Skip to content

Commit

Permalink
Bye Bye Passwords
Browse files Browse the repository at this point in the history 
No more need for password field in theme options; also added new code to provide dashboard notices for plugins not present or activated.
  • Loading branch information
@cogdog
cogdog committed Oct 3, 2018
1 parent 50d86fd commit a76ba1c
Show file tree
Hide file tree
Showing 6 changed files with 287 additions and 26 deletions.
18 changes: 3 additions & 15 deletions README.md
View file
Expand Up @@ -17,7 +17,7 @@ Once installed the TRU Writer theme allows individuals to generate content onlin

Because it requires no login or CMS knowledge, TRU writer is great for projects where multiple people are contributing or for classroom applications where many individuals need to publish content on the same site. It focuses on the writing rather than Wordpress (not that we do not love you, Wordpress!)

The site invisibly logs in visitors to a special account to make available advanced publication and editing tools, but those individuals will not need to navigate the Wordpress dashboard or login structure (we love Wordpress, but hey, not everyone needs to see that dashboard, right?). The TRU Writer allows individuals to publish anonymously, or under an assumed name, or their own name, or whatever.
The site invisibly logs in visitors to a special account to make available advanced publication and editing tools, but those individuals will not need to navigate the Wordpress dashboard or login structure (we love dashboards, but hey, not everyone needs to see that mess, right?). The TRU Writer allows individuals to publish anonymously, or under an assumed name, or their own name, or whatever.

The TRU Writer Theme was developed along with the [TRU Collector](http://splot.ca/splots/the-comparator/), the [TRU Sounder](http://splot.ca/splots/tru-sounder/), [The Comparator](http://splot.ca/splots/the-comparator/), and the [Daily Blank](http://splot.ca/splots/the-daily-blank/) [while on a fellowship](http://cogdog.trubox.ca) at [Thompson Rivers University](http://tru.ca/)--that's why the "TRU" in the theme name.

Expand Down Expand Up @@ -230,22 +230,10 @@ To provide access to the media uploader, this site uses a Wordpress Authoring Ro

![](images/add-author.jpg)

You can follow the link from the options page to create this account; for an email you can use a fictitious one on your domain; nothing is ever sent to it. We suggest using the strong password that Wordpress suggests. Copy that password, and perhaps save it in a safe place.
You can follow the link from the options page to create this account; for an email you can use a fictitious one on your domain; nothing is ever sent to it. We suggest using the strong password that Wordpress suggests. If this site is on a multi-site Wordpress, and the TRU Writer has been used on another site, the writer account already exists, so you need to add it to the site via the Author tools.

On a stand-alone Wordpress site, you can just paste it into the password field of the TRU Writer options (see below).


If this site is on a multi-site Wordpress, and the TRU Writer has been used on another site, the writer account already exists, so you need to add it to the site via the Author tools.

![](images/add-to-site.jpg)

However, you still have to enter the password, so make sure you know the password that was used on another site. If you do not have access to it, you will have to reset the password at the Network Admin level, and then update the password on the options of all sites using the TRU Writer.

This is how it is entered on the TRU Writer option screen (you need to click the "show" button to display the field)

![](images/show-password.gif)

You can now see the password expected for the secret account.
** Note: As of version 0.3 of this theme, the password no longer needs to be copied and entered into the options screen.** If you are using a version of the theme that has a password field in the options, maybe it's a good time to update? Otherwise, [see an older version of this ReadMe](https://github.com/cogdog/truwriter/blob/50d86fdfe039aec4575a2eaa29c16ad3374d3596/README.md#author-account-setup) for instructions.

#### Creative Commons Settings

Expand Down
12 changes: 3 additions & 9 deletions class.truwriter-theme-options.php
View file
Expand Up @@ -218,6 +218,9 @@ public function get_settings() {
// ---- Build array to hold options for select, an array of post categories that are children of "Published"
$all_cats = get_categories('hide_empty=0&parent=' . get_cat_ID( 'Published' ) );


$cat_options = array();

// Walk those cats, store as array index=ID
foreach ( $all_cats as $item ) {
$cat_options[$item->term_id] = $item->name;
Expand Down Expand Up @@ -263,15 +266,6 @@ public function get_settings() {
'std' => truwriter_author_user_check( 'writer' ),
'type' => 'heading'
);

$this->settings['pkey'] = array(
'title' => __( 'Author Account Password' ),
'desc' => __( 'When you create the account, we suggest using the generated strong password, make sure you save it so you can add it here.' ),
'std' => '',
'type' => 'password',
'section' => 'general'
);


// ------- creative commons options
$this->settings['cc_heading'] = array(
Expand Down
5 changes: 4 additions & 1 deletion functions.php
View file
Expand Up @@ -1522,7 +1522,7 @@ function truwriter_author_user_check( $expected_user = 'writer' ) {


