="text-danger">Please enter a Username and Password</p>';
}
else
{
$userid = finduser($username, $password);
if($userid > 0)
{
loginuser($userid);
}
else
{
echo '<p class="lead text-danger">The Username and/or Password enter is incorrect</p><br />';
}
}
}
?>
after that then this
<?php
if(isset($_SESSION['username']))
{
if($_SESSION['username'] <> "")
{
//do something
}
else{
//form or something else
?>
<form>form goes here</form>
<p> or something else you want</p>
<?php
}
}
?>
Start your PHP with session_start(); then when the user logs in make a session value for the ID:
$_SESSION['profile-id'] = 1235879; //Select it from database
after in your edit_profile.php do that:
if (!isset($id)) {
$id = $_SESSION['profile-id'];
}
And then edit the $id.
Store the id in session on the first page:
$_SESSION['id'] = 12345;
And on edit_profile.php you can get the value by:
$id = $_SESSION['id'];
And start the session on every page by session_start();
Easiest and simplest way to handle your situation if you want to use Id or any information in URL and pass it through URL
then you can have a scret combination with your values like below
Firt you have to encode the value with your secret stuff for example
$sshhh="ITSMY_SECRET_VALUECODE";
$encrypted_id = base64_encode($your_value . $sshhh);
Then pass it (encrpyted_id) in URL
for example href="all-jvouchers.php?id=<?= $encrypted_id; ?>
and while getting value use below code to get back your value
$sshhh="ITSMY_SECRET_VALUECODE";
$decrypted_id_raw = base64_decode($_GET['id']);
$decrypted_id = preg_replace(sprintf('/%s/', $sshhh), '', $decrypted_id_raw);
Use $decrypted_id wherever and however you want to securely
I have a page that has 39 check boxes. The check boxes in my example resemble form names. My problem is that with 39 check boxes I need a way to store what forms were given to a student. Currently what I have set up is that each form is separated with a comma and a quote so that when a report is run the Administrator can use a CSV download option and group which forms a student has received. This works but is very rudimentary and also gives a bad side affect that before each form name a / is present because mysql escapes quotes.
This is what I currently have :
if ($this->input->post('action') == 'additional') {
$givenforms = "";
foreach ($this->input->post('form') as $forms) {
$givenforms .= ', "' . $forms . '"';
}
$comments = 'This student was given' . $givenforms . '';
if (($this->input->post('action') == 'additional') && ($this->input->post('other') == 'OTHER')) {
$comments .= ', '.$this->input->post('counselorcomments');
}
}
Again in the database the results will look like : This student was given "xyz", "eoe", "wwo",
Pretty much I just need ideas on how to store which forms a student was given, and if needed if all 39 forms are given to a student I need to store all forms the student was given for later reporting. (even though 39 forms wont be given)
Sounds like you need a one:many relationship between students and forms. Might want to do a little research on that topic.
I consider it generally to be pretty poor form to store comma separated values in a single field in a database, if you're doing that, it's almost always a sign that you need (at least) another table.
An hour or two of refactoring what I had with the CSV paid off quite well. I am very very pleased with the reporting/analytical possibilities of the knew information and the way I got it stored now.
Couple snippets of code for any one else looking into doing something like this! :
if ($this->form_validation->run() == FALSE) { // This stuff is self explanatory RT(F)M if you will :)
$this->cont();
} else {
$this->load->model('queue_model'); // Load model
$session = $this->uri->segment(3); // Gets the session id
$counselor = $this->session->userdata('username'); // I get counsellor names from the username they log in by joining between the two tables
if ($this->input->post('action') == 'Additional') { // If additional forms is checked do the following
foreach ($this->input->post('form') as $form_id) { // for each form submitted take the session Id from above and insert it into the table forms with the foreach $form_id variable
$this->queue_model->forms($session, $form_id);
}
if (($this->input->post('action') == 'Additional') && ($this->input->post('addother') == 'addotherinfo')) { // If forms were submitted and a addotherinfo was [checked] add comments
$comments = ''.$this->input->post('action'). ' - '.$this->input->post('counselorcomments').'';
} else {
$comments = $this->input->post('action');
}
}
Also adding in a forms table (with the ID's and form names) allowed me to dynamically make the check boxes like so :
<?php
foreach ($elevennine as $form) { ?>
<label id="form"><input type="checkbox" name="form[]" value="<?php echo $form['form_id'] ?>" <?php echo set_checkbox('form', $form['form_id']) ?>><?php echo $form['forms'] ?></label>
<?php }
?>
Thanks for all the great ideas!