Archive for the ‘ CMS ’ Category

Displaying content of a WordPress Form


<html>
<head>
<meta charset="utf-8" />
<style type="text/css">
* {font-family: "franklin gothic book"; font-size: small;}
h2 {font-size: 150%;}
table,td,th {border-collapse: collapse; border: 1px dotted #afafff; padding: 3px 5px;}
th {background: #efefff;}
</style>
</head>
<body>


<?php


// STATE YOUR VARIABLES
////////////////////////////////////////////////////////////////////
	$user  = "annual2015";
	$pass  = "tuYPLUY44DxjRCNB";
	$db    = "annual2015";
	$table = "wp_a15_fm_data_22";
	$sql   = "SELECT * FROM $table ORDER BY `timestamp` DESC LIMIT 0, 500";


// ESTABLISH THE CONNECTION
////////////////////////////////////////////////////////////////////
	$cxn=mysqli_connect("localhost","$user","$pass","$db");
	$cxn->set_charset("utf8");
	if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
	}
	$result = mysqli_query($cxn,"$sql");


// GET NUMBER OF ATTENDEES
////////////////////////////////////////////////////////////////////
	$rows = mysqli_num_rows($result);
	printf("<h2>Current number of registered attendees: <span style=\"background: #ff0; font-size: 20px;\">%d</span></h2>",$rows);


// CREATE THE TABLE
////////////////////////////////////////////////////////////////////
echo "<table>
	<tr>
	<th>First name</th>
	<th>Last name</th>
	<th>Job title</th>
	<th>Organisation</th>
	<th>Email address</th>
	<!-- <th>Food requirements</th> -->
	<th>Date registered</th>
	</tr>\n";
while($row = mysqli_fetch_array($result))
	{
	echo "	<tr>\n";
	echo "	<td>" . "<b>" . $row['text-56275de811d4e'] . "</b>" . "</td>\n";
	echo "	<td>" . "<b>" . $row['text-56275dea2cd60'] . "</b>" . "</td>\n";
	echo "	<td>" . $row['text-56275dfd39f14'] . "</td>\n";
	echo "	<td>" . $row['text-56275dfb697d7'] . "</td>\n";
	echo "	<td>" . "<a href=\"mailto:" .$row['text-56275df9b2872'] . "\">" .$row['text-56275df9b2872'] . "</a>" . "</td>\n";
//	echo "	<td>" . $row[''] . "</td>\n";
	echo "	<td>" . $row['timestamp'] . "</td>\n";
	echo "	</tr>\n";
	}
echo "</table>";


// CLOSE THE CONNECTION
////////////////////////////////////////////////////////////////////
mysqli_close($cxn);
?>
</body>
</html>
2015
10/27
CATEGORY
HTML
MySQL
PHP
Templates
Wordpress
Write comment

Convert UNIX time into other formats on the fly with MySQL

Typo3 and other CMSs often save dates in UNIX time, which is quite indecipherable by humans. Luckily MySQL has a built in function to convert that number into a human-readable format on the fly.

See the following SQL sample for extracting creation date and last login dates of Members’ Area accounts:

SELECT 
`uid`,
FROM_UNIXTIME(crdate,GET_FORMAT(DATE,'INTERNAL')) AS `DATE CREATED`,
FROM_UNIXTIME(lastlogin,GET_FORMAT(DATE,'INTERNAL')) AS `LAST LOGIN`,
`first_name` AS `FIRST NAME`,
`last_name` AS `LAST NAME`,
`username` AS `EMAIL`,
`company` AS `COMPANY`,
`disable` AS `DISABLED?`
FROM `fe_users`
ORDER BY `fe_users`.`crdate`  DESC
LIMIT 10000

More info:
http://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_from-unixtime

2015
08/03
CATEGORY
MySQL
Typo3
Write comment

Allowing Filemanager in User Role Editor

I assign the role of Editor to the staff editing the event websites. By default this limits their ability to use Filemanager. And the usual check boxes don’t work so we have to switch the interface to “Deprecated mode” and check all the “Level_#” boxes.

user-role-editor-filemanager

2015
06/01
CATEGORY
Plugins
Wordpress
Write comment

Exhibitor Press Release Uploads

There are three components to the system:

 

A) The exhibitor upload page

The first thing we need to do is build the form using the “WordPress Form Manager” plugin.
We create a form with the following fields: “Company name”, “Document title” and “Select document”. We also add a note field to display additional information about accepted file formats and file size, etc. Pay attention to the upload document section as to restrict the document types.

We also add a “Private Field” at the bottom of the “Form extra” tab. This is what our administrator will use to approve each press release.

Once you have created the form, add it to the exhibitor upload page with the following shortcode format:
[form form-XYZ]

 

B) The public listing page

We include a simple PHP script into the WordPress page to pull data off the database. The code I used can be obtained here.

To summarise, the script will need to be modified in the following places:

  1. Database name
  2. Form table
  3. User (an account with read-only access just to the form table was created for this application)
  4. Password
  5. The blob variables in the loop

 

C) Administration page

The administrator logs into WordPress and navigates to the Submission Data tab of the form being used.
Using the checkboxes and the “Edit selected” function from the dropdown list of actions, the admin can edit…

form-edit

and approve each press release.

form-approve

2015
02/04
CATEGORY
Coding
HTML
PHP
Plugins
Wordpress
Write comment

Bulk show/hide pages in WordPress

We use the plugin Exclude Pages to show or hide pages in the navigation of our WordPress sites.

exclude-1
It’s very useful, but if you suddenly need to show or hide a lot of pages, it becomes tedious and a waste of time to do it through the WordPress backend.

