tmort/README.md

## README.md

      
    Raw
  

              README.md
            
          
    WordPress Verify Worker

This is a response to a reddit post where a user wants to allow public users to verify if a "worker" (employee) works at the company based on an employee ID.
Original Reddit Post

https://www.reddit.com/r/Wordpress/comments/g3n5wv/wordpress_worker_verify/
Hello guys,

Wanted to ask you if you have any wordpress plugin, that somebody else(outside our company), can verify our workers by the ID that we give our workers.

For example:
John has 123456789 ID Number, and when somebody from outside wants to verify that John is a worker of our company they just have to enter in our site and at a form(wordpress plugin I am asking) they can type there his ID Number and the plugin will tell them if John is a part of our company or not.

Hope that I was clear enough.

Thank you.

Solution

Functions.php

Inserting the code in this Gist into the themes functions.php (or a plugin file) will enable a Worker Custom Post Type. Then, an administrator can publish workers by entering their name as the title and adding a custom field of worker_id and entering in the worker id (e.g., 12345).
Adding a Worker CPT with the custom field 'worker_id'.

Shortcode

The shortcode [leu_verify_worker] is provided to insert a form on a Page or Post. This form allows a user, both logged in or not logged in, to enter a worker ID and receive a message whether or not the ID exists in the database.
Adding the shortcode and searching for a worker via their ID

UPDATE

The code has been updated in response to the comments in the Reddit post. User wanted to be able to display the name and ID found if an employee is found.
Changelog:

(2020-4-19) Reformatted code so CPT is fired on the bottom (cleanliness, not for any other reason).
(2020-4-19) Edited leu_verify_check_worker_id function to loop through posts and pull out name and submitted ID. JSON and Base 64 encode the values and pass them on. I base64 encode these so that the URL doesn't look like example.com/?name=your%20name&id=123. I think the encoded data is cleaner, but make no mistake: This is not secure. If these values need to be protected in some way, this is not the solution.
(2020-4-19) Changed the return querystring parameter from worker to vfwork. The worker parameter worked fine when we were just validating if the ID exists or not, but when giving it a value, WordPress rendered a 404. I believe it may be a protected parameter somewhere (related to this: https://core.trac.wordpress.org/ticket/27962).
(2020-4-19) Added super basic PHPDoc comments to functions. If this continues we'll wrap this whole thing into a nice, neat class.


## functions.php
<?php
/*
 * You can add this as a plugin file /wp-content/plugins/your-plugin-folder/plugin-file.php
 *
 * OR
 *
 * You can add this to your functions.php
 */

/**
 * Plugin Name:     Leu_verify_worker
 * Plugin URI:      PLUGIN SITE HERE
 * Description:     PLUGIN DESCRIPTION HERE
 * Author:          YOUR NAME HERE
 * Author URI:      YOUR SITE HERE
 * Text Domain:     leu_verify_worker
 * Domain Path:     /languages
 * Version:         0.1.0
 *
 * @package         Leu_verify_worker
 */

// Your code starts here.


add_shortcode( 'leu_verify_worker', 'leu_verify_worker_function');
/**
 * Output of the shortcode leu_verify_worker
 *
 * @return false|string
 */
function leu_verify_worker_function(){
	ob_start();

	if ( isset( $_GET['vfwork'] ) ) {
		$data = json_decode(base64_decode( esc_attr($_GET['vfwork']) ) );

		echo sprintf('<p><strong>The person(%s) with this ID(%s) is listed as your worker.</strong></p>', $data->name, $data->ID);
	}
	if ( isset( $_GET['nowork'] ) ) {
		_e('<p><strong>The Worker ID you entered does not correspond to an employee.</strong></p>');
	}

	?>

	<form action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" method="post">
		<p>
			<label for="worker_id">Enter Worker ID</label>
			<input type="text" name="worker_id" placeholder="Insert Worker ID Here" autocomplete="off" required>
		</p>
		<p>
			<input type="hidden" name="sec" value="<?php echo wp_create_nonce('secchecklouverify'); ?>">
			<input type="hidden" name="pg" value="<?php echo get_the_ID(); ?>">
			<input type="hidden" name="action" value="leu_verify_worker_id">
			<input type="submit">
		</p>

