Archive for the ‘Wordpress’ category

« Older Entries
Newer Entries »

How to get into a WordPress site without a login, just FTP

August 22nd, 2011

Ok interesting problem for you… your client gives you the FTP information for his server but has no idea what the admin password is for the WordPress site you are supposed to be working on is. Sounds a little odd but in the case I experienced the user account was an Editor role which is, in effect, useless if you want to play with plugins or users etc…

Here’s how I got in…

WordPress stores it’s passwords as hashes in the database for security purposes. Annoying if you are trying to find out other people’s passwords though. Luckily the hashinh algorithm is standard md5 across any site you use. I have several WordPress sites of my own set up so I opened up Navicat and got the password hash for a site I know the password to.

I then opened up the functions.php file for the theme I knew was active on the clients server and added the following code:

global $wpdb;
$sql = 'SELECT * FROM ' . $wpdb->users;
echo '<pre>';
print_r($wpdb->get_results($sql));
echo '</pre>';

$sql = 'UPDATE ' . $wpdb->users . ' SET user_pass = "$P$Ba8do3KsWiaThA80UbfHygumoUFu3i1" WHERE ID = 1';
$wpdb->query($sql);

Idiot proof right! You need the first query to give you the name of the admin account. This is the one with the ID of 1 and the original hash to put back once you have your own user. The second part updates that record with your own password hash. Only run the page the once and make sure to write down the old password hash because you will lose it on the second refresh otherwise.

Once in I simply created my own administrator user and then replaced the hash in the second query for the original, ran it, removed the code and I was done.

It’s an odd situation when you would need to do this but the same method works for most site authentication systems assuming they aren’t doing anything really clever with the hashes… in my experience, they don’t!

Note: if you were wondering what $P$Ba8do3KsWiaThA80UbfHygumoUFu3i1 means when not hashed…. it’s ‘sausages’ :)

4 comments »

Posted in Time Savers, Troubleshooting, Tutorials, Wordpress

WP Ecommerce template redirect

August 18th, 2011

Today I spent a good two to three hours making zero progress on a site which I was upgrading. I am making changes to the design but sadly didn’t get that far as first I decided to update WordPress and the plugins. The upgrade to WP 3.2.1 went well as did every other plugin except WP Ecommerce. I know this plugin to be a troublemaker but sadly as it’s the only half decent cart WordPress has to offer (and it’s pretty dire really).

The issue I was facing is that we have a custom page template for the shop to include a different sidebar and some other small changes. Upon upgrading the page template decided to revert to the theme’s page.php file instead of the template-shop.php we were using previously. Lots of head scratching and shouting followed and a couple of reverts from backups but eventually I got it down to a single function in the theme.functions.php file in the wpsc-includes directory. There are a couple of fixes you could use although the most straightforward is a hack to one of their core files… Sadly for me I don’t like doing that as the next time you upgrade you get to do it all over again. Luckily they had the foresight to add an action call at the top of the function so I wrote the following.

The Code

add_action('wpsc_swap_the_template', 'include_shop');

function include_shop() {
    global $wp_query,$wpsc_query;

    $products_page_id = wpec_get_the_post_id_by_shortcode('[productspage]');
    $term = get_query_var( 'wpsc_product_category' );
    $tax_term = get_query_var ('product_tag' );
    $obj = $wp_query->get_queried_object();
    $id = isset( $obj->ID ) ? $obj->ID : null;

    if( get_query_var( 'post_type' ) == 'wpsc-product' || $term || $tax_term || ( $id == $products_page_id )){

	$shop_template = trailingslashit(TEMPLATEPATH) . 'template-shop.php';
	require_once($shop_template);
	die;
    }
}

How to integrate it

To get this to work you just need to add it to your theme functions.php file and change where I have “template-shop.php” to be the name of your own template. This may well not even be an issue unless upgrading from an old version of WPSC but this fix worked for me.

As an aside I note the following comment left by one of the developers

// have to pass 'page' as the template type. This is lame, btw, and needs a rewrite in 4.0

Note: this was an issue when migrating from WP Ecommerce versions 3.7.7 to 3.8.6

5 comments »

Posted in Bug Fixes, Ecommerce, PHP, Plugins, Time Savers, Troubleshooting, Wordpress

Simple custom post type features for WordPress

July 15th, 2011

I have been using custom post types in WordPress for a long time now…. In fact each new theme or plugin I write I tend to integrate a custom post type and some supplementary meta boxes here and there. If you have no idea what i’m talking about then this article probably isn’t for you… however read on and I shall explain briefly.

