Update: as @Mark Kaplun pointed out. once you let a developer in there is no way to restrict him. If you don’t trust someone for good reason, than don’t let him in as there are more than enough privilege escalation exploits going around for him to make himself admin. So the solution I provided needs … Read more
Alrighty. Welcome 👋. Let’s quickly go over your idea. From what I understand, you want to create 100 users with dynamically changing passwords over time. Not to tamper with the security of a password and its basic functionality. Roughly, here is how I would do it… Without touching the core functionality of WordPress’s login system. … Read more
The most obvious approach to this would be to first create a special user role for your students. Then for users with this role you can expand the profile with extra fields. Here you can store for every user which courses they follow. Next you define a custom post type that allows you to store … Read more
You seem to be asking 2 questions: 1) How do I place something on the Dashboard? 2) How do I get the links to all posts the current author has written? One way to place something on the Dashboard is to use a Dashboard widget. The Dashboard Widgets API describes the details, but here is … Read more
You could use Javascript <script type=”text/javascript”> function getCookie(c_name) { var i,x,y,ARRcookies=document.cookie.split(“;”); for (i=0;i<ARRcookies.length;i++) { x=ARRcookies[i].substr(0,ARRcookies[i].indexOf(“=”)); y=ARRcookies[i].substr(ARRcookies[i].indexOf(“=”)+1); x=x.replace(/^\s+|\s+$/g,””); if (x==c_name) { return unescape(y); } } } var logged_in=getCookie(“wordpress_logged_in_[HASH]”); if (logged_in!=null && logged_in!=””) { alert(“You are logged in!”); } else { alert(“You are logged out!”); } </script> NOTE: WordPress logged in cookie info can be found here. … Read more
the Short and sweet way would be to store the post id that they are allowed to edit in custom user meta. Then us wp_update_post and check if the id is in the user meta if so update if not don’t.
One solution might be to directly restrict access to the file on the server, but utilize a url rewrite to display the content — only if the id matches in the request. Obviously this doesn’t answer every question in the scenario but it does provide a proof-of-concept to indirectly convert a url into a file. … Read more
Normally, you’ll get those kinds of results because you have file permissions issues. The files all need to be readable and executable by whatever user the WordPress installation is running as (e.g. on most typical webservers, including if you’re running LAMP/MAMP locally, it’s usually something like the www user and staff group). You’ll need to … Read more
Your form action point to the url in which the login form is displayed, and this is many times not the desired behavior when you write your own login form. You should let the login end point handle the login. The result should be something like <form …. action=”<?php echo esc_url( site_url( ‘wp-login.php’, ‘login_post’ ) … Read more
If this is a medical record, you probably so use a transient download URL for the session when the profile is logged on, and destroy that URL when the users logs off, this ensures that the file is not accessible to others. I used WP Customer Area plugin on a CRM project and found it … Read more