	</form>


<?php
    return ob_get_clean();
}

add_action('admin_post_nopriv_leu_verify_worker_id', 'leu_verify_worker_id');
add_action('admin_post_leu_verify_worker_id', 'leu_verify_worker_id');
/**
 * POST handler when a user submits the form via the shortcode.
 * Triggered via the "action" parameter passed in the form.
 */
function leu_verify_worker_id(){
	check_admin_referer( 'secchecklouverify','sec' );

	$id_exists = false;


	$worker_id = esc_attr( $_POST['worker_id'] );
	if ( ! $worker_id ) {
		wp_die('Worker ID not found. Something went wrong. <a href="'.get_bloginfo('url').'">Go Home</a>');
	}

	$pg_id = esc_attr( $_POST['pg'] );
	if ( ! $pg_id ) {
		wp_die('Page ID not found. Something went wrong. <a href="'.get_bloginfo('url').'">Go Home</a>');
	} else {
		$pg_id = get_permalink( $pg_id );
	}

	if ( $worker_id ) {
		$id_exists = leu_verify_check_worker_id($worker_id);
	}


	wp_redirect( $pg_id . $id_exists );
}

/**
 * Takes a worker ID (that the user input from the shortcode form) and
 * checks if it exists.
 *
 * @param $worker_id
 *
 * @return string
 */
function leu_verify_check_worker_id($worker_id){

	$args = array(
		'post_type' => 'worker',
		'meta_query' => array(
			array(
				'key' => 'worker_id',
				'value' => $worker_id,
				'compare' => '=',
			)
		)
	);
	$query = new WP_Query($args);

	$returndata = array();
	if ( $query->have_posts() ) {
		while ( $query->have_posts() ) {
			$query->the_post();

			$returndata['name'] = get_the_title();
			$returndata['ID'] = $worker_id;

		}
	}
	// Just in case...
	wp_reset_postdata();

	if ( ! empty( $returndata ) ) {
		return '?vfwork='.base64_encode(json_encode( $returndata ));
	}

	return '?nowork';
}

//Generated Via https://generatewp.com/post-type/
/**
 *  Create the worker CPT.
 */
function leu_verify_cpt() {

	$labels = array(
		'name'                  => _x( 'Workers', 'Post Type General Name', 'leu_verify' ),
		'singular_name'         => _x( 'Worker', 'Post Type Singular Name', 'leu_verify' ),
		'menu_name'             => __( 'Workers', 'leu_verify' ),
		'name_admin_bar'        => __( 'Workers', 'leu_verify' ),
		'archives'              => __( 'Item Archives', 'leu_verify' ),
		'attributes'            => __( 'Item Attributes', 'leu_verify' ),
		'parent_item_colon'     => __( 'Parent Item:', 'leu_verify' ),
		'all_items'             => __( 'All Items', 'leu_verify' ),
		'add_new_item'          => __( 'Add New Item', 'leu_verify' ),
		'add_new'               => __( 'Add New', 'leu_verify' ),
		'new_item'              => __( 'New Item', 'leu_verify' ),
		'edit_item'             => __( 'Edit Item', 'leu_verify' ),
		'update_item'           => __( 'Update Item', 'leu_verify' ),
		'view_item'             => __( 'View Item', 'leu_verify' ),
		'view_items'            => __( 'View Items', 'leu_verify' ),
		'search_items'          => __( 'Search Item', 'leu_verify' ),
		'not_found'             => __( 'Not found', 'leu_verify' ),
		'not_found_in_trash'    => __( 'Not found in Trash', 'leu_verify' ),
		'featured_image'        => __( 'Featured Image', 'leu_verify' ),
		'set_featured_image'    => __( 'Set featured image', 'leu_verify' ),
		'remove_featured_image' => __( 'Remove featured image', 'leu_verify' ),
		'use_featured_image'    => __( 'Use as featured image', 'leu_verify' ),
		'insert_into_item'      => __( 'Insert into item', 'leu_verify' ),
		'uploaded_to_this_item' => __( 'Uploaded to this item', 'leu_verify' ),
		'items_list'            => __( 'Items list', 'leu_verify' ),
		'items_list_navigation' => __( 'Items list navigation', 'leu_verify' ),
		'filter_items_list'     => __( 'Filter items list', 'leu_verify' ),
	);
	$args = array(
		'label'                 => __( 'Worker', 'leu_verify' ),
		'description'           => __( 'A Worker in the Database', 'leu_verify' ),
		'labels'                => $labels,
		'supports'              => array( 'title', 'custom-fields' ),
		'hierarchical'          => false,
		'public'                => true,
		'show_ui'               => true,
		'show_in_menu'          => true,
		'menu_position'         => 5,
		'show_in_admin_bar'     => false,
		'show_in_nav_menus'     => false,
		'can_export'            => true,
		'has_archive'           => true,
		'exclude_from_search'   => false,
		'publicly_queryable'    => true,
		'rewrite'               => false,
		'capability_type'       => 'page',
	);
	register_post_type( 'worker', $args );