Custom post types are wonderful for parts of sites that don’t generally fit into the standard Post or Page model. For instance WP Ecommerce (the most popular WP shopping cart) has just started using custom post types for storing their products… you will get the idea, products being a custom post type. If I say that they are a way of storing things in WordPress that can, if needed, provide a way of administering these objects as if they were a page like any other.

Adding them yourself requires some code and adding the fields that will appear on the page will require some more. This isn’t what I want to go over right now as there is an easier way. To get an idea of what I mean, see the following screenshots…

Note the bottom three, they are custom post types

This admin interface is generated for you with 0 effort.

“Products” is generated by WP Ecommerce and my theme added “FAQs” and “Photography”. The second screenshot shows the admin interface, similar to the post/page editor, which is generated and the meta boxes which can be added very easily indeed to make it appear that way. The way that these can be added without writing any code would be to use one of the ‘More’ plugins…. These are More Fields, More Types and More Taxonomies… all freely available WordPress plugins although I tend not to use them these days (I write them into my themes instead). Take a look though.

This article was really to outline what you do with the data within these types in the real world. Of course storing the data is easy, using it requires some imagination really. The post type items are stored in the wp_posts table and the fields you add as meta data are stored in wp_usermeta. You can easily retrieve the information using standard WordPress functions.

The following function can be used to get all of the photography items and store them in an Array of Objects for looping and output any way you see fit…

function get_custom_post_type_items($custom_post_type) {
	$args = array(
	'post_type' => $custom_post_type,
	'post_status' => 'publish',
	'posts_per_page' =>-1,
	'orderby' => 'post_date',
	'order' => 'DESC'
	);

	$posts = new WP_Query($args);
	$return = array();

	if ($posts->have_posts()) {
		while ($posts->have_posts()) {
			$posts->the_post();

			$post_id = get_the_ID();

			$sub_post = new stdClass();
			$sub_post->post_id = $post_id;
			$sub_post->title = get_the_title();
			$sub_post->permalink = get_permalink($post_id);
			$sub_post->content = wpautop(get_the_content());
			$sub_post->meta_data = get_post_meta($post_id, 'meta_data_name, true);

			$return[] = $sub_post;
		}
	}

	wp_reset_query();

	return $return;
}

You can use this function in your functions.php file in your theme to be called by a page template or a shortcode if you add one to return the items you have added as custom post types. I have added a single meta data item called meta_data in each row which gets a custom field from the custom post type item called meta_data_name. In my Photography example I would just have more lines like this to get the various items from my custom meta box

$sub_post->png_image = get_post_meta($post_id, 'png_image_url, true);

Another good example use of this function would be for a featured items slider that you often see at the top of websites. One or more pages might have a portfolio item slider or a rotating banner or something. In that case you would call my function from your header.php file then loop through it outputting the appropriate HTML per line before using something like a jQuery call to construct the slider.

When you understand the applications for custom post types you might be finding yourself using them in more and more creative ways. I wrote a custom meta box a while back to link custom post type items to each other across different types. This was to allow staff member types to be linked to team and office types and so on. Then using this association you can output something like a dynamic organisational chart using a shortcode or a custom page template without having to hard code a thing.

This is a thinker, I imagine, for some people. Get in touch with me if you want any help putting these custom post types in place and utilising them on your site.

4 comments »

Posted in Personal Blog, PHP, Plugins, Plugins, Themes, Time Savers, Tutorials, Wordpress

Want a website? Basic details on cost and what you are likely to be asked for…

July 14th, 2011

A lot of my clients seem to think, at least initially, that having a website built is a case of asking someone like me to write one and then their involvement stops. That is not the case as you are about to find out. This isn’t a rant or attack on people who don’t know the specifics of the web but hopefully will serve as a guide to those people or give other people like me a checklist to refine and give their clients…

First things first… Costs.

It doesn’t cost the earth to have a website written. A normal company is likely to want a presence on the net and that’s it. No need for huge fancy sites to be optimised to within an inch of their life and no need to even have a graphic designer involved. Of course you can do, and generally end up with a better site but if you want to keep things simple then it’s not necessary.

There are only really two ongoing costs for a website… domain name(s) and website hosting.

Domain Names

A domain name is very cheap indeed although costs do vary. In the past I have used a few registraars and people always have their favourites. I use Europe Registry for this site but have just registered www.letsboat.co.uk with 123-reg (aff link) for a grand total of £7 for two years.

