Home Forums Plugin Support WP User Frontend Pro Anyone can add Post (How to change this?)

This topic is: resolved

This topic contains 17 replies, has 3 voices, and was last updated by  Tareq Hasan 5 years, 10 months ago.

Viewing 15 posts - 1 through 15 (of 18 total)
  • Author
    Posts
  • #2492

    Mike
    Participant
    Post count: 26

    Hey there,

    In the free version I was able to add a bit of code provided here: http://wordpress.org/support/topic/security-problem-doesnt-observe-user-capabilities which prevented any other member on my multisite network from adding posts to other member's blogs.

    However, this file isn't on the PRO version so I can't seem to make this change. Currently, on the PRO version any member on my multisite network can navigate to another member's site and easily add a post to their blog. I don't want this and need a way to prevent anyone from posting on a blog unless they are the administrator of that blog

    Again, this code provided in the link above worked beautifully for me as it only allowed the blog owner to post on their blog and not anyone else's.  Any way to help me here? Thanks!!

    #2495

    Tareq Hasan
    Keymaster
    Post count: 2831

    You can find that line on `/class/frontend-form-post.php`, line: 33. I am curious how will that solve this problem.

    #2497

    Mike
    Participant
    Post count: 26

    Thanks! I really dont' know exactly why this change works but the way I set up my multisite network is no one (not even admins) can enter the back end thanks to your plugin (only super admin can) .. I also set it up so that every user on my network is an “editor” of the main site but have no roles associated with any other site except “admin” if they created one

    Adding this function that “professor” provided prevents them from cross posting on other blogs. However, I dont want to break anything can you please tell me exactly where on line 33 I would enter the following ?

     

    function post_form( $post_type ) {
    ....
      $can_post = 'yes';
    
      $info = apply_filters( 'wpuf_addpost_notice', $info );
    
       if (!current_user_can( 'edit_posts' ))
         $can_post = 'no';
    
      $can_post = apply_filters( 'wpuf_can_post', $can_post );
    #2499

    Tareq Hasan
    Keymaster
    Post count: 2831

    Should be like this
    [php]
    if (!current_user_can( ‘edit_posts' )) {
    $user_can_post = ‘no';
    }
    $user_can_post = apply_filters( ‘wpuf_can_post', $user_can_post );
    [/php]

    #2501

    Mike
    Participant
    Post count: 26

    Thank you! and sorry im such a newbie..do I add that code into the existing code? or am I replacing code that already exists in that file? If im replacing what exactly do I remove to put this code in?  If adding it in , where do I add in exactly? Sorry for troubling you..i really love this plugin

    #2502

    Mike
    Participant
    Post count: 26

    🙁  I been trying my best doing various ways of placing this code and keep getting unexpected T variable error. Im not a guru of PHP so any guidance would be awesome when you get a chance.  I see the following in this file around line 33

    $form_settings = get_post_meta( $id, ‘wpuf_form_settings', true );

    $info = apply_filters( ‘wpuf_addpost_notice', ” );

    $user_can_post = apply_filters( ‘wpuf_can_post', ‘yes' );

     

    if ( $user_can_post == ‘yes' ) {

    $this->render_form( $id );

    } else {

    echo ‘<div class=”info”>' . $info . ‘</div>';

    }

     

     

    But I dont know where to place this code you gave me:

     

    if(!current_user_can( ‘edit_posts')) {

        $user_can_post= ‘no';

    }

    $user_can_post= apply_filters( ‘wpuf_can_post', $user_can_post);

    #2516

    Mahi
    Member
    Post count: 1555

    this file
    `wp-content/plugins/wpuser-frontend/class/frontend-form-post.php`

    #2522

    Tareq Hasan
    Keymaster
    Post count: 2831

    Hey Mike, this whole function should be like this

    [php]
    /**
    * Add post shortcode handler
    *
    * @param array $atts
    * @return string
    */
    function add_post_shortcode( $atts ) {
    extract( shortcode_atts( array(‘id' => 0), $atts ) );
    ob_start();

    $form_settings = get_post_meta( $id, ‘wpuf_form_settings', true );
    $info = apply_filters( ‘wpuf_addpost_notice', ” );
    if (!current_user_can( ‘edit_posts' )) {
    $user_can_post = ‘no';
    }
    $user_can_post = apply_filters( ‘wpuf_can_post', $user_can_post );

    if ( $user_can_post == ‘yes' ) {
    $this->render_form( $id );
    } else {
    echo ‘<div class="info">' . $info . ‘</div>';
    }

    $content = ob_get_contents();
    ob_end_clean();

    return $content;
    }
    [/php]

    #2533

    Mike
    Participant
    Post count: 26

    Thanks! but unfortunately i did that (without parse errors) BUT the post form disappeared from me completely and im the super admin! im so sad..there has to be some way (like in the free version) that I can prevent people from posting on other's blogs but still able to post on their own…i dont know why this same code caused the form to disappear completely ..any thoughts?

    #2535

    Tareq Hasan
    Keymaster
    Post count: 2831

    Remove the changes you made to that file. Now add this code to your themes functions.php and check the result. I haven't tested it, but should work.

    [php]
    function wpufe_check_multisite_user( $permission ) {

    // if its multisite and the user belongs to this blog
    if ( is_multisite() ) {
    global $blog_id;

    if ( is_blog_user( $blog_id ) ) {
    return ‘yes';
    } else {
    return ‘no';
    }
    }

    return $permission;
    }

    add_filter( ‘wpuf_can_post', ‘wpufe_check_multisite_user' );
    [/php]

    It prevents users from other blog to post in your site.

    #2568

    Mike
    Participant
    Post count: 26

    Thanks so much. I am trying to add this to my theme's function file but I keep getting this error:

    Parse error: syntax error, unexpected T_STRING in /home/____/public_html/wp-content/themes/snapshot/functions.php on line 414

    I tried placing it in several places with no luck

    #2571

    Tareq Hasan
    Keymaster
    Post count: 2831

    May be you've placed the code after the end of PHP. Can you paste your entire function.php in pastebin?

    #2574

    Mike
    Participant
    Post count: 26

    Hmm thanks! you are so helpful!!

     

    http://pastebin.com/C7udYcHm

    #2577

    Tareq Hasan
    Keymaster
    Post count: 2831

    This one shouldn't have problem

    #2579

    Mike
    Participant
    Post count: 26

    OMG it worked !! You are absolutely amazing sir. It was well worth the $160 for this plugin as your support is beyond what I have seen from other plugin authors…I know I can be a pest so thanks a lot 🙂

Viewing 15 posts - 1 through 15 (of 18 total)

The topic ‘Anyone can add Post (How to change this?)’ is closed to new replies.