Wordpress Authenticate Filter - wordpress-theming

I'm currently trying to override Wordpress' wp_authenticate function (without modifying the core files, mainly pluggable.php), however I'm not sure if I'm going about it the correct way. There are two great references (see below), but they don't explicitly state what to do in order to prevent the login provided certain criteria are met.
In short, I'm trying to prevent registered users who have not activated their account. I've already implemented creating a user with a md5 unique id in the usermeta table (attached to their user id). I'm basically trying to check for that "activation_key' value in the usermeta table on login, if a value exists, I want to prevent the login from occurring.
The authenticate filter seems to be exactly what I need but after modifying it and placing it into my functions.php file, it doesn't seem to work! Login occurs per usual.
References:
How do I hook into the Wordpress login system to stop some users programmatically?
http://willnorris.com/2009/03/authentication-in-wordpress-28

I actually found a work around.
Using a custom form you can log into Wordpress using the wp_signon function.
var $creds = array();
$creds['user_login'] = 'example';
$creds['user_password'] = 'plaintextpw';
$creds['remember'] = true;
//check if user has an activation key in the usermeta table
$user = get_userdatabylogin($creds['user_login']);
if(get_usermeta($user->ID,'activation_key')) {
} else {
$procLogin = wp_signon( $creds, false );
if ( is_wp_error($procLogin) ) {
echo $user->get_error_message();
}
echo 'success!';
}
hope this helps someone out there

Related

Firebase web authenticate and add to database

I am stuck on this and the other posts I have read on here are not useful. So I've reached a point where i need to ask for help after many hours on not resolving what I feel should be a simple task. I program in Swift usually and really know little about html or javasript.
I am building a simple webpage to log-in to Firebase and a second linked page to upload data to a database. Both work fine. The problem is getting the uploaded data to link to the uid of the current user.
So I am logged into an existing user with it's own uid. How do I then upload the data to the current user did in the database? Should be simple but I am just not getting it :-(
Code for uploading data is as follows (note I have tried using both set and push):
// Generate a reference to a new location and add some data using push()
var postsRef = ref.child("users");
var newPostRef = postsRef.push({
// var newPostRef = postsRef.set({
name: _name,
property: _property,
email: _email,
phone: _phone,
Any help, or better still a working simple example would be useful. I have read the docs on Firebase, so please don't direct me there :-)
Many thanks in anticipation
It is a best practice to create a new database node using the UID generated by the account creation as the path after /users.
Right now, when you push data into /users, Firebase creates a uid for that particular array item that does not correspond to the UID of the user.
If you use set, you need to specify the path you will set which should include the long UI: /users/longGUIDhere
You can get the user id with something like this (from Firebase docs):
var user = firebase.auth().currentUser;
var name, email, photoUrl, uid;
if (user != null) {
name = user.displayName;
email = user.email;
photoUrl = user.photoURL;
uid = user.uid; // The user's ID, unique to the Firebase project. Do NOT use
// this value to authenticate with your backend server, if
// you have one. Use User.getToken() instead.
}
And then you shouuld use uid to populate the path like below to save their info:
function writeUserData(userId, name, email, imageUrl) {
firebase.database().ref('users/' + userId).set({
username: name,
email: email,
profile_picture : imageUrl
});
}
I know you asked not to be referred to the Firebase docs, but it also looks like you are using an older version of the SDK, so that could be part the issue as well. I recommend taking a look at these two page, since that is where I pulled these verbatim examples:
https://firebase.google.com/docs/database/web/read-and-write
https://firebase.google.com/docs/auth/web/manage-users
var postsRef = ref.child("users/current user id or json key");
this will help you to update the details of current user.

Username with System.User

Today I wanted to greet the user in my app by name, but I did not manage to get it.
I found System.User, but lacking some examples I did not manage to get the info I needed. I saw no possibility to get the current user (id) to call User.GetFromId().
Can you guide me into the right direction? Have I been on the wrong path?
Okay, So first things first, getting access to a user's personal information is a privilege you have to request, so in your store app's Package.appxmanifest, you'll need to enable the User Account Information capability in the Capabilities tab.
Next, you'll want to be using the Windows.System.User class, not the System.User (System.User isn't available to Windows store apps, which you appear to be discussing given the tags you provided for your question)
Third, you'll want to request personal information like this.
IReadOnlyList<User> users = await User.FindAllAsync(UserType.LocalUser, UserAuthenticationStatus.LocallyAuthenticated);
User user = users.FirstOrDefault();
if (user != null)
{
String[] desiredProperties = new String[]
{
KnownUserProperties.FirstName,
KnownUserProperties.LastName,
KnownUserProperties.ProviderName,
KnownUserProperties.AccountName,
KnownUserProperties.GuestHost,
KnownUserProperties.PrincipalName,
KnownUserProperties.DomainName,
KnownUserProperties.SessionInitiationProtocolUri,
};
IPropertySet values = await user.GetPropertiesAsync(desiredProperties);
foreach (String property in desiredProperties)
{
string result;
result = property + ": " + values[property] + "\n";
System.Diagnostics.Debug.WriteLine(result);
}
}
When you call GetPropertiesAsync, your user will get a permission prompt from the system asking them if they want to give you access to that. If they answer 'No', you'll get an empty user object (but you'll still get a unique token you can use to distinguish that user if they use the app again).
If they answer yes, you'll be able to get access to the properties below, and various others.
See the UserInfo Sample Microsoft provided for more examples.