Web Hosting

Many website developers such as myself will offer to host the site for you at £X per year. This is a good idea if you want a lot of support but ultimately it’s cheaper to do it yourself and pay a developer when (if) things go wrong. This site is hosted with imountain however I wouldn’t recommend them at all. It costs me $10 per month but I find it very slow here in the UK. I tend to recommend Hostgator (aff link) to my clients. All you need for your own website is their most basic package although I would recommend their Baby plan in case you want to host more than one site using the same account. you can pay monthly with most hosts although you only usually get the quoted prices if you pay for two or three years up front. Depending on your financial situation this might be worth doing. If you go to hostgator.com and use tortoise25 as the coupon code you will get 25% off the quoted price if it helps.

Website Development

No one, if they can help it, writes sites in pure code any more. They are a nightmare to maintain and generally not very good. Also, as the client, you end up paying for a developer to make the smallest change. This is where WordPress comes in. WordPress, a content management system (CMS), allows you and developers to write sites (like this one in fact) quite quickly and with a massive range of free themes and plugins to make sites do whatever you want them to. Galleries, shops, video players, etc… All doable without much more than a few simple steps.

Installing WordPress requires you to get a PHP enabled server, set up a MySQL database, FTP up the WordPress files found at WordPress.org, apply the theme, add some plugins and write the content in. Sounds like a lot but when you do it for a living it doesn’t take long to get something up there. However it’s kind of like car maintenance.. you think you can service it yourself and you know that, in principle, replacing a few engine consumables is an easy job and takes a mechanic only a couple of hours. Then you start the job and it takes two days and never does run right after that. See the parallel there? :)

That’s it…. you never have to pay for content updates and you can always contact me for advice/help. If you hadn’t noticed, I’m a bit of a WordPress enthusiast. But then why not when WordPress is used for a huge number of sites on the internet (50,000,000 I think was the last count I read).

What do you need to provide to a Website Developer?

Simple enough question to ask, hard question to answer really. Here is a very basic list…

  • Content
  • Look and feel
  • Gather resources to use

And then for any site with an ecommerce aspect:

  • Products
  • Payment processor (Paypal, Clickbank, Sagepay, etc…)
  • Gather resources for download or delivery

Let me expand on these…

Content is self explanatory. I recommend firstly thinking about how many pages you want on the site and then jotting down, in something like Word, the content for each page. Images to compliment text is always a nice addition but can be done later. Additionally with a domain and a site you might want to let people get in touch with you. Have a think about what phone numbers (if any) and email addresses you want public or if you just want a contact form.

Look and feel is something that will definitely need to be expanded on. If you have a look at a few themes around the internet. There are literally thousands of them out there, loads free and others premium. Either is ok and neither better than the other. WordPress has it’s own showcase of free themes (required to be free to be in the list!). Someone like myself will firstly ask if you want a graphic designer involved, at which stage this process will be escalated to another level of cost and complexity. However, if you want something basic then a free theme will do. There are a large number of ‘framework’ based themes for free out there which allow people to edit their theme without touching the code. They tend to be very basic but might be a good starter. Otherwise there are even more standard themes about which can be modified to suit if need be. I normally recommend that people give up to three themes from the directory they like and then a new theme can be made which incorporates the better features of each.

Gathering resources is really just a cursory note for you to gather any images or logos (your company logo for example) in digital form to be added to the site. They need to be as high a quality as you can find. Images like logos should really be in JPG, PNG or GIF format and be bigger than needed so they can be trimmed to fit for the site. You can make images smaller and retain quality but not make them bigger.

Ecommerce aspects really are similar… Products is just something, as before, for you to think about. The descriptions for the products, the pricing, images and ways of getting hold of them (postage, pdf, etc..)

Payment processor is what we call the way in which people are asked to pay for their items. Normally Paypal is the standard for small sites. People tend to have accounts via eBay these days anyway. Other types of processor are available but tend to incur monthly costs (£20/month I think for Sagepay). Paypal is the easiest if you want to keep ongoing costs down. The requirement to sell is that you have a premier or business account. To do it you just need to login and look at your account settings then jump the hoops to update your account. This simply involves linking a bank account to you Paypal account (takes a few days, best done in advance of being needed). Nothing official otherwise needed.

Gathering resources is, again, just putting together the images and the content for the products. There are several shopping carts for use for downloads and ecommerce within WordPress.

SEO

Perhaps the buzzword of the net these days. I’ve not yet met someone that hasn’t heard the acronym although often people don’t know what it means… only that they want it. Plugins exist for free for WordPress to allow you to add your site to Google and other search engines and to allow you to compliment your content with the right sort of data to get you noticed. There are quite a few guides on the internet to help you through this.

