Posted by ljmacphee on October 16, 2008 under wordpress | 
This was a request from a school for a plugin that would only allow users that had email at the school domain ( user@school.edu ) to register as users on the blog.
Anyone trying to register with an email address not from that domain gets redirected to an error page.
To make this work:
1) Open the plugin in a text editor and change @good.edu on line 20 to be the domain you wish to allow users.
2) Upload the plugin to your plugin directory and activate.
Now you can easily change the error page for users not from your domain. It is on lines 31->36
This is just standard html with print in front of each line and the line in quotes.
print “<html>\n”;
print “<head><title>Restricted email address</title></head>\n”;
print “<body>\n”;
print “<h2> Sorry users are restricted to our school </h2>\n”;
print “</body>\n”;
print “</html>\n”;
Registration White List WordPress plugin
Posted by ljmacphee on September 22, 2008 under coppermine, hack your template, how to, php, wordpress |
Some asked how to add Coppermine photos to WordPress pages. This code will work for any page.
You need to replace MYSQL_SERVER with your database server, localhost usually works just fine.
USER_NAME is the user name for your Coppermine database
PASSWORD is the password for your Coppermine database
DATABASE_NAME is the name of your Coppermine database
Also replace YOUR_DOMAIN with the domain your Coppermine albums are hosted on. You might also need to change the path.
This code will give you a horizontal table of 3 thumbnail photos.
If you are using WordPress, you need to download any page from your theme. Change the file name to Coppermine and the Template name to Coppermine.
Remove the stuff in the middle. On my template that is everything between<div id=”content” class=”page”> and </div> but your template might be different. The past this code into that section being sure to add your password, database etc.
When you are done, upload the new template to your theme directory.
Create a new page and choose Coppermine as the template. All the work is done. You can add text or anything else to the page.
<?php
if ( !($coppermine_db = mysql_connect( “MYSQL_SERVER”, “USER_NAME”, “PASSWORD” ))){
die ( “Can not connect to server” );
}else{
//select db
if ( !(mysql_select_db(”DATABASE_NAME”, $coppermine_db ))){
die ( “Can not select database” );
}
}
//ask mysql db for the path and file name of last five images uploaded
$coppermine_query = “select filepath, filename, ctime from cpg_pictures order by ctime desc limit 3;”;
$coppermine_result = mysql_query($coppermine_query);
$count = mysql_numrows( $coppermine_result );
//start link
$link = “<center>”;
$link .= “<table border=3>”;
$link .= “<th colspan=3><a href=\”http://YOUR_DOMAIN.com/coppermine/\”>Recent Photos</th><tr>”;
$i = 0;
while ( $i < $count ){
$path = mysql_result($coppermine_result, $i, “filepath” );
$name = mysql_result($coppermine_result, $i, “filename” );
$link .= “<td><img src=\”http://YOUR_DOMAIN.com/coppermine/albums/$path” . “thumb_$name\”></td>”;
$i++;
}
$link .= “</tr></table>”;
$link .= “</center>”;
//end link
//clean up
mysql_close();
print $link;
You can see an example of this code TimesToCome where I pull 3 photos from 3 different Coppermine albums onto the page.
Posted by ljmacphee on July 25, 2008 under how to, security, wordpress |
Lots of people have asked how to white list some ip numbers on the ttc-security-plugin. I strongly recommend you adjust your blocked settings rather than a use a white list. But If you want a white list here is how you do it.
Open a copy of your ttc-security.php file and find this section:
// don’t ban ourselves….
if ( $http_local_addr == $http_remote_addr ){
$blacklisted = 0;
}
Right underneath that is where your white list will go. I’ve white listed 3 ip addresses 127.0.0.1, 127.0.0.2, 127.0.0.3 here.
/// White list of known good guys
///———————————————————————————————————–
if ( “127.0.0.1″ == $http_remote_addr ){
$blacklisted = 0;
}else if ( “127.0.0.2″ == $http_remote_addr ){
$blacklisted = 0;
}else if ( “127.0.0.3″ == $http_remote_addr ){
$blacklisted = 0;
}
///———————————————————————————————————–
You just need to change the 127.0.0.1, 127.0.0.2, 127.0.0.3 to the addresses you want to white list. You can just add more
else if ( "127.0.0.3" == $http_remote_addr ){
$blacklisted = 0;
}
if you need to white list more ips. This is the fastest way I know to do this. Before white listing any ips be sure to go to Whois and verify they are who you think they claim to be.
Posted by ljmacphee on June 16, 2008 under security, tools, wordpress |
The final plugin of the three part TTC ( TimesToCome ) WordPress security set is ready. This one acts as a tripwire. If a file is changed by you or more importantly someone other than you you’ll know.
Simply install and activate the plugin. Once activated go to the plugin management page and tell it you want a list of all files changed in the last 0-99 days ( pick your day ) and it will bring up a list of altered files for you.
If your WordPress install is in the top directory of your website this will check all the directories on your website. If you are down one level ( http://yoursite.com/wordpress/ ) then you can change this line:
$directories_to_read[$dir_count] = “../”; // plugins run from wp-admin so bounce up a directory
to this:
$directories_to_read[$dir_count] = “../../”; // plugins run from wp-admin so bounce up a directory
And it will check all the directories not just your WordPress directories.
Download
Part 1: WP plugin to prevent bot registrations
Part 2: WP Security Plugin: block bots, scrapers, cross-script attacks and more
Part 3: Tripwire
Install them all for best results!