JS & Code in Wordpress

Out of context: Reply #18

  • Started
  • Last post
  • 21 Responses
  • cherub0

    This site is under partial NDA so I can't of course show or explain the exact site or setup, but suffice to say ^that formbox is a on a simple html page with no other stuff of importance and it's purpose is to let the user enter a temporary entry code to enter the site(using PHP header command). I have "checkuser.php in my home directory which I've pasted below.

    I told someone on discord, you'd have to be a PHP ninja to figure this shit out! He responded, no, you'd have to be a wordpress ninja! lol.

    Anyway, for now I'm just trying to get it working on my html site and it doesn't even work there. It prints the 1st echo, but never the echo near the bottom. I don't know how to query a mySQL database, nor how to add a table so there is no "mytable" so obviously it won't work but this script fails with critical error, instead of returning a false value when I uncomment that part out.

    TL;DR: The form box should use this to validate the code. It doesn't. Why?

    https://controlc.com/b7278fea

    <?php
    error_reporting(E_ALL);
    //begin with setting the variable for $entrycode

    $entrycode = $_GET[ 'entrycode' ] ?? false;

    echo "2nd line so far so good";

    //create a function to check entrycode

    function check($entrycode) {

    global $entrycode;

    // server,DBUSER,DBPASS,DATABASE
    $mysqli = new mysqli(-removed-);
    $result = $mysqli->query("SELECT id FROM mytable WHERE entrycode = '$entrycode'");
    if($result->num_rows == 0) {
    // row not found, do stuff...
    // return false;
    echo "entrycode not found!";
    } else {
    // row found, do good stuff...
    // return true;
    echo "THANKS FOR LOGGING IN";
    }
    $mysqli->close();

    }

    echo "function created.";

    // function is created, then decide whether or not the original entrycode was real and take action

    if (!$entrycode || !
    check($entrycode));{
    // this code runs if entry code was fake
    echo "ENTRY CODE NOT VALID, ERROR.";
    exit;
    }
    ?>

    cherub 0Permalink
    UpvoteDownvote
    Flag
    • this is badsted
    • i just opened a bottle, let's see if i can help you out before i have to go to bed. (in 2h max)sted
    • where are we checking the user against?
      it's an external system or it should be part of the current site/system/collecti... of functions?      sted
    • are the users forced to enter these details before accessing the site or is this part of a specific isolated function. does this needs permission management?sted
    • Yes they must enter a valid 4 digit entry code to enter any page except the login page. I was told if you put the following PHP at the top of every page it willcherub
    • boot them back to login page. <?php
      if($_SESSION['logged...
      //allow
      else
      //redirect to the login page
      header('Location: /login.html');      cherub
    • "does this needs permission management?" nope, once "SESSION:TRUE" is established they can go anywhere and do anything until browser closed then session is overcherub
    • If you are curious, the top entry form is a dummy, I want it for data purposes but the 4 digit code entered is not hooked up to anything or used.cherub
    • wp has proper login/user management, why not just use that? you can shit out the login form anywhere, and lock the content or just specific pages to private...sted
    • also there are things like this: https://wordpress.or…sted
    • "this is bad" <------I KNOW!!!!!! LOLcherub
    • and dat: https://wordpress.or…sted
    • "where are we checking the user against?" I don't want to manage a database of users, due to security risk, so this quasi-anonymous login doesn't reallycherub
    • distinguish users. It just checks their pre-issued entry code(given to them by me) againt a table in mySQL database.(which doesn't yet contain any tables)cherub
    • you are creating a security risk with thesested
    • Oh, I guess the top form could be hooked up to display their name, otherwise there is nothing to display as 'user' when their SESSION is truecherub
    • So the numbers in the top form COULD be their name/id but that is totally unimportant detail.cherub
    • "wp has proper login/user management, why not just use that?" I discovered their inbuilt login system right away and hated it, it's ugly, has their own brandingcherub
    • can't be customized to look like what I wanted, and forces them to sign up for an account. How would they log in without an account?cherub
    • That's a really unsophisticated solution for locking posts, not entire websites.cherub
    • "also there are things like this: /plugins/wp-login-fo... OOHH LOOKS PROMISING, for the 1st time they mention the word 'redirect' ... NICE! u can redirect themcherub
    • after login. seems promising!cherub
    • yeah you can summon that. or customze the login form: https://codex.wordpr…sted
    • *customize.sted
    • Cool. And does the form box html code I posted look ok? After giving that 2nd formbox the name "entrycode" then it's becomes $entrycode and I feed that into mycherub
    • entrycode validation function correct? or do I need to declare the variable or is it already declared by virtue of the formbox?cherub
    Show [[ numHiddenNotes ]] more notesAdd Note
    SaveCancel

View thread