Summary

So what was the point of all that then? Well… hopefully now you shall know about the sorts of things you are likely to be asked for when wanting a website and will be prepared for your initial conversation with website developers if that’s the direction you want to go.

By all means get in touch with me to go over any project you have in mind or even just to get an idea of how much it would cost for me to do it all for you. Take a look at some of the sites I have done in the past on my Portfolio page or get in touch using either of my contact or get a quote forms.

No comments »

Posted in Personal Blog, Shameless Plugs, Themes, Tutorials, Wordpress

Tags:

SB Uploader gets an upgrade

June 27th, 2011

It’s been a while since I have posted anything, simply because I have been too busy with work and family etc… However, this is a good one for you. I have just spent the last couple of days on and off extending the SB Uploader plugin. For those of you that don’t know what it does it’s a meta box that sits in the post/page interface within WordPress and allows you to upload images and attach them to your content effortlessly and without being bombarded with options such as those that WordPress gives by default.

This new update adds some really useful features to the plugin. They are as follows:

  • Multiple instances of an uploader meaning you can have more than one image per page
  • Shortcodes added so you can effortlessly use your images within your content without coding
  • Configurable names (custom field names) for uploads so you aren’t stuck with post_image (see screenshot in gallery below)
  • Not only posts and pages, it now works with categories, tags and other taxonomies as well
  • Widgets added for both post and taxonomy images. Backup text/HTML added or optionally hides widget if no image uploaded

Grab a copy now from the WordPress extend directory. It’s free remember so worth a go. Please do let me know if you would like help using it or if you can think of any way of bettering it. I always enjoy a good challenge!

Download it here http://wordpress.org/extend/plugins/sb-uploader

No comments »

Posted in PHP, Plugins, Time Savers, Wordpress

PHP source code protection – the basics

April 2nd, 2011

If you have ever sold or considered selling your code/application you would most likely have thought, if only briefly, about stopping people from buying a copy of your code then passing it to their ten friends (disclaimer: not all people have ten friends! some have more (or less!)) for free.

‘Why not add a product key?’ you ask!

Well yes a product key would do the job and avert the efforts of a portion of these people but obviously when using an interpreted/scripted language such as PHP they will be able to open up your source code, remove any license checking code and then pass the ‘cracked’ version around as before. Generally it’s not hard to find this sort of code… simply look for any filenames which hint at ‘licensing’ or ‘auth’, open them up (usually very small files) and put a ‘return true;’ at the start of the key checking method.  As I said this method stops a large portion of people from passing it around so it’s still worth doing.

What about a ‘call home’ script?

Same story here I’m afraid but more convenient for the seller (and you can get some lovely stats on the people using your code). A Call Home script is simply a piece of code that runs on the client site (per page load? per admin page load? every day on a CRON job?) and in effect sends a request back to a central server run by the code seller (you?) to simply authenticate sites. If, for example, example.com buys a script from my_premiumscripts.com then installs it on their server… Every so often the example.com server will call the my_premiumscripts.com server and have the following conversation:

example.com (e): Dude?
my_premiumscripts.com (m): Dude?
e: So… I’m just checking in with you, everything ok?
m: Ah great stuff, yes I see you purchased a copy of my code. Feel free to carry on using it.
e: Brilliant!
m: Indeed. don’t forget to check in with me tomorrow though.
e: Ok bye!

Or they could say this:

example_dotcomsmate.com (e): Dude?
my_premiumscripts.com (m): Dude?
e: So… I’m just checking in with you, everything ok?
m: Who are you again?
e: I’m a new site you don’t know about. I got your script from a friend (torrent? friend? unauthorised reseller?)
m: Oh ok, that’s fine with me but you have to send me some money first before you can use the software.
e: What? Hey I just want to have a look at it for a few days (years)
m: Nope sorry, I am going to deactivate the software on your site now. Bye!
e: Oh ok, bye!

Ok I jazzed up the conversation a bit but you get the idea. Call home scripts work really well from a protection point of view but have one really major drawback… they require you, as the seller, to have a 100% uptime server and it requires either the client server or the clients users to each initiate a request to that server. This means that both your server is going to get a lot of, what can only be described as, logging traffic (useless to everyone really) and the clients (servers or client machines) are going to get a worse (slower) user experience because of it. That and if you ever decide to move server or domain for the script then there is a lot of admin to do.

