The MU forums have moved to WordPress.org

Admin Edit Themes, users not edit themes (16 posts)

  1. billytheradponi
    Member
    Posted 15 years ago #

    My php knowledge is quite small but I still managed to come up with this. It's been discussed many times but I have found no simple solution. All you need do it hack two files:

    Navigate to wp-admin/menu-header.php and find:

    echo "\n\t

  2. {$item[0]}
  3. ";
    }
    }

    ?>

    Then, after, add:

    <?php if($user_identity == "YOUR USER IDENTITY") { ?>

  4. Theme Editor
  5. <?php } ?>

    The YOUR USER IDENTITY needs to be replaced with the name that appears in the top right when logged in. Howdy, YOUR USER IDENTITY. Replace it with that and you'll then have the theme editor link in your admin pages, but, you still can't access it because it's blocked for security reasons. So, to let just your user past, open wp-admin/theme-editor.php and find:

    <?php
    require_once('admin.php');

    Yeah, the first two lines, then after that you see this (or something similar):

    wp_die( "Sorry, the theme editor is disabled for non-admins" );

    Replace that with:

    if ($user_identity == "YOUR USER IDENTITY") {
    } else {
    wp_die( "Sorry, the theme editor is disabled for non-admins" );
    }

    Again, with your user identity described above. Thats it when you are logged in you can access the theme editor.

    REMEMBER: if you change your display name in your profile, it changes your user identity. Also, you will need to block the name you use in the site admin >> options bit.

    The only issue I can see is if someone changes their first name to your same user identity and then change their display name to fit, they then might be able to access the same way you do, so keep your user ideentity hidden or make it something like a password. Of course, if there is a code to return if the user is an admin or not, then that would work?

    Well, I hope this helps, just replay with errors or solutions to the problems...

  • billytheradponi
    Member
    Posted 15 years ago #

    WTF? It seems that I didn't add the code for the menu-header bit correctly, it should read:

    Navigate to wp-admin/menu-header.php and find:

    			echo "nt<li><a href='{$item[2]}'$class>{$item[0]}</a></li>";
    	}
    }
    
    ?>

    Then, after, add:

    <?php if($user_identity == "YOUR USER IDENTITY") { ?>
    <li><a href="/wp-admin/theme-editor.php">Theme Editor</a></li>
    <?php } ?>

    The YOUR USER IDENTITY needs to be replaced with the name that appears in the top right when logged in. Howdy, YOUR USER IDENTITY. Replace it with that and you'll then have the theme editor link in your admin pages, but, you still can't access it because it's blocked for security reasons.

  • lunabyte
    Member
    Posted 15 years ago #

    <?php if($user_identity == "YOUR USER IDENTITY") { ?>

    Why not use instead...

    if ( !is_site_admin() ) {
         return;
    }

    Or something similar.

  • WordpressChina
    Member
    Posted 15 years ago #

    I like this! However are there any type of security worries about adding this for the admin to change themes?

  • lunabyte
    Member
    Posted 15 years ago #

    Note: <b>site</b> admin.

    Not the blog admins.

    So no, there isn't. Unless you pose a security risk to yourself.

  • suleiman
    Member
    Posted 15 years ago #

    *raises hand in affirmation*

  • digiC
    Member
    Posted 15 years ago #

    I would actually have a user which is the theme editor and then have only you know the password, and no-one even knows it exists, that would be best security measure

  • gcrick
    Member
    Posted 15 years ago #

    Thanks for the code billytheradponi. I tried it, and found that the menu didn't behave correctly (the current tab was not highlighted correctly), so taking a closer look, I found another way to do the same thing.

    So, here is some alternative code to allow wpmu admins to edit themes globally, but not admins of each blog:

    In theme-editor.php, around the second line, change

    
    wp_die( "The theme editor is disabled" );
    

    to

    
    if ( !is_site_admin() ){
    	wp_die( "Sorry, the theme editor is disabled for non-admins" );
    }
    

    In the same file, change $parent_file = 'themes.php'; to $parent_file = 'wpmu-admin.php';

    In menu.php, around line 77 starting with "if(is_site_admin() ) {", add a new submenu entry:

    
    $submenu[ 'wpmu-admin.php' ][21] = array(__('Theme Editor'), '10', 'theme-editor.php');
    

    That should put the option "Theme Editor" under the menu item "Site Admin". I haven't tested it extensively, but it seems to work.

  • lunabyte
    Member
    Posted 15 years ago #

    There would need to be a closing }, but other than that it should be fine.

  • life2000
    Member
    Posted 14 years ago #

    HI Gcrick:

    I am really stuck here. I kind of can't find theme_editor.php in wp-admin. But I can find themes.php

    And neither the 77 line command in menu.php.

    I have tried wpmu2.6 and 1.5.1. Am I really off?
    Please help.
    Thanks so much.

  • andrea_r
    Moderator
    Posted 14 years ago #

    It's not included anymore.

  • tdcaron1
    Member
    Posted 14 years ago #

    I'm also curious about your above code
    <?php if($user_identity == "YOUR USER IDENTITY") { ?>

    Can you add multiple USER_ID's seperated by comma's to allow multiple users to edit themes.

    I'm wondering if this file can be written too, for example rather than doing this manually, when a person registers to create a blog can the username that they request be written to this file so that they can automatically edit all portions of there theme?

    I am also aware that this may be a security issue but I can tend to that at a later date.

    Currently the theme editor plugin only allows changing font, css and background images, and it's nothing compared to the regular theme editor in Wordpress.

    Any and all help would be greatly appreciated.
    Website being used for testing purposed is located at
    http://101.thejvs.com

    Thanks in advance
    Tim

  • andrea_r
    Moderator
    Posted 14 years ago #

    "Currently the theme editor plugin only allows changing font, css and background images, and it's nothing compared to the regular theme editor in Wordpress."

    What one are you using? There's one called "user themes" that gives them a whole copy of the entire theme to edit.

  • tdcaron1
    Member
    Posted 14 years ago #

    Hi Again this is Tim.

    I'm using WPMU on a test website as mentioned above.
    I went ahead and activate UserThemes and uploaded a copy of theme-edit.php from the current version of wordpress because mu does not have theme-edit.php.

    I've actived a couple of userthemes and started working with the editor.

    When I make the changes say for example (sidebar.php) and click the update button I get the following error:
    ---------------------------------------------------
    Warning: Cannot modify header information - headers already sent by (output started at /home/tcaron/public_html/wpmu/wp-admin/theme-editor.php:1) in /home/tcaron/public_html/wpmu/wp-admin/theme-editor.php on line 65
    -----------------------------------------------------

    When I look at the code line # 65 is a follows:
    -----------------------------------------------------
    header("Location: $location");
    exit();
    -----------------------------------------------------
    So i tried to uncomment the line and tried the editor again
    and came up with a blank page.

    In either case the page (sidebar.php) use updated.

    After clicking the update button on both occaision the page was updated.

    But I had to click the back button on my browser to return to the current page.

    In Wordpress (all versions) after an update was made to a particular page it would bring you back to the same page and let you know that it was updated.

    Is there any way to fix this error.
    Thank You
    Tim

  • andrea_r
    Moderator
    Posted 14 years ago #

    "Warning: Cannot modify header information - headers already sent by"

    that almost always means a blank line at the end of a file somewhere. Check that first before commenting out code.

  • tdcaron1
    Member
    Posted 14 years ago #

    Thanks andrea_r, I did find a few extra lines and now it works just fine.

    I do have another question though.
    Is there a way where I can list all the blogs currently in the system by Blog Title?

    Thanks again
    Tim

  • About this Topic