}
add_action( 'init', 'leu_verify_cpt', 0 );
	<?php
	/*
	* You can add this as a plugin file /wp-content/plugins/your-plugin-folder/plugin-file.php
	*
	* OR
	*
	* You can add this to your functions.php
	*/

	/**
	* Plugin Name: Leu_verify_worker
	* Plugin URI: PLUGIN SITE HERE
	* Description: PLUGIN DESCRIPTION HERE
	* Author: YOUR NAME HERE
	* Author URI: YOUR SITE HERE
	* Text Domain: leu_verify_worker
	* Domain Path: /languages
	* Version: 0.1.0
	*
	* @package Leu_verify_worker
	*/

	// Your code starts here.



	add_shortcode( 'leu_verify_worker', 'leu_verify_worker_function');
	/**
	* Output of the shortcode leu_verify_worker
	*
	* @return false\|string
	*/
	function leu_verify_worker_function(){
	ob_start();

	if ( isset( $_GET['vfwork'] ) ) {
	$data = json_decode(base64_decode( esc_attr($_GET['vfwork']) ) );

	echo sprintf('<p><strong>The person(%s) with this ID(%s) is listed as your worker.</strong></p>', $data->name, $data->ID);
	}
	if ( isset( $_GET['nowork'] ) ) {
	_e('<p><strong>The Worker ID you entered does not correspond to an employee.</strong></p>');
	}

	?>

	<form action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" method="post">
	<p>
	<label for="worker_id">Enter Worker ID</label>
	<input type="text" name="worker_id" placeholder="Insert Worker ID Here" autocomplete="off" required>
	</p>
	<p>
	<input type="hidden" name="sec" value="<?php echo wp_create_nonce('secchecklouverify'); ?>">
	<input type="hidden" name="pg" value="<?php echo get_the_ID(); ?>">
	<input type="hidden" name="action" value="leu_verify_worker_id">
	<input type="submit">
	</p>

	</form>



	<?php
	return ob_get_clean();
	}

	add_action('admin_post_nopriv_leu_verify_worker_id', 'leu_verify_worker_id');
	add_action('admin_post_leu_verify_worker_id', 'leu_verify_worker_id');
	/**
	* POST handler when a user submits the form via the shortcode.
	* Triggered via the "action" parameter passed in the form.
	*/
	function leu_verify_worker_id(){
	check_admin_referer( 'secchecklouverify','sec' );

	$id_exists = false;


	$worker_id = esc_attr( $_POST['worker_id'] );
	if ( ! $worker_id ) {
	wp_die('Worker ID not found. Something went wrong. <a href="'.get_bloginfo('url').'">Go Home</a>');
	}

