WordPress Plugin Update and Install Functions

On the page where they explain how to create tables for your plugin, there’s a link to the register_activation_hook function, which is run when the plugin is activated. However, right in the first section, it says:

Note: Don’t use activation hooks (especially for multisite). Do this instead:

It’s far better to use an upgrade routine fired on admin_init, and handle that per-site, basing it on a stored option.

That links to another page, which repeats the information, but doesn’t tell you how to do this. Here’s one way. Continue reading WordPress Plugin Update and Install Functions

filter_var? filter_input? No, Use Filter Input Array to Modernize Legacy Code (Best Practices)

I’ve been a real nut for filter_var() for years, and have come up with concise ways to use it, but totally missed this other function, which, at first look, seemed a little too specialized.

filter_input_array()

Well, I was so wrong. This is a great way to filter inputs. I figured this out when I had to fix up some code because it was throwing a zillion “Notice, index foobar not defined.” in the error logs. Continue reading filter_var? filter_input? No, Use Filter Input Array to Modernize Legacy Code (Best Practices)

Developing admin-ajax.php Handlers with PHPUnit and Curl (WