Show specific user data in widget

It is possible, and it is safe to the site provided the usual validation and sanitizing precautions are taken. Displaying sensitive user information could still be unsafe for the user. If you have control of the theme, it does not necessarily need to be in a widget or iframe, though it certainly can be if so desired. How would partly depend on exactly who’s information would be shown, a post author, the current logged in user, etc. You of course cannot display information that is not available, such as that of a non logged in user.

To be clear, this is not the place to solicit paid coding help, and I am in no way seeking such employment.

bcworkz thank you for your reply.

I realized the possibility of an information leak although the code only asked for a specific line and scrapped this idea (i’ve opted for using something else with similar coding) hopefully this reads the user’s cookies for information. Is it safe to post code here for critique?

Well, it’s a public forum open to all. Obfuscate any sensitive information. Don’t post proprietary code, anyone could copy anything you post for their own purposes. If the code is more than a dozen lines, please post it on pastebin.com and link to it here.

Consider that any critiques you may receive are the individual’s opinion, which may not be representative of the WP community’s general consensus. That individual may not even be qualified to critique your code. You get what you pay for ??

It would be scary if anyone copied this lol:

<a href="/consumer/
<?php global $current_user;
      get_currentuserinfo();

     echo '' . $current_user->user_login . "\n";
?>/reports/" target="Window">Click Here</a>

What’s strangely addicting is trying out new combinations for different effects, but i hope this doesn’t compromise anyone’s security.

I’m pretty sure WP does not store any user information in cookies beyond some preference settings. The data for $current_user comes from the DB, it’s basically anything entered on the profile page. I never put anything sensitive in such pages, but who knows what other people do. It may seem innocuous to display the user’s own information (it is) but someone could URL hack their way to other user information as long as they know the other’s login.

That is unless the reports template verifies it’s only showing information that matches the current user, which would be an excellent strategy and solve any privacy issues. Otherwise, it also depends on just what profile information is shown. I wouldn’t want my email showing up on a page available to others or scraper bots in particular. Some people may not like their real names displayed. I personally rarely supply my real name in such fields, but others probably do. Use reasonable discretion on what information is shown unless it’s confirmed to belong to the current user only.

the reports template is a page i made with buddypress that shows the BP profile, so i hope that’s guarded.

No need to hope, it’s easy to test. Login as a normal, non-admin user and view your reports page. Change the URL in your browser to someone else’s login. If their info comes up the page is not guarded.

I’ve done this test before and after some changes tried it again. So far it only shows profile information (ment to be public) and which groups/forums they’re able to access (common shared forums) and it stops there. Looks safe to me unless there’s some other tricks that i’m unaware of regarding source code.