Thursday 17 September 2015

How to Create a Strong Verification for your Maintainable WP Meta boxes?

In order to give strength to its hook system, WordPress leverages event-driven pattern for designs. Though, we know that the design patterns are certainly dependent on each other , thus it is highly unlikely to recognize a design pattern. This is what which makes WordPress flexible.

Apart from achieving exclusiveness, other thing which WordPress developers look for is to create a code which is easily maintainable. As with the advancement of technology and enhancement in the features the codebase of any web app tends to grow more complex. Thus, with passing time it becomes difficult to preserve the clarity and maintainability of the code.

This is equally applicable on WordPress, be it a plugin, an extension, themes or any other project type. The thing which is important is to write a maintainable code.

That's it!
No! certainly not!

This is where developers go wrong, as they make sure that they have followed all the steps to a write maintainable code. Let's for instance they apply meta box, apply options and also apply tabbed navigation in the WordPress dashboard, but they forget to check whether the code they have written works for real or not.

In this blog we will go to the server side in order to apply code which can verify that whether the user has the authority to save the meta data or not .


How to verify that the permissions are granted?

You need to incorporate a security check during the serialization process so as to check whether the user has the ability to save post meta data and to publish. To do this we can use nounce value so as to implement this. This is a number which is used once in order to protect URLs from the scope malicious users.

1. How to add a Nounce?

To add a nounce in the meta boxes, you need to implement the functionality in the markup which will render the post template. For this you need to load admin/views/authors-quick-tab.php and then after you need to update the template so that it contains wp_nounce _field.


<div id="authors-quick-tab">

<h2 class="nav-tab-wrapper current">
<a class="nav-tab nav-tab-active" href="javascript:;">Tab 1</a>
<a class="nav-tab" href="javascript:;">Tab 2</a>
<a class="nav-tab" href="javascript:;">Tab 3</a>
</h2>

<?php
// add tabbed content
include_once( 'tabs/tab1.php' );
include_once( 'tabs/tab2.php' );
include_once( 'tabs/tab3.php' );
// Add a nonce field
wp_nonce_field( 'authors_quick_tabs_save', 'authors_quick_tabs_nonce' );
?>

</div>



The code written above has introduced a nonce which has the functionality for saving the authors quick tabs (which we've named authors_quick_tabs_nonce) . This was also linked with a value which is figured out by authors_quick_tabs. This won't load on the very first go when you will load your web app on browser, as these values are displayed in a hidden field.

Those people who are intrigued can launch a suitable bowser's development tool in order to check the meta box, and you would get something like this and of course with a different value of nonce.

<input type="hidden" id="authors_quick_tabs_nonce" name="authors_quick_tabs_nonce" value="q4df212f34">

2. Check the Nonce

To make sure that the permissions of saving the post assigned to the user is implemented properly or not, you need to check the following three things:

  • User must save the data on the 'post' post type
  • Users must actually have save permission
  • Post must be not automatically saved by WordPress

In order to incorporate the first two we can write a helper function and for checking the third one you can go for an intrinsic function. Primarily, you need to establish the hook as well as the functions that can make use of the helper functions and then you need to save your meta data. Now you need to add some piece of code in the Authors_Quick_Meta_Box which is given below.


<?php add_action( 'save_post', array( $this, 'save_post' ) ); ?>

The next step is to define the function. You can make use of the following code in which we have called two functions.

<?php
public function save_post( $post_id ) {

if ( ! $this->is_valid_fnc() || ! $this->user_save( $post_id, 'authors_quick_tabs_nonce', 'authors_quick_tabs_save' ) ) {
return;
}

}
?>



In the given code, it is written to run the save_post function when we call a save_post action. The function is written to verify that the saved post is not of the 'post' post type, and if the user do not has the authority to save then function should exit.

Definition of the function is must so as to make the logic work. Then we need to write the is_valid_fnc function as this function checks the $_POST array to ensure that the saved post type is a 'post'.


