On my first visit of c-base Raumstation I had the pleasure to participate at Berlin Hack and Tell and present a 5 min demo of the project dyke.tech with the code hacks. The event itself was great, there were lots of interesting projects, each with totally different purpose and technology used, but nevertheless innovative and well thought out. Soon the list of all presented projects will be available at berlinhackandtell.rocks.
So glad to be back at @BerlinHacknTell at @cbase today. Excited to see edition #61 being kicked off by Mr. Ligi! pic.twitter.com/f5CGFtAmJZ
— Stefan @ 🏡 #BlackLivesMatter (@stefanhoth) May 29, 2018
Last hack (before the half-time break) at the #BHNT is about https://t.co/blZuTVvEzb: an online challenge where you solve 9 tasks to prove your mastery of web technologies, from beginner stuff to more advanced craftery 🏳️🌈
— Jérôme Petazzoni (@jpetazzo) May 29, 2018
Here are some of the hacks I have presented in those 5 minutes that included the presentation of the project itself.
https://www.instagram.com/p/BjYNGk9FsFv
Each level in the challenge is implemented as password protected WordPress page with custom form
functions.php
add_filter('the_password_form', 'custom_password_form');
function custom_password_form()
{
global $post;
$label = 'pwbox-'.(empty($post->ID) ? rand() : $post->ID);
$custom_form = '';
// level 1
if (is_page(999)) {
$custom_form .= '<!-- EDITED -->';
$custom_form .= '<h2>Password is hidden</h2><div class="row justify-content-center"><p class="tip col-8">Find it on this website.</p></div>';
}
/* ... */
return $custom_form;
}
When a password is submitted, by default a cookie is set and it expires in 10 days
This is defined in wp-login.php and it does not work well with next levels as it would show the error on the next page as the value of the cookie would not be correct. Therefore a filter was added in functions.php file of the theme to override the default setting.
function dyke_post_password_expires() {
return time() + 1; // Expire in a second
}
add_filter( 'post_password_expires', 'dyke_post_password_expires' );
WordPress automatically completes the slugs
For example level01 gets resolved in level01-9975280837471640. To disable the autocomplete I needed to remove the filter in functions.php.
remove_filter('template_redirect', 'redirect_canonical');
Disable access via Post ID
As WordPress pages can not be accessed only thorugh permalink, but also with post ID e.g. /?p=<NUM> a redirect in .htaccess needed to be added:
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} ^p=(\d+)
RewriteRule .* - [F]
These were the most interesting and surprising hacks I needed to implement on this project. There were a couple more, but I ran out of the time to present them at the event. So if you like web technologies go to dyke.tech and try to solve all nine tasks!
https://www.instagram.com/p/BjX7zXJFING