Can anyone describe the pseudocode for how WordPress handles its upgrades? As in, you go into WordPress admin and choose to upgrade the version of WordPress.
I mean, does it use FTP APIs locally? Does it send credentials to another host which reconnects back with FTP APIs? Does it download files with Curl? Does it polyfill if a given API isn't there and go another route? Does it test file permissions to see which API to use?
I've got a client who wants something like this built into a web application unrelated to WordPress.
Have a look it wp-admin/includes/update.php and wp-admin/includes/class-wp-upgrader.php
And here for some explanation: http://tech.ipstenu.org/2011/how-the-wordpress-upgrade-works/
Related
I'm developing a Wordpress plugin that requires API credentials for Facebook.
Ordinarily I'd advise the users of the plug-in to sign up for their own API keys and allow them to be entered as plug-in options, however this plug-in requires extended permissions. Which as I'm currently in the process of finding out are an absolute ball-ache to get, take up-to 7 businesses days to have reviewed and the reviewers don't actually read the requested instructions on how the application is being used.
Can I write a plugin that is basically a wrapper around my hosted version of the code, this way I can allow users of the plugin the benefits of the extended permissions without giving away my APP ID and APP SECRET
Thinking something like...
require_once("https://www.myplugin.com/FacebookPlugin.php");
Here's the obvious problem, this wouldn't work for hosted versions of Wordpress as they don't have access to plug-ins anyway and I believe it would require the owner to allow remote file inclusion, which is putting a lot of trust in me as the host of the remote file not to execute nasty scripts on their server.
So how do I offer the functionality of my plugin to other users?
I think this question is closely related to this question.
I do not think there's more you can do, except still having your separate server which can be triggered using HttpRequest::send from within the plugin, and ship encrypted Keys from there each time somebody is accessing your plugin.
Might be a performance-Killing approach, though, especially if your server is not that fast.
Good day!
I have a PHP based web application, that I am looking to add a Wordpress to.
The main application is in the root folder, and wordpress is installed in /wp
In order to get WP content into my application, I am using a JSON API (http://wordpress.org/plugins/json-api/)
Then, from the application, I am calling the API with CURL.
Is this a good way to go about calling the API? CURL seems to be very slow, and I think it has something to do with sessions, and the fact that it is requesting a url on the same domain.
Or perhaps someone could offer a suggestion on a better way to go about getting wordpress content into a non-wordpress based application.
Thanks for the help!
thanks for reading! Here's what I'm up to.
I'm writing a WordPress plugin that makes use of the PHP SDK (latest version 3.1.1) that Facebook provides. My application is registered with Facebook as a website because it infact acts like a website, even though it's embedded in WordPress.
This SDK comes with an example.php that is very straightforward and easy to understand. If I put this file on my server, it just works. I made sure that the certificate file and the SDK files are in the right place and accessible by the script.
However, if I do the exact same thing from within a WordPress plugin (from the admin page of the plugin), the Facebook backend won't return the user id but will always return 0 instead. The problem with FB returning 0 is pretty common, but the reasons for it seem to vary a lot.
I have to mention that this behavior wasn't always like this. It began just a few weeks ago. I'm suspecting that the FB backend somehow checks for indirect API calls and that calling it from within a WordPress plugin seems to violate FBs auth rules in some way (CSRF issue?). But I'm not sure.
Has anybody got a clue what's going on here?
Here's my guess:
Facebook will not be able to access the backend of your WordPress blog since it requires authentication. So the example.php code will not be visible to it from a WordPress admin panel.
When served raw on your server, there are no such access controls and Facebook is able to reach the page.
If this is the case, my suggestion would be to turn this into a non-admin plugin, perhaps by adding a rewrite rule using the WP_Rewrite class.
I am tasked with writing a relatively small and simple PHP web app which will use a small database. Authentication for this will be through randomly generated hex keys in the query string which are generated by an administration page and emailed to desired users.