<?php
private function is_valid_fnc() {
/**
* check valid post type or not
*/
return ! empty( $_POST['post_type'] ) && 'post' == $_POST['post_type'];
}
?>


After this we need to add the user_save function, to make sure that the whether the saved post is automatically due to the WordPress or not. Further , if the user is saving the function so there should be a proper nounce value for that particular post.


<?php
private function user_save( $post_id, $nonce_action, $nonce_id ) {

$is_var_save = wp_is_post_autosave( $post_id );
$is_var_revision = wp_is_post_revision( $post_id );
$is_var_valid_nonce = ( isset( $_POST[ $nonce_action ] ) && wp_verify_nonce( $_POST[ $nonce_action ], $nonce_id ) );
// Return true or false.
return ! ( $is_var_save || $is_var_revision ) && $is_var_valid_nonce;

}
?>

Notice here that we're passing in the nonce_action and the nonce_id that we defined in the template in the very first step. We're also using wp_verify_nonce in conjunction with said information. This is how we can verify that the post that's being saved is done so by a user that has the proper access and permissions.
One thing you should note is that we are passing nonce_id and the nonce_action which were defined at the very beginning. Moreover, we will also use wp_verify_nonce conjunction in order to make sure that user who has proper authorities only can save the post.


Maintainable code is certainly an indispensable need of the modern development world. Thus, verifying it becomes a crucial task.
Feel free to share your queries!

Wednesday 9 September 2015

Tips To Ensure That You Have An Adept VA For Your Web Development

If yours is an entrepreneurial business, Virtual Assistants (VAs) can help you boost your business. They can make your job amazingly simple by taking care of several tasks and thus, allowing you to concentrate over other essential that can lead to your enterprise growth. For instance, they can help manage calendars, an array of emails, handle campaigns to make sure that everything is working smoothly.

No doubt VAs can augment the website development process, but there are some crucial areas that must be dealt with utmost precision and thus, demand expert guidance. You can't simply hand over the sensitive controls to your VAs without getting yourself involved in them. However, by investing in some result-driven WordPress web development services, all the concerns related to web development will be managed by professionals. The adept WordPress developers can, thus, deliver a prolific web solution that can boost your business values.

Although, VAs are not that experienced to handle the crucial web development processes or maintain a business site, many business owners ask their VAs to put up a requisite website. The only apparent reason for this could be that this makes a cost effective way or enterprises want someone from their team to accomplish it.



For the folks who really want to put the responsibility of their website on their VA, it is essential to kick around and ensure that the chosen VA is appropriate for the job. Here I have enlisted a list of questions that can help you analyze the capabilities of your VAs and streamline your choice accordingly.
  • Are they capable enough to analyze and create a chart to represent insights of target market, so that your target audience will be clear. Thus, a site can be designed keeping them in mind.
  • Do they have branding and graphic design skills? Do they know the absolute way for optimizing images so that images can be instantly downloaded from any device?
  • Do they know about the latest web trends and have insights to choose the best suitable layout that can leverage your target market and business?
  • SEO is quite essential, Do they know how to achieve a search engine optimized website?
  • Do they possess any programming skill so that if something went wrong that can be handled and fixed appropriately? Other than the premium products, if any custom design is required, would they be able to customize your site without leaving the quality behind?
  • Do they know how to turn a site into a responsive site so that your business can reach myriads of devices with a flair.
  • If they are writing content for the web, do they aware of the ground rules of copywriting?
  • Do they belong to marketing field? If yes, what is their education and how many years of experience do they have in the field? Is it sufficient for your business.
  • Do they know about all kinds of feature and functions that can be integrated to deliver an enhanced website? Are they aware of a few plugins for particular categories?
  • Are they aware of other CMS platforms that can offer a superior experience than WordPress (like is Magento is better than WordPress if you want to develop an eCommerce website)?

If you get positive response for all the aforementioned questions, your chosen VA is ideal for developing your enterprise website. Otherwise, it is advisable to hire WordPress developer and reap the benefits of this blissful platform.

There are numerous web development companies that offer invaluable development services at competitive prices. Therefore, you can easily seek one that best suits your project needs and business objectives.