[wp-hackers] Running Wordpress as demo
Mani Monajjemi
mani.monajjemi at gmail.com
Sun Jan 22 13:46:16 GMT 2006
For a wordpress i18n project I needed to run a demo version of a wordpress
(ADMIN) without being worry about miss-usages/hacks/attacks, After working a
bit I found a simple way , I will explain my way. Before I announce this
soloution and putting it into action , I need some experts' comments.
First of All I changed wp-includes/wp-db.php (function query) :
Original Code:
$this->result = @mysql_query($query, $this->dbh);
++$this->num_queries;
Changed to :
global $userdata;
if (($userdata->user_login == 'demo') &&
(preg_match("/^\\s*(insert|delete|update|replace) /i",$query)))
$_stop = true;
else
$_stop = false;
if (!$_stop) {
$this->result = @mysql_query($query, $this->dbh);
++$this->num_queries;
}
This code will prevent user identified by DEMO to change database, After
that we should turn the wp cache off to avoid option caching,
This method would work, and will show the demo user all the power of WP
ADMIN area without changing the DB at all :)
There's just one point remains : editing files
This can be overcome by using "WP2 Roles", I used plugin "Role Manager" and
revoked "Edit Plugins", "Edit Files", "Import" and "Edit Themes" from a Role
named "Demo" and assigned the user demo the role demo!
This seems to work, I tested it localy and there were no problem, is there
anything that I forgot? any idea? can I put this method into action?
--
Mani Monajjemi
www.manionline.org
More information about the wp-hackers
mailing list