This is all fine so far, but here's the catch:
For various political reasons, we are forced to make this app a Moodle module. I can use the Moodle database in MySQL, but I will be working with my own tables which do not interact with Moodle, and Moodle will not interact with my tables. I must also to use the Moodle database abstraction rather than direct PHP->MySQL access.
I do not want my users to know they are operating within Moodle. They shouldn't need to log in to Moodle to access my web app, and they probably won't have access to Moodle anyway. Those users who do have access to Moodle shouldn't see this web app in their list of Moodle functions.
I've thrown together a few small PHP pages, included some Moodle libs, and placed the code in the moodle/mods directory. Accessing the PHP pages on the server with the URLs directly result in a Moodle error, since I'm not accessing the module through proper channels. I get the "Incorrect access detected" error.
Is what I'm tasked to do even possible? If so, how is the best way to accomplish it? Do I need to write an authentication module and then an activity module? Is there any way to bypass all of Moodle's authentication and simply use the database abstraction without editing the core Moodle configuration files? (I know it's possible by modifying the Moodle code, but that is sadly not an option).
I have plenty of PHP experience, but I only have about 4 hours of Moodle experience and I'm getting nowhere fast.
It sounds to me that you might be trying to access the script while coming in from a host other than what poodle has specified in its config file. You could try dumping you http_host and noodles wwwroot to see if the line up. I'm less familiar with 2 than 1.9 but you might be able to define abort_after_config then include config then change the cfg wwwroot then define abort_after_config_cancel then include setup. Otherwise you could spoof the host otherwise you can delete the check in Tue lib/setup.pup file
Not sure quite what you are trying to achieve here but any of the following may work.
(1) If you have a stand-alone platform you want delivered within an LMS framework then you might offer a counter proposal of developing it in your preferred environment but wrapping it in LTI. Moodle can then deliver it via the External Tool plugin and you can get two-way communications between the two for authentication and tracking.
(2) Doing it in Moodle
Create an authentication with a login_hook and make sure this is is moved to the top of the authentication plugins list so that it is checked first before the others. Use the hook to process the hex key (as GET or POST parameter) or take you to an alternate process and return true (or create session). You could also use the 'alternative login page' in the authentication settings alongside this plugin hook. This should take of authentication.
If enrolment is not an issue then create your plugin as a local plugin (not mod) and use the above hook to redirect to this page after login. This gives you a bit more flexibility in the libraries you use and you can still use front-page enrolments if necessary as a workaround. If you really need enrolments, course roles, and gradebook then use a mod to leverage these. There is a single activity course format in the latest Moodle that gives you a format to run just your bespoke activity on its own.
Finally develop your own layout type in the theme for the local plugin if using that or for the course and incourse layouts if using courses so that you can control what of the standard Moodle navigation and structure you want.
If the plugin is sharing a Moodle already being used for other activities then you'll need to be sensitive to this. If you're just running your own thing then it will be much easier.
(3) Use Web Services to get what you want from Moodle in your own App.
I have written a utility that requires an installation key for uninstallation to ensure that only authorized users are uninstalling. After logging in to our website, the user will be presented with a uninstallation key, but then I would like to also launch the uninstallation wizard on the clients computer. I know this is possible, as I've done it before... just don't remember the code, nor did I save it.
Thanks in advance for any input.
PHP runs on the server-side and has no control over the client whatsoever. Neither can you use JavaScript to launch applications due to security reasons.
The only way you could do this is by using an ActiveX control or some kind of custom browser plugin. Or, if your uninstall wizard has registered some protocol handler on the client (say myuninstall://) then you could use JavaScript to redirect the user to a URL of this protocol, which will in turn then launch your program.
Assuming Windows, you could tell your installer to register a custom URL protocol with a custom scheme for uninstallation. Then your php app could present a link using the custom URL scheme (uninstall-my-product://12345678-ABCD).
Users without your uninstaller would see an "i don't know what to do with this protocol" message. Users who had installed your product would launch the uninstall program.
You could accomplish a similar function by delivering a file type which was registered to open the uninstall program.
If you're using a commercial installation program, then in both cases it would probably be easier to write a little launcher application to run the uninstaller, rather than modifying the uninstaller itself.