} else {
return ('The authoring account <strong>' . $expected_user . '</strong> is correctly set up. You are ready to Write and Roll. Or your site users are.');
return ('The authoring account <strong>' . $expected_user . '</strong> is correctly set up.');
}
}

Expand Down Expand Up @@ -1587,4 +1587,7 @@ function br2nl ( $string )
return preg_replace('/\<br(\s*)?\/?\>/i', PHP_EOL, $string);
}

// Load plugin requirements file to display admin notices.
require get_stylesheet_directory() . '/inc/splot-plugins.php';

?>
19 changes: 19 additions & 0 deletions inc/splot-plugins.js
View file
@@ -0,0 +1,19 @@
jQuery(document).ready(function($) {

/**
* Process request to dismiss our admin notice
*/
$('#splot-notice .notice-dismiss').click(function() {

//* Data to make available via the $_POST variable
data = {
action: 'splot_admin_notice',
splot_admin_nonce: splot_admin.splot_admin_nonce
};

//* Process the AJAX POST request
$.post( ajaxurl, data );

return false;
});
});
257 changes: 257 additions & 0 deletions inc/splot-plugins.php
View file
@@ -0,0 +1,257 @@
<?php
/**
* Inform a theme user of plugins that will extend their theme's functionality.
*
* @link https://github.com/Automattic/theme-tools/
*/

class Splot_Theme_Plugin_Enhancements {

/**
* @var array; holds the information of the plugins declared as enhancements
*/
var $plugins;

/**
* @var boolean; whether to display an admin notice or not.
*/
var $display_notice = false;

/**
* Init function.
*/
static function init() {
static $instance = false;

if ( ! $instance ) {
$instance = new Splot_Theme_Plugin_Enhancements;
}

return $instance;
}

/**
* Determine the plugin enhancements declared by the theme.
*
* Themes must declare the plugins on which they depend by using
* add_theme_support( 'plugin-enhancements' ).
*
* If there are plugin enhancements and any of the enhancements are
* either not installed or not activated, alert the user.
*/
function __construct() {

// We only want to display the notice on the Dashboard, Themes, and Plugins pages.
// Return early if we are on a different screen.
$screen = get_current_screen();
if ( ! in_array( $screen->base, array( 'dashboard', 'themes', 'plugins' ) ) ) {
return;
}

// Define plugins recommended / required
$this->plugins = array(
array(
'slug' => 'reading-time-wp',
'name' => 'Reading Time WP',
'message' => sprintf(
esc_html__( 'The %1$s is recommended to add estimated reading times to published pieces.', 'truwriter' ),
'<strong>' . esc_html__( 'Reading Time WP plugin', 'truwriter' ) . '</strong>' ),
),

array(
'slug' => 'remove-dashboard-access-for-non-admins',
'name' => 'Remove Dashboard Access',
'message' => sprintf(
esc_html__( 'The %1$s is recommended to hide the dashboard from the special writer user account used to guest author on this site.', 'truwriter' ),
'<strong>' . esc_html__( 'Remove Dashboard Access plugin', 'truwriter' ) . '</strong>' ),
),



);


// Set the status of each of these enhancements and determine if a notice is necessary.
$this->set_plugin_status();

// Output the corresponding notices in the admin.
if ( $this->display_notice && current_user_can( 'install_plugins' ) ) {
add_action( 'admin_notices', array( $this, 'admin_notices' ) );
}
}

/**
* Determine the status of each of the plugins declared as a dependency
* by the theme and whether an admin notice is necessary or not.
*/
function set_plugin_status() {
// Get the names of the installed plugins.
$installed_plugin_names = wp_list_pluck( get_plugins(), 'Name' );

foreach ( $this->plugins as $key => $plugin ) {

// Determine whether a plugin is installed.
if ( in_array( $plugin['name'], $installed_plugin_names ) ) {

// Determine whether the plugin is active. If yes, remove if from
// the array containing the plugin enhancements.
if ( is_plugin_active( array_search( $plugin['name'], $installed_plugin_names ) ) ) {
unset( $this->plugins[ $key ] );
} // Set the plugin status as to-activate.
else {
$this->plugins[ $key ]['status'] = 'to-activate';
$this->display_notice = true;
}

// Set the plugin status as to-install.
} else {
$this->plugins[ $key ]['status'] = 'to-install';
$this->display_notice = true;
}
}
}

/**
* Display the admin notice for the plugin enhancements.
*/
function admin_notices() {
// Bail if the user has previously dismissed the notice (doesn't show the notice)
if ( get_user_meta( get_current_user_id(), 'splot_admin_notice', true ) === 'dismissed' ) {
return;
}

$notice = '';

// Loop through the plugins and print the message and the download or active links.
foreach ( $this->plugins as $key => $plugin ) {
$notice .= '<p>';

// Custom message provided by the theme.
if ( isset( $plugin['message'] ) ) {
$notice .= $plugin['message'];
}