Bolt: saveContent updates values but doesn't actually save the record

I'm trying to create new content with:
// Get suggestions template and update with values
$content = $this->app['storage']->getEmptyContent('suggestions');
$content->values['title'] = $title;
$content->values['description'] = $description;
// Save to db
$save = $this->app['storage']->saveContent($content);
status is set as publish in data returned from getEmptyContent.
When I visit the backend, I can see that the save status is None. How can I actually create it so that it is published?.
This sounds like it could be a bug since as far as I can remember some value should make it through to status by default. One thing to check, in your contenttypes.yml file for suggestions you can also add a default_status eg:
default_status: publish
If you still have no luck then raise an issue on Github.

Laravel Eloquent how to limit access to logged in user only

I have a small app where users create things that are assigned to them.
There are multiple users but all the things are in the same table.
I show the things belonging to a user by retrieving all the things with that user's id but nothing would prevent a user to see another user's things by manually typing the thing's ID in the URL.
Also when a user wants to create a new thing, I have a validation rule set to unique but obviously if someone else has a thing with the same name, that's not going to work.
Is there a way in my Eloquent Model to specify that all interactions should only be allowed for things belonging to the logged in user?
This would mean that when a user tries to go to /thing/edit and that he doesn't own that thing he would get an error message.
The best way to do this would be to check that a "thing" belongs to a user in the controller for the "thing".
For example, in the controller, you could do this:
// Assumes that the controller receives $thing_id from the route.
$thing = Things::find($thing_id); // Or how ever you retrieve the requested thing.
// Assumes that you have a 'user_id' column in your "things" table.
if( $thing->user_id == Auth::user()->id ) {
//Thing belongs to the user, display thing.
} else {
// Thing does not belong to the current user, display error.
}
The same could also be accomplished using relational tables.
// Get the thing based on current user, and a thing id
// from somewhere, possibly passed through route.
// This assumes that the controller receives $thing_id from the route.
$thing = Users::find(Auth::user()->id)->things()->where('id', '=', $thing_id)->first();
if( $thing ) {
// Display Thing
} else {
// Display access denied error.
}
The 3rd Option:
// Same as the second option, but with firstOrFail().
$thing = Users::find(Auth::user()->id)->things()->where('id', '=', $thing_id)->firstOrFail();
// No if statement is needed, as the app will throw a 404 error
// (or exception if errors are on)
Correct me if I am wrong, I am still a novice with laravel myself. But I believe this is what you are looking to do. I can't help all that much more without seeing the code for your "thing", the "thing" route, or the "thing" controller or how your "thing" model is setup using eloquent (if you use eloquent).
I think the functionality you're looking for can be achieved using Authority (this package is based off of the rails CanCan gem by Ryan Bates): https://github.com/machuga/authority-l4.
First, you'll need to define your authority rules (see the examples in the docs) and then you can add filters to specific routes that have an id in them (edit, show, destroy) and inside the filter you can check your authority permissions to determine if the current user should be able to access the resource in question.

WordPress Max Login Reset

How do I reset a user's failed logins from the database?
With s2members if you look in the wp_options table there will be a entry similar to _transient_s2m_ipr_ in there, if you delete this then it should let you back in.
it stores the string -
a:1:{s:12:"ip.ip.ip.ip";i:1345820837;}
you will also have to delete the timeout entry as well from the table - named _transient_timeout_s2m_ipr_ or similar this just holds a time in it.
You should then be able to log back into wordpress okay. If it doesnt work the first time then there may be more than one of these you will need to delete from the table.
IF you can't login to s2 member to reset then try:
Create the directory/file /wp-content/mu-plugins/s2hacks.php with following code inside:
<?php
add_action ("ws_plugin__s2member_before_ip_restrictions_ok", "my_function");
function my_function ($vars = array ())
{
$vars["__refs"]["restriction"] = false; /* Do NOT impose restrictions. */
}
?>
It was S2Member. They have a field in their general options that you can turn off... if your admin account isn't the one that's banned!