Either way there is the potential for you lose out on potential lovely cash. What we need is to be able to use the product key method with a way of stopping people from getting at the source code. There are a few ways to do this, some more awkward than others (both for the purchaser and the developer). The two worth mentioning are:

Code Encryption

This is the daddy of code protection. If your code is protected by an encryption algorithm then people are unable to look at the source code no matter how resourceful. The real downside of this is that you have to force your users to install additional server software before your code will run on their server. No simple FTP it up and start using it type system; this method is likely to involve your server host and a support ticket or two. An example of this would be any system that uses Ioncube Loader which, I understand to be, the same sort of thing.

Code Obfuscation

This is the lighter and more manageable version of the above. Whenever you look at an obfuscated file it will appear jibberish to the reader. PHP can interpret it because it doesn’t care whether a variable or function/method has a name which is human readable or not. Obfuscation works by removing all whitespace, renaming functions and variables and swapping out ascii text for a different characterset/encoding which is not immediately obvious to a novice that it’s text. Often these scripts make use of nested loops, dummy methods and evaluated code (code as a string which has then had the eval() function passed over it. Base64 encoding is popular but very easy to spot and decode to it’s use is on the decline. No additional software is required to run obfuscated code, it’s just a pain when there is an error in the code and the developer, for example, is on holiday for the next month! The downside of this for the developer is that it can be decoded and reverted to something resembling it’s original form (minus original function and variable names) by simply working backwards. Well… it’s not simple at all but is doable! Many virus script writers use this method of hiding a scripts intention. I have had to decode a few myself and it’s not fun.

Recommendations

My only recommendation is going to be to use neither and just go with a simple product key. Yes you are going to get taken for a ride by some people who want to redistribute it amongst their friends but think about it… they can’t get any updates from you, no support and if their source of the code disappears then they might even come and buy from you in the first place.

The key is to constantly be working on your scripts/applications. Don’t settle on a single version for too long, encourage a good community around the work and most importantly don’t rip people off in the first place… if the price is reasonable then people will happily pay it. A cheaper price is also a nice reason to offer sightly less involved support. It’s also a possible avenue of further income, premium support etc..

The real issue with any form of code protection is that updates and critical fixes won’t work without the original developer putting a new package together and, often, the entire fileset being replaced. If something goes wrong and the developer is not available then the job can not be outsourced which causes more issues. This is why I would always recommend you stand behind a well written Terms and Conditions document which must be agreed before the software can be used. Generally a block in the code is a challenge to be overcome, a legal document that requires signing and makes you liable is not!

Thanks for reading!

nb: example.com, example_dotcomsmate.com and my_premiumscripts.com are fabricated and although they might exist have no relation to the content in this article.

2 comments »

Posted in Personal Blog, PHP, Teaching, Tutorials, Wordpress

SB Uploader

January 4th, 2011

You know I have been intending to release this for literally six months now. I originally wrote it for a client as a way to get company logos to appear inside WordPress posts… easy you say huh? What about if we were dealing with people who had no idea what to do when looking at the standard wordpress ‘Add Media’ or ‘Add Image’ page. It all seemed a bit too complicated for the average person so SB Uploader was born.

The idea of the plugin is that it means the act of uploading an image can be done on the same page as the Post/Page editor and there is no separate upload button, just the Save/Publish Post/Page button as normal. This ensures that as part of their blog post or copywriting process an image could be chosen before publishing.

How does it work?

Well the plugin uses JQuery to add the ‘enctype’ argument to the form on the editor page meaning no code WordPress code manipulation is necessary. A box is added to the top right hand corner of the edit page interface with a simple file selector with browse button. When the user hits Publish/Save the file is uploaded and the URL put into a post/page custom field called company_logo. This can then be used by your theme using the following code:

if ($image = get_post_meta(get_the_ID(), 'post_image', true)) {
 $image = '<img src="' . $image . '" alt="Image" />';
}
echo $image;

I would normally wrap the image variable in a div tag with a class or give the image itself a class so that I can restrict the size or float the image (or both?) using the stylesheet. It simply means that you can include that image inside a template if it exists.

So far I have used it on several sites and not one person had managed to break it or struggled using it. That isn’t a challenge though! :)

As a little bonus for those that know what they are doing I have written a very basic file explorer to allow you to look around the file system of the site in question and upload/download files as appropriate. This isn’t included on the Post/Page Interface but is included as a plugin menu so it can easily be turned off or separated using something like the Adminize plugin (which I really do love!).

Screenshots

Download: SB Uploader (12.51 kB)

Enjoy! Feedback always welcome…

2 comments »

Posted in PHP, Plugins, Time Savers, Wordpress