That’s why I looked at how to bulk edit this in the database directly. Start by locating the correct table in MySQL:

exclude-2

Then add or remove page ids as needed. (Note: The numbers that appear here are the pages that are hidden from the user)

2014
07/23
CATEGORY
CMS
MySQL
Plugins
Wordpress
Write comment

Typo3-fail2ban

Taken from here: http://www.illutzminator.de/typo3-fail2ban.html?&L=1

You cannot have enough security for your own CMS. Typo3 security can be enhanced with fail2ban to reduce the risk of brute-forcing.

Here’s what to do:

Install fail2ban on your web-server as root administrator.

Add the following lines to your jail.conf

[apache-typo3]
 enabled = true
 port = http,https
 filter = apache-typo3
 logpath = /var/log/apache*/*access.log
 maxretry = 7
 findtime = 3600
 bantime = 7200

Create the filter apache-typo3

(that is a file named apache-typo3.conf in fail2bans subfolder filter.d)
The file has to have at least the following contents:

[Definition]
 failregex = ^<HOST> -.*GET.*/login-alert-error\.gif
 ^<HOST> -.*POST.*/typo3/index\.php
 ignoreregex =

To make it easy download a ready-to-go file here .

How does that work ?

Fail2ban checks the given file (here apaches access.log) for changes in short time cycles. When logging in the site /typo3/index.php is called and the account information is posted from there. If login fails, the image login-alert-error.gif is shown and on further attempts to login parameters are posted again from that site.

With the configuration above i decided that one of these events may apear 7 times (maxretry) within one hour (findtime 3600). If it happens one more time, the ip-address is banned for 2 hours (bantime 7200).

Parameters maxretry, findtime, bantime can be set like what ever you think to be useful, but:
Do not set maxretry < 4. The first failure will post the login parameters and get the image. So 2 events are gone. You need the third event for your next attempt.
So my tip: Set maxretry >= 5 !

Hint for multi-user

Even for a succesful login there is one attempt needed. So if you use Typo3 with severel users, set maxretry at least to the number of users adding a few tries for login failures.

My entries or links concerning brute force

2014
02/06
CATEGORY
CMS
Security
Typo3
Write comment

SQL manipulations for WordPress comments and trackbacks

Disable comments and trackbacks globally:

UPDATE wp_posts SET comment_status = 'closed';
UPDATE wp_posts SET ping_status = 'closed';

Disable comments and trackbacks on post type:

UPDATE wp_posts SET ping_status = 'closed' WHERE post_type = 'post|page';

Disable comments and trackbacks on post status:

UPDATE wp_posts SET ping_status = 'closed' WHERE post_status = 'publish|inherit|pending|private|future|draft|trash' AND post_type = 'post';
2013
09/18
CATEGORY
CMS
MySQL
Wordpress
Write comment

EWEA Navigation include

Here’s how to include the EWEA navigation file in templates for microsites:

<div id="navigation">
<?php
// INCLUDE EWEA MENU
$naviURL = "http://www.ewea.org/navigation-file/";
if ($fh = fopen($naviURL,"r"))  {
   fpassthru($fh);
} else {
   echo "<p>Unable to load menu.</p>\n";
}
?>
</div><!-- end #navigation -->
2013
09/13
CATEGORY
Coding
PHP
Templates
Wordpress
Write comment

Google Analyticator

I have installed the WordPress plugin “Google Analyticator” on all the WordPress-based websites.
However, for those that have the “EWEA Master Code” installed, I needed to edit the plugin code.

<script type="text/javascript">
var _gaq = _gaq || [];

// This website code here:
_gaq.push(['_setAccount', '<?php echo $uid; ?>']);
<?php if ($need_to_annon == '1' ): ?>
_gaq.push(['_gat._anonymizeIp']);
<?php endif; ?>
<?php

    # Add any tracking code before the trackPageview
    do_action('google_analyticator_extra_js_before');
    if ( '' != $extra )
            echo "$extra\n";

    # Add the track pageview function
    echo "_gaq.push(['_trackPageview']);\n\n";

    # Disable page tracking if admin is logged in
    if ( ( get_option(key_ga_admin) == ga_disabled ) && ( ga_current_user_is(get_option(key_ga_admin_role)) ) )
            echo "_gaq.push(['_setCustomVar', 'admin']);\n";

    # Add any tracking code after the trackPageview
    do_action('google_analyticator_extra_js_after');
    if ( '' != $extra_after )
            echo "$extra_after\n";

    # Add the final section of the tracking code
    ?>

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>

Now we add the EWEA Master Code in the plugin settings area:

EWEA Master

For copying/pasting:

// EWEA's master code here:
  _gaq.push(['_setAccount', 'UA-4609386-40']);
  _gaq.push(["_setDomainName", "none"]);
  _gaq.push(["_setAllowLinker", true]);
  _gaq.push(["_trackPageview"]);

 

2013
07/29
CATEGORY
CMS
PHP
Plugins
Wordpress
Write comment

Youtube Video Gallery plugin

This is what I implemented on EWEA OFFSHORE 2013 Video Archive page:

http://wordpress.org/extend/plugins/youtube-channel-gallery/

http://www.ewea.org/offshore2013/media-and-press/video-archive/

2013
04/18
CATEGORY
Plugins
Wordpress
Write comment