Developing admin-ajax.php Handlers with PHPUnit and Curl (WordPress WP)

The typical way I’ve made AJAX handlers that hook into admin-ajax.php is with Firebug and little bits of Javascript code to exercise the REST API. The problem with this is that you lose all the development code. This note shows how to use PHPUnit to write your code as tests, and develop the REST API using something like test driven development (TDD). Continue reading Developing admin-ajax.php Handlers with PHPUnit and Curl (WordPress WP)

htdigest Password Function in PHP

This is a function to change a password within an htdigest password database file. htdigest is one method of user authentication in Apache HTTP Server.

Global $htdigest contains a path to the htdigest file. Global $domain is the security domain.

The htdigest formula for the hash is:


htdigest is like htpasswd, except it uses the md5 hash for hiding the password, and it supports digest authentication. Digest authentication is more secure than “basic” authentication, because basic authentication sends your password in clear text. Digest authentication sends a hash. This is ever-so-slightly more secure. (Use SSL for real security.)

For more information: read the caveat about basic authentication.

function changePass( $username, $secdom, $oldp, $p )
        global $domain;
        global $htdigest;

        $changed = false;
        $in = fopen( $htdigest, 'r' );
        while ( preg_match("/:/", $line = fgets($in) ) )
                $line = rtrim( $line );
                $a = explode( ':', $line );
                if ($a[0]==$username && $a[1]==$secdom)
                        if ($a[2] == md5("$username:$secdom:$oldp"))
                                $a[2] = md5("$username:$secdom:$p");
                                $changed = true;
                                print "Old password was wrong, or username exist
                $output .= implode( ':', $a )."\n";
        if (! $changed) // assume it's a new password
                $hash = md5("$username:$secdom:$p");
                $output .= "$username:$secdom:$hash\n";
        $out = fopen( "$", 'w' );
        fwrite( $out, $output );
        fclose( $out );
        system("mv -f $ $htdigest");