goalietactiq

Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter goalietactiq

    (@goalietactiq)

    I didn’t get an answer. I have a client that it is an issue with her. Can someone help.

    Thread Starter goalietactiq

    (@goalietactiq)

    something like that: https://wordpress.stackexchange.com/questions/240230/how-to-allow-registered-users-to-change-their-user-role-through-frontend

    function upgrade_to_premium() {
    if( is_user_logged_in() ) {
    if( is_page( ‘upgrade-to-premium’ ) ) {
    $current_user = wp_get_current_user();
    if( $current_user->roles[0] == “subscriber” || $current_user->roles[0] == “premium” ) {
    $user_id = $current_user->id;
    $role = $current_user->roles[0];
    if( $_POST[‘role’]){
    if( $_POST[‘role’] == $role ) {
    echo “Sorry, you are already a ” . $role . “!”;
    } else {
    $role = $_POST[‘role’];
    $userdata = array();
    $userdata[‘ID’] = $user_id;
    $userdata[‘role’] = $role;
    wp_update_user($userdata);
    echo “Your user type has been changed! You are now a ” . $role . “!”;
    }
    }
    ?>

    <form method=”post” action=””>
    Please select a role:<br/>
    <select name=”role”>
    <option value=”subscriber” selected=”selected”>Subscriber</option>
    <option value=”premium”>Premium</option>
    </select>
    <INPUT TYPE=”submit” name=”submit” />
    </form>

    <?php
    }
    }
    }
    }
    add_shortcode( ‘upgrade_to_premium’, ‘upgrade_to_premium’ );
    user-roles front-end upgrade
    share improve this question follow
    asked Sep 22 ’16 at 14:46

    JulesB
    1133 bronze badges
    2
    shortcodes should return their output, not echo it – Mark Kaplun Sep 22 ’16 at 15:24
    See updated answer. thanks Mark. JulesB one thing is that you should never trust the user input, example if you allow editing the role via a simple $_POST select element, the user can manipulate the value in browser to get admin role for example. so you have to check if the value sent to php via $_POST is acceptable/within your secure range of values before processing it. In your code sample, I can easily inject ‘administrator’ as role and get role priv. thanks ?? – Ahmed Fouad Sep 22 ’16 at 15:41
    add a comment
    1 Answer
    Active
    Oldest
    Votes

    0

    I’ve edited the code a bit and this works on my localhost. Try it and let me know if it does the job.

    Be careful to edit your own admin role though. Or put in another condition to prevent updating your admin role in case of a use error.

    Edit: added ob_start() thanks to Mark Kaplun. Shortcodes need to be returned not echoed.

    add_shortcode( ‘upgrade_to_premium’, ‘upgrade_to_premium’ );
    function upgrade_to_premium() {

    // Stop if user is not logged in.
    if ( ! is_user_logged_in() )
    return;

    ob_start();

    ?>

    <form method=”post” action=””>
    Please select a role:<br/>
    <select name=”role”>
    <option value=”subscriber” selected=”selected”>Subscriber</option>
    <option value=”premium”>Premium</option>
    </select>
    <input type=”submit” name=”submit” />
    </form>

    <?php

    // Do not process anything if it’s not $_POST
    if ( ! isset( $_POST[‘role’] ) )
    return;

    // Never trust user input.
    $role = sanitize_key( $_POST[‘role’] );
    if ( ! in_array( $role, array( ‘subscriber’, ‘premium’ ) ) )
    return;

    // Get the user object
    $user = new WP_User( get_current_user_id() );
    $index = key( $user->roles );
    $user_role = $user->roles[ $index ];

    // User already got that user
    if ( $user_role == $role ) {

    echo sprintf( __( ‘You already have %s role.’ ), $role );

    } else {

    // update user role
    $user->set_role( $role );
    echo sprintf( __( ‘Your role was changed to %s.’ ), $role );

    }

    $output = ob_get_contents();
    ob_end_clean();
    return $output;
    }

    Thread Starter goalietactiq

    (@goalietactiq)

    Hi Predag,

    Php 7.1. I did all of that, but it isn’t working. I deactivate all plugins including theme and the form is still not editable.
    Warning: Illegal string offset ‘submission-behaviour’ in /home1/goalietactiq/public_html/denichetonchien.com/wp-content/plugins/forminator/library/modules/custom-forms/admin/admin-loader.php on line 280

    Warning: array_merge(): Argument #2 is not an array in /home1/goalietactiq/public_html/denichetonchien.com/wp-content/plugins/forminator/library/modules/custom-forms/admin/admin-loader.php on line 170
    . I did 4 forms using forminator on my website and only one isn’t working. It is the only one using stripe payment, maybe it is related to that. I contacted hosting support and we all conclude it was a bug in forminator plugin. I can give you access to WordPress dashboard if needed. Thank you,

    Thread Starter goalietactiq

    (@goalietactiq)

    When I try to open the form to edit it, I get those error message and I can’t open it. This form is really important for my business.. Thank you

    Warning: Illegal string offset ‘submission-behaviour’ in /home1/goalietactiq/public_html/denichetonchien.com/wp-content/plugins/forminator.bak/library/modules/custom-forms/admin/admin-loader.php on line 280

    Warning: array_merge(): Argument #2 is not an array in /home1/goalietactiq/public_html/denichetonchien.com/wp-content/plugins/forminator.bak/library/modules/custom-forms/admin/admin-loader.php on line 170

Viewing 4 replies - 1 through 4 (of 4 total)