// Activation message.
if ( 'to-activate' === $plugin['status'] ) {
$activate_url = $this->plugin_activate_url( $plugin['slug'] );
$notice .= sprintf(
esc_html__( ' To do this, activate %1$s. %2$s', 'truwriter' ),
esc_html( $plugin['name'] ),
( $activate_url ) ? '<a href="' . $activate_url . '">' . esc_html__( 'Activate Now', 'truwriter' ) . '</a>' : ''
);
}

// Download message.
if ( 'to-install' === $plugin['status'] ) {
$install_url = $this->plugin_install_url( $plugin['slug'] );
$notice .= sprintf(
esc_html__( ' To do this, install %1$s. %2$s', 'truwriter' ),
esc_html( $plugin['name'] ),
( $install_url ) ? '<a href="' . $install_url . '">' . esc_html__( 'Install Now', 'truwriter' ) . '</a>' : ''
);
}

$notice .= '</p>';
}

// Output notice HTML.
$allowed = array(
'p' => array(),
'strong' => array(),
'em' => array(),
'b' => array(),
'i' => array(),
'a' => array( 'href' => array() ),
);
printf(
'<div id="splot-notice" class="notice notice-warning is-dismissible">%s</div>',
wp_kses( $notice, $allowed )
);
}

/**
* Helper function to return the URL for activating a plugin.
*
* @param string $slug Plugin slug; determines which plugin to activate.
*/
function plugin_activate_url( $slug ) {
// Find the path to the plugin.
$plugin_paths = array_keys( get_plugins() );
$plugin_path = false;

foreach ( $plugin_paths as $path ) {
if ( preg_match( '|^' . $slug .'|', $path ) ) {
$plugin_path = $path;
}
}

if ( ! $plugin_path ) {
return false;
} else {
return wp_nonce_url(
self_admin_url( 'plugins.php?action=activate&plugin=' . $plugin_path ),
'activate-plugin_' . $plugin_path
);
}
}

/**
* Helper function to return the URL for installing a plugin.
*
* @param string $slug Plugin slug; determines which plugin to install.
*/
function plugin_install_url( $slug ) {
/*
* Include Plugin Install Administration API to get access to the
* plugins_api() function
*/
include_once ABSPATH . 'wp-admin/includes/plugin-install.php';

$plugin_information = plugins_api( 'plugin_information', array( 'slug' => $slug ) );

if ( is_wp_error( $plugin_information ) ) {
return false;
} else {
return wp_nonce_url(
self_admin_url( 'update.php?action=install-plugin&plugin=' . $slug ),
'install-plugin_' . $slug
);
}
}
}
add_action( 'admin_head', array( 'Splot_Theme_Plugin_Enhancements', 'init' ) );

function splot_enqueue_scripts() {
// Add the admin JS if the notice has not been dismissed
if ( is_admin() && get_user_meta( get_current_user_id(), 'splot_admin_notice', true ) !== 'dismissed' ) {

// Adds our JS file to the queue that WordPress will load
wp_enqueue_script( 'splot_admin_script', get_stylesheet_directory_uri() . '/inc/splot-plugins.js', array( 'jquery' ), '20180901', true );

// Make some data available to our JS file
wp_localize_script( 'splot_admin_script', 'splot_admin', array(
'splot_admin_nonce' => wp_create_nonce( 'splot_admin_nonce' ),
));
}
}
add_action( 'admin_enqueue_scripts', 'splot_enqueue_scripts' );

/**
* Process the AJAX request on the server and send a response back to the JS.
* If nonce is valid, update the current user's meta to prevent notice from displaying.
*/
function splot_dismiss_admin_notice() {
// Verify the security nonce and die if it fails
if ( ! isset( $_POST['splot_admin_nonce'] ) || ! wp_verify_nonce( $_POST['splot_admin_nonce'], 'splot_admin_nonce' ) ) {
wp_die( __( 'Your request failed permission check.', 'truwriter' ) );
}
// Store the user's dimissal so that the notice doesn't show again
update_user_meta( get_current_user_id(), 'splot_admin_notice', 'dismissed' );
// Send success message
wp_send_json( array(
'status' => 'success',
'message' => __( 'Your request was processed. See ya!', 'truwriter' )
) );
}
add_action( 'wp_ajax_splot_admin_notice', 'splot_dismiss_admin_notice' );

2 changes: 1 addition & 1 deletion style.css
View file
Expand Up @@ -2,7 +2,7 @@
Theme Name: TRU Writer
Theme URI: http://splot.ca
Description: TRU Writer (Child of Radcliffe) the famous SPLOT for rich media writing, on the web
Version: 0.29
Version: 0.30
Template: radcliffe
Author: CogDog
Author URI: https://cog.dog
Expand Down

0 comments on commit a76ba1c

Please sign in to comment.