Fixing private posts in WordPress 1.2
Posted by Kelvin on 24 Dec 2004 at 01:26 pm | Tagged as: programming
Private posts in WP 1.2 aren't displayed even to the user who created them. This may already have been patched in versions of WordPress > 1.2, but I haven't upgraded yet.
Only one file needs to be changed: wp-blog.header.php
- Do a search for "// Category stuff" without the quotes
- Copy and paste the following ABOVE "// Category stuff":
// Check if the user is logged-in - KT 24122004 if((!empty($_COOKIE['wordpressuser_'.$cookiehash])) && (!empty($_COOKIE['wordpresspass_'.$cookiehash]))) { $user_login = $_COOKIE['wordpressuser_'.$cookiehash]; $user_pass_md5 = $_COOKIE['wordpresspass_'.$cookiehash]; } function checklogin() { global $user_login, $user_pass_md5, $user_ID; $userdata = get_userdatabylogin($user_login); if ($user_pass_md5 != md5($userdata->user_pass)) { return false; } else { $user_ID = $userdata->ID; return true; } } checklogin(); - That's it! Private posts will now be displayed. If you'd like some kind of indication that the post is a private one, edit
index.phpand insert something like
< ?php if ('private' == $post->post_status) _e(' - Private'); ?>into the region where the post is displayed.
- What's basically happening is a check is done if the login cookie exists, and if so, ensure the username and password is valid, before setting
$user_IDwhich is used later on to retrieve private posts. I could have also modified the login code to include the user_id in the cookie, but didn't think that was as secure as this approach, though this incurs an additional database hit to perform the login check.
3 Responses to “Fixing private posts in WordPress 1.2”
Thanks for posting this code. I was suprised that this isn't correctly implemented in the install package. Worked like a charm!
Well done. However, readers should be aware that if they've changed their Blog URI to something different from their WordPress URI (via Options at ./wp-admin/options-general.php) they will only see their private posts at the WordPress URI, and not at the Blog URI. This is a known issue with the way that cookies are handled by WordPress (at least in older versions of WP). [tested patch using WordPress v1.2.2 @ Dreamhost]
Here's a quick'n'dirty fix for that cookie issue I mentioned above [works for v1.2.2]. This will work if you have wordpress installed at http://www.whatever.com but wanted the blog to show at myblog.whatever.com (or something of that nature). Wherever the code calls the PHP function setcookie (files `./wp-admin/profile.php`, `./wp-comments-post.php`, and `./wp-login.php`), add an additional argument after COOKIEPATH:
preg_replace('/\S*\.(\S+\.\w+)$/', '.\1', $_SERVER['HTTP_HOST'])
For example:
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
becomes:
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH, preg_replace('/\S*\.(\S+\.\w+)$/', '.\1', $_SERVER['HTTP_HOST']));