LINICKX.comhttps://www.linickx.com/Fri, 08 May 2009 08:08:00 +0100root-cookie - Tutorial 1: Accessing WordPress cookies from custom scripts.https://www.linickx.com/root-cookie-tutorial-1-accessing-wordpress-cookies-from-custom-scripts<p>I've been wanting to do this for a while, this is the 1st in a planned short series of tutorials for <a href="http://wordpress.org/extend/plugins/root-cookie/">my root cookie WordPress plugin</a>.</p> <p>I've decided to start with the purpose I wrote the plugin, then I'll move onto a couple of tutorial which answer some of the FAQs I get.</p> <p><strong>Scenario.</strong><br /> Before you start you need a working copy BLANK of WordPress, in a sub directory, with a url like domain.com/wordpress.<br /> A BLANK copy is a fresh install, using the default theme and only my root-cookie plugin installed, remember after activating the plugin clear your browsers cookies.</p> <p><strong>Getting Started.</strong><br /> So you have a ready &amp; waiting copy of WP, next create a directory called "my-scripts" or whatever you like, and in it create 1.php with the following contents:</p> <p><code>&lt;?php print_r($_COOKIE); ?&gt;</code></p> <p>Browse to domain.com/my-scripts/1.php and you'll get a blank white page with <code>Array()</code>.<br /> Next log into WordPress, and re-fresh 1.php and you should get something like....</p> <blockquote> <p>Array ( [wordpress_xxxxxxxxxxxxxyyyyyyyyyyyyyy] =&gt; admin|1241455565|xxxxxxxxxxxxxyyyyyyyyyyyyyy [wordpress_logged_in_xxxxxxxxxxxxxyyyyyyyyyyyyyy] =&gt; admin|1241455565|xxxxxxxxxxxxxyyyyyyyyyyyyyy )</p> </blockquote> <p>Done! You've just accessed WordPress's cookies :)</p> <p>Now when I first started I had a very basic script which hid my Google adverts when I'm logged in, it's against Google's policies to click on your own adverts so to avoid accidents I wanted to hide them.</p> <p>The following script is NOT secure, it doesn't check that you've logged into WordPress it simply checks that you a cookie set with the right username (<em>which anyone can fake</em>) but for my purpose this was fine, I had no issues with users faking cookies to get rid of the adverts*</p> <p><code>&lt;?php if (isset($_COOKIE["wordpress_logged_in_fxxxxxxxxxxxxxyyyyyyyyyyyyyy"])) { $cookie = $_COOKIE["wordpress_logged_in_xxxxxxxxxxxxxyyyyyyyyyyyyyy"]; $cookie_elements = explode('|', $cookie); if ($cookie_elements[0] == "admin") { echo "&lt;h1&gt;Hello admin!&lt; &lt;/h1&gt;"; } } ?&gt;</code></p> <p>Replace admin with whatever username your using and job done! Next time Accessing two WordPress installs domain.com/blog1 domain.com/blog2 with root-cookie :)</p> <p>*<em>this will not work now, as I do something different.</em> :)</p> <p></code></p>nickFri, 08 May 2009 08:08:00 +0100tag:www.linickx.com,2009-05-08:root-cookie-tutorial-1-accessing-wordpress-cookies-from-custom-scriptshowtoroot-cookietutorialWordPress