We've integrated MediaWiki with our website and wish to block/hide the editing of some fields in the Special:Preferences page so these cannot be changed by users.
Specifically: we don't want users to be able to change their email and language.
Thanks
Add a hook and unset the relevant fields. See: http://www.mediawiki.org/wiki/Manual:Hooks/GetPreferences
public static function onGetPreferences(User $user, array &$preferences ) {
unset($preferences['language']);
}
$wgHooks['GetPreferences'][] = 'MyHooks::onGetPreferences';
Related
I have user named MyNiCkNaMe in my MediaWiki and in table user I see user_name=MyNiCkNaMe but on MediaWiki pages I see it as Mynickname is there any way to display it same as in db?
In LocalSettings.php include the line
$wgRestrictDisplayTitle = false;
Then on the user page use the magic word/parser function DISPLAYTITLE
{{DISPLAYTITLE:User:MyNiCkNaMe}}
In skins/Vector.php I can hide toolbox from logged out user
by adding
global $wgUser;
then
case 'TOOLBOX':
if ( $wgUser->isLoggedIn() ) {
$this->renderPortal( 'tb', $this->getToolbox(), 'toolbox', 'SkinTemplateToolboxEnd' );
}
but User::isSysop() and similar are deprecated. It is recommended to use $user->isAllowed instead to specify a right, but how do I use this to specify the admin and bureaucrat group? Should I use some other function?
MediaWiki 1.22.2
PHP 5.3.6-13ubuntu3.10 (apache2handler)
MySQL 5.1.69-0ubuntu0.11.10.1-log
User::isAllowed() asks for a permission to do something, not for a user group (which leaves it up to the wiki admin to assign different rights to different user groups). In your case, you would want a new user permission, “see-toolbar”,or something like that, that you assign to e.g. the sysop user group in LocalSettings.php:
$wgGroupPermissions['sysop']['see-toolbar'] = true;
Your extension will also have to add the right to the list of available rights: $wgAvailableRights[] = 'see-toolbar';
Finally, you will ask for the permission like this:
if ( $user->isAllowed('see-toolbar') ) {
print toolbar here
}
More info on how to set user rights: https://www.mediawiki.org/wiki/Manual:User_rightser
Other extensions adding user rights: https://www.mediawiki.org/wiki/Category:Extensions_which_add_rights
Be aware that any user will still be able to bypass this restriction in a number of ways, e.g. by switching skin in their settings (or by appending ?useskin=skinname in the url). You probably want to make sure that sidebar caching is switched off too (it is off by default).
Hopefully this question isn't too naive...
I'm attempting to implement The Giving Lab API in order to allow users of my site to donate to charity.
Using a URL such a this:
https://www.thegivinglab.org/api/donation/start?donationtype=0&amount=10&charityid=84ed3c54-6d8c-41c5-8090-f8ec800f45a7&returnurl=mywebsite.com/
the user is directed to the donation page and then returned to the returnURL after the donation has been made.
I want to be able to add how much the user donated to my databases if they successfully complete a payment. Would it be possible to use the returnURL to do this? Ie could I use a returnURL in the form of mywebsite.com?q="amount_donated" and then use this to update my databases?
I can see that this would allow someone to update my databases by just entering the returnURL into their browser.
Is there a generally better method, that removes this problem?
Many thanks.
Dutch banks use a thing called a sha-sign (and they're probally not the first)
All you have to do is add a key which only you can know:
function makeSecureCode($var1, $var2){
$secretCode = 'example';
$secretKey = '';
$secretKey.= $var1 . $secretCode;
$secretKey.= $var2 . $secretCode;
return sha1($secretKey);
}
Then make the url like this: ?var1=foo&var2=bar&key=5e8b73da0b20481c1b4a285fb756958e4faa7ff1
And when you process the code after payment, makeSecureCode( $_GET['var1'], $_GET['var2']) should be equal to $_GET['key']. If not, someone changed it.
This is a simplefied version with only two vars. You can make it have more input arguments, or an array, whichever you prefer.
I am absolute beginner to drupal.
I have added a contact form (using Webform module).
Now I want to save the data entered in the form. But I am lost. I have searched over internet, found db_query() is used to query database.
But I dont know where to write the php code. Please help me or if you know any link,please give me.
The tables you'll be most interested in are webform, webform_submissions, webform_submitted_data and webform_component. Have a look at those tables and it becomes very obvious how they're linked together.
You'll want to look at the Drupal 7 Database API to learn how to use the query system but here's an example to get you going:
/* Get a list of all submissions from webform for the node with ID (`nid`) of 1 */
$nid = 1;
$submissions = db_select('webform_submissions', 'ws')
->fields('ws')
->condition('nid', $nid)
->execute();
/* If you want to use db_query and a plain old SQL statement instead you'd do it like this:
$submissions = db_query('SELECT * FROM webform_submissions WHERE nid = :nid', array('nid' => $nid)); */
/* Loop through the submissions and load up the submitted data for each */
$submission_data = array();
foreach ($submissions as $submission) {
$query = db_select('webform_submitted_data', 'wsa')
->fields('wc', array('name'))
->fields('wsa', array('data'))
->condition('sid', $submission->sid);
/* Join in the component table to get the element label */
$query->join('webform_component', 'wc', 'wc.nid = wsa.nid AND wc.sid = wsa.cid');
$submission_data[] = $query->execute()->fetchAllKeyed();
}
At the end of that code you'll have an array ($submission_data), which contains a list of arrays of submission data for the provided node. Each of those arrays' items has a key of the component label, and a value of the submitted user value.
Hope that helps
It's worth noting that for most normal use cases you'll never need to look at the databases or do any kind of coding. The UI allows you to view submissions of a form (and see what was submitted). You can also configure the Webform to send you a copy of each submission (via email)... There is a lot you can do without "looking under the hood" or messing with the database in any way.
If you are really new to Drupal and Webforms, I just thought I'd point that out. There are a lot of tabs in the UI which might easily be overlooked.
Webform has Views support, so you probably don't really need to write database queries to generate the report you want.
I'm currently trying to override Wordpress' wp_authenticate function (without modifying the core files, mainly pluggable.php), however I'm not sure if I'm going about it the correct way. There are two great references (see below), but they don't explicitly state what to do in order to prevent the login provided certain criteria are met.
In short, I'm trying to prevent registered users who have not activated their account. I've already implemented creating a user with a md5 unique id in the usermeta table (attached to their user id). I'm basically trying to check for that "activation_key' value in the usermeta table on login, if a value exists, I want to prevent the login from occurring.
The authenticate filter seems to be exactly what I need but after modifying it and placing it into my functions.php file, it doesn't seem to work! Login occurs per usual.
References:
How do I hook into the Wordpress login system to stop some users programmatically?
http://willnorris.com/2009/03/authentication-in-wordpress-28
I actually found a work around.
Using a custom form you can log into Wordpress using the wp_signon function.
var $creds = array();
$creds['user_login'] = 'example';
$creds['user_password'] = 'plaintextpw';
$creds['remember'] = true;
//check if user has an activation key in the usermeta table
$user = get_userdatabylogin($creds['user_login']);
if(get_usermeta($user->ID,'activation_key')) {
} else {
$procLogin = wp_signon( $creds, false );
if ( is_wp_error($procLogin) ) {
echo $user->get_error_message();
}
echo 'success!';
}
hope this helps someone out there