sjdalf Blog

I was checking out a Wordpress template for a client who wanted to use it for one of their sites. When I came to the footer.php file, I noticed that the entire file consisted of a block of text in the following format:

eval(gzinflate(str_rot13(base64_decode('FZrHEo...'))));

I suppose that template authors do this to protect the footer ‘Designed by’ references to their own site, which is fair enough. However, as would generally be the case, I wanted to see the unencrypted PHP code to ensure that nothing malicious was happening within it. Also, in this case, a significant portion of design code was contained within this encrypted code, and I wanted to modify the design a bit.

Decryption code for this type of stuff is common, and a google search will give you ample results.

One great online decoder I found is here: http://josh.thespiffylife.com/decrypt.php

Bookmark It

Hide Sites

I have just come across this neat Wordpress plugin called Structured Blogging, which I think is so cool that I needed to post about it.

Bookmark It

Hide Sites

Today I was working on my band’s website, which is based on Wordpress. The site contains two different sidebars, 1 and 2. I encountered a problem when after I added the Search sidebar widget to sidebar 1, it was ‘used up’ and I could not add it to sidebar 2 also. After some brief searching and thinking, I realised what I could do.

(more…)

Bookmark It

Hide Sites

I recently started working on a review site based on Wordpress. It was clear that the easiest way to achieve review functionality was to use the Wordpress comment system. Basically, items were added to the site as posts, and post comments would serve as reviews for the items.

Having made the decision to use the comment system, I needed to then add some extra fields to the comment form, which would accept pieces of information that were part of the reviews. I searched around briefly for some information on the web regarding how to modify the Wordpress comment system, but could not find much, hence I have written the following short account of how to add custom field to the Wordpress comment system.

(more…)

Bookmark It

Hide Sites

There seems to be an issue with Wordpress 2.5 and greater regarding the inability of Contributors to upload media to their posts. When someone with Contributor permissions tries to upload, say, an image, they are greeted with the following message:

You do not have permission to upload files.

Well, I am not sure if this is a bug; it might be a design decision. Either way, versions of Wordpress prior to 2.5 do allow Contributors to upload media to their posts, so people who upgrade from pre 2.5 to post 2.5 might be affected by this difference.

A neat way to get around this issue is by installing the Role Manager plugin, activating it and granting contributors the right to upload files.

Bookmark It

Hide Sites

I was recently writing some code for an application based on Wordpress when I realised that I would need to retain data across pages. Naturally, I opted to use PHP session handling. A quick search for the string ‘_SESSION’ suggested that Wordpress does not use the $_SESSION superglobal array. Therefore, if you are going to simple user $_SESSION in your code, you will need to place session_start(); somewhere in the code, either in a core Wordpress include file, a plugin file or in a specific file(s).

Finally, if the session handling is used as part of the Wordpress administration backend, you will probably want to terminate the session when the user logs out. To achieve this, you can simply create a function that destroys the session and call this function during the ‘wp-logout’ hook.

function clear_session() {
session_destroy();
}

add_action(’wp_logout’, ‘clear_session’);

Bookmark It

Hide Sites

I was recently asked to set up a basic forum system for a client. They were using Simple Machines Forums, but it wasn’t working smoothly. Rather than trying to address the issue, I opted to try out the bbPress forum software based on Wordpress. The two main reasons were: (1) its simplicity (2) the fact that it is based on Wordpress, which my client’s are already familiar with. So I installed it and liked the simplicity and elegance of the system. However, one problem with bbPress relative to my client’s needs, was that there is no way to upload images and insert them into posts.

Now, knowing that Wordpress has a nice little WYSIWYG editor with an associated image uploading and insertion feature, my first thought was to try and hack bbPress by migrating in the Wordpress editor. I spent a small amount of time trying to achieve this with little apparent success. Instead of continuing down this path, I started to think about the possibility of making a few modifications to Wordpress to get it to act more like a forum. Fortunately, a quick Google search later and I found that someone had already created a theme and plugin combination for Wordpress which does this very thing.

The theme (TDO Forum Wordpress Theme) can be found at http://thedeadone.net/software/tdo-forum-wordpress-theme/ and the plugin (TDO Mini Forms Wordpress Plugin) can be found at http://thedeadone.net/software/tdo-mini-forms-wordpress-plugin/.

Bookmark It

Hide Sites

One of Wordpress’ greatest features, which has undoubtedly contributed to its great success, is the plugin system. Plugin developers use the action and filter hooks offered by the plugin API to tap into the Wordpress system, without the need to hack the core code.

Whilst the list of action and filter hooks offered is substantial and affords much modification freedom, there are going to be times when there is no action or filter to do the job. I was recently asked to develop a plugin that added a few small things to the Wordpress administration backend. A quick browse of the plugin API led me to conclude that there was no plugin hook available which would directly enable me to modify the area in question. So I was about to edit the relevant core Wordpress files when I realised that I could end up indirectly using a plugin hook after all.

(more…)

Bookmark It

Hide Sites

Nowadays, the www prefix is considered to be a redundant relic. In order to support the no-www initiative, Wordpress MU is by default set up so that the www prefix is stripped from URLs. For example, if one typed in http://www.example.com to access a Wordpress MU installation, they would end up at http://example.com.

Now, for some reason it might be the case that you do want the www to remain (I don’t mind having the www stripped, but from my experiences with installing Wordpress MU for clients, it is often the case that they want the www prefix to remain). However, this is apparently not a straightforward thing to achieve in Wordpress MU.

(more…)

Bookmark It

Hide Sites

Note: a link on the issue for WP >= 2.8.1 can be found at http://mu.wordpress.org/forums/topic/13318?replies=6

The theme editor in Wordpress is a nice little feature which allows administrators to, via the brower, edit the theme files available to the Wordpress installation.

For security reasons however, this feature is not part of Wordpress, the risk being that if the editor is available, then someone with access to it might maliciously change code.

If such a security risk is not a problem though and you want to enable the theme editor, you must do two things:

1. the file theme-editor.php is not included with Wordpres MU. So get a copy of it from a standard Wordpress source (it is under ‘/wp-admin/’) and place it under the ‘/wp-admin/’ folder of your Wordpress MU installation.
2. Edit line # 401 of the file ‘/wp-admin/includes/mu.php’ by commenting out or deleting the line:

unset( $submenu['themes.php'][10] );

For more on the perils of the theme editor in Wordpress MU and a neat plugin which allows users to make a copy of a system theme just for their blog, check out http://wpmudev.org/project/Userthemes-1.1

Bookmark It

Hide Sites