	$pg_id = esc_attr( $_POST['pg'] );
	if ( ! $pg_id ) {
	wp_die('Page ID not found. Something went wrong. <a href="'.get_bloginfo('url').'">Go Home</a>');
	} else {
	$pg_id = get_permalink( $pg_id );
	}

	if ( $worker_id ) {
	$id_exists = leu_verify_check_worker_id($worker_id);
	}


	wp_redirect( $pg_id . $id_exists );
	}

	/**
	* Takes a worker ID (that the user input from the shortcode form) and
	* checks if it exists.
	*
	* @param $worker_id
	*
	* @return string
	*/
	function leu_verify_check_worker_id($worker_id){

	$args = array(
	'post_type' => 'worker',
	'meta_query' => array(
	array(
	'key' => 'worker_id',
	'value' => $worker_id,
	'compare' => '=',
	)
	)
	);
	$query = new WP_Query($args);

	$returndata = array();
	if ( $query->have_posts() ) {
	while ( $query->have_posts() ) {
	$query->the_post();

	$returndata['name'] = get_the_title();
	$returndata['ID'] = $worker_id;

	}
	}
	// Just in case...
	wp_reset_postdata();

	if ( ! empty( $returndata ) ) {
	return '?vfwork='.base64_encode(json_encode( $returndata ));
	}

	return '?nowork';
	}

	//Generated Via https://generatewp.com/post-type/
	/**
	* Create the worker CPT.
	*/
	function leu_verify_cpt() {

	$labels = array(
	'name' => _x( 'Workers', 'Post Type General Name', 'leu_verify' ),
	'singular_name' => _x( 'Worker', 'Post Type Singular Name', 'leu_verify' ),
	'menu_name' => __( 'Workers', 'leu_verify' ),
	'name_admin_bar' => __( 'Workers', 'leu_verify' ),
	'archives' => __( 'Item Archives', 'leu_verify' ),
	'attributes' => __( 'Item Attributes', 'leu_verify' ),
	'parent_item_colon' => __( 'Parent Item:', 'leu_verify' ),
	'all_items' => __( 'All Items', 'leu_verify' ),
	'add_new_item' => __( 'Add New Item', 'leu_verify' ),
	'add_new' => __( 'Add New', 'leu_verify' ),
	'new_item' => __( 'New Item', 'leu_verify' ),
	'edit_item' => __( 'Edit Item', 'leu_verify' ),
	'update_item' => __( 'Update Item', 'leu_verify' ),
	'view_item' => __( 'View Item', 'leu_verify' ),
	'view_items' => __( 'View Items', 'leu_verify' ),
	'search_items' => __( 'Search Item', 'leu_verify' ),
	'not_found' => __( 'Not found', 'leu_verify' ),
	'not_found_in_trash' => __( 'Not found in Trash', 'leu_verify' ),
	'featured_image' => __( 'Featured Image', 'leu_verify' ),
	'set_featured_image' => __( 'Set featured image', 'leu_verify' ),
	'remove_featured_image' => __( 'Remove featured image', 'leu_verify' ),
	'use_featured_image' => __( 'Use as featured image', 'leu_verify' ),
	'insert_into_item' => __( 'Insert into item', 'leu_verify' ),
	'uploaded_to_this_item' => __( 'Uploaded to this item', 'leu_verify' ),
	'items_list' => __( 'Items list', 'leu_verify' ),
	'items_list_navigation' => __( 'Items list navigation', 'leu_verify' ),
	'filter_items_list' => __( 'Filter items list', 'leu_verify' ),
	);
	$args = array(
	'label' => __( 'Worker', 'leu_verify' ),
	'description' => __( 'A Worker in the Database', 'leu_verify' ),
	'labels' => $labels,
	'supports' => array( 'title', 'custom-fields' ),
	'hierarchical' => false,
	'public' => true,
	'show_ui' => true,
	'show_in_menu' => true,
	'menu_position' => 5,
	'show_in_admin_bar' => false,
	'show_in_nav_menus' => false,
	'can_export' => true,
	'has_archive' => true,
	'exclude_from_search' => false,
	'publicly_queryable' => true,
	'rewrite' => false,
	'capability_type' => 'page',
	);
	register_post_type( 'worker', $args );

	}
	add_action( 'init', 'leu_verify_cpt', 0 );