Tag: filters

Image Attribution

Did you know you could add fields to the media uploader?

In my case, I was at a convention and a fellow reporter (welcome to my new weird life) muttered she wished it was easier to have just a photo ‘credit’ line when she uploaded media from networks. I asked what system she used to run her site and when she said WordPress, I gave her my biggest smile.

Image Filters

There are two things we need to filter here.

Add our attribution field to the editor
Save the attribution data

That’s it. WordPress handles the rest.

add_filter( 'attachment_fields_to_edit', 'halfelf_add_attachment_attribution', 10000, 2);
add_action( 'edit_attachment', 'halfelf_save_attachment_attribution' );

function halfelf_add_attachment_attribution( $form_fields, $post ) {
	$field_value = get_post_meta( $post->ID, 'HALFELF_attribution', true );
	$form_fields[ 'HALFELF_attribution' ] = array(
		'value'    => $field_value ? $field_value : '',
		'label'    => __( 'Attribution' ),
		'helps'    => __( 'Insert image attribution here (i.e. "NBCUniversal" etc)' )
	);
	return $form_fields;
}

function halfelf_save_attachment_attribution( $attachment_id ) {
	if ( isset( $_REQUEST['attachments'][$attachment_id]['lwtv_attribution'] ) ) {
		$attribution = $_REQUEST['attachments'][$attachment_id]['HALFELF_attribution'];
		update_post_meta( $attachment_id, 'HALFELF_attribution', $attribution );
	}
}

End Result?

It shows up a little lower down than I’d like (I’d prefer it to be up where the URL is) but it works:

Oh and yes, I emailed her the code as a stand-alone plugin. Her IT person was thrilled.

12 July, 2018

Customizing Login Pages
Most of the time, the default WordPress login page is fine. The vast majority of the time it’s fine. Once in a while, you want it to look a little more custom. So let’s talk about what you can do.

Change the Login Logo

This involves three things:
1. Making a logo of the appropriate size
2. Uploading it
3. Pointing your code to it
The default size of the logo is 80×80, which I’m using below. You can make it as wide as 312px, and as tall as you want, but I recommend not going too tall. I like mine to match my Site Icon, personally.

The path to the file is going to depend on where you put it, obviously. Remember it should be the URL, so you can’t use relative paths here.
```
add_action( 'login_enqueue_scripts', 'helf_my_login_logos' );

function helf_my_login_logos() {
	$logo_image = 'http://my-domain.com/path/to/my/image.png';
	?>
	<style type="text/css">
		#login h1 a, .login h1 a { background-image: url(<?php echo $logo_image; ?>);
			height:80px;
			width:80px;
			background-size: 80px 80px;
		}
	</style>
	<?php
}
```
Don’t want to code? Try using the Login Logo plugin.

Change the URL (and Alt Text)

Now that we’ve changed changed the logo, we should change the link and the alt text. After all, if the logo is your site, why should the URL be to WordPress?
```
add_filter( 'login_headerurl', 'helf_my_login_headerurl' );
add_filter( 'login_headertitle', 'helf_my_login_headertitle' );

function helf_my_login_headerurl() {
	return home_url();
}

function helf_my_login_headertitle() {
	return get_bloginfo( 'name' );
}
```
You can change the URL and text however you want, but I find it easier to just link to the site itself.

Bonus! Change the Errors

Okay this is rarely going to matter to anyone. But Tracy has a new favorite GIF:

And me, I wanted a nice, sneaky place to have it show up appropriately. So I decided to have it pop up when someone put in the wrong credentials while logging in. And I did that like so:
```
add_filter( 'login_errors', 'helf_my_login_errors' );

function helf_my_login_errors( $error ) {
	$diane = '<br /><img src="' . content_url( 'uploads/diane.gif' ) . '" alt="Access DENIED" />';
	$error = $error . $diane;
	return $error;
}
```
Now this doesn’t actually do anything other than be amusing. Let’s have a more practical example of wanting to change the invalid username/password messages to not tell people what they got wrong and not offer a password reset.

That would look like this:
```
function helf_my_login_errors( $error ) {
	global $errors;
	$error_codes = $errors->get_error_codes();

	if ( in_array( 'invalid_username', $error_codes ) || in_array( 'incorrect_password', $error_codes ) ) {
		$error = '<strong>ERROR</strong>: Incorrect login credentials.';
	}

	return $error;
}
```
There is not a good list of all the errors you may want to filter, I’m afraid.
24 May, 2018
Restrict Site Access Filters
I have a demo site I use to for development. One of the things I want is to be able to lock the site to logged in users only and that I can do via Restricted Site Access by 10up.

One of the things the plugin also allows is to open up access to an IP, so someone who doesn't have an account can check the site before you go live. The problem with this feature is caching.

Caching Restricted Pages

It doesn't really matter what kind of caching system you use, the point is all the same. People who aren't logged in should get a cached version of the content. People who are logged in, or whom you've determined need a unique experience, don't get cached content. That's the barebones of caching.

The problem I ran into with restricted site access is that if I whitelisted an IP range, and someone from that range visited the site, they generated a page which my cache system … cached. That meant the next person got to see the cached content.

Now this may not actually be a problem in all cache systems, but I happened to be using Varnish, which is fairly straightforward about how it works. And, sadly, the plugin I'm using doesn't have a way around this. Yet.

Filters and Hooks

Like any enterprising plugin hoyden, I popped open the code and determined I needed to address the issue here:
```
// check if the masked versions match
if ( ( inet_pton( $ip ) & $mask ) == ( $remote_ip & $mask ) ) {
	return;
}
```
This section of code is checking "If the IP matches the IP we have on our list, stop processing the block. It's okay to show them the content." What I needed was to add something just above the return to tell it "And if it's Varnish, don't cache!"

At first my idea was to just toss a session_start() in there, which does work. For me. Adam Silverstein was leery of that having unintended consequences for others, and wouldn't it be better to make it hookable? After all, then any caching plugin could hook in! He was right, so I changed my pull request to this:
```
do_action( 'restrict_site_access_ip_match', $remote_ip, $ip, $mask ); // allow users to hook ip match
```
The next version of the release will have that code.

In The Field

Now, assuming you've slipped that code into your plugin, how do you actually use it?

Since I need to have this only on my 'dev' site, and I'm incredibly ~~lazy~~ efficient, I decided to put this code into the MU plugins I use for the site:
```
if ( DB_HOST == 'mysql.mydevsite.dream.press' ) {
	add_action( 'restrict_site_access_ip_match', 'mydevsite_restrict_site_access_ip_match' );
}

function mydevsite_restrict_site_access_ip_match() {
	session_start();
}
```
This is not the only way to do it. I also happen to have a define of define( 'MYSITE_DEV', true ); in my wp-config.php file, so I could have checked if that was true:
```
if ( defined( 'MYSITE_DEV' ) && MYSITE_DEV ) { ... }
```
Now, you'll notice I'm using sessions, even after Adam and I determined this could be bad for some people. It can. And in my case, in this specific situation, it's not dangerous. It's a quick and dirty way to tell Varnish not to cache (because PHP sessions indicate a unique experience is needed).

The downside is that not caching means there's more load on my server for the non-logged in user who is legit supposed to be visiting the site. Since this is a development site, I'm okay with that. I would never run this in production on a live site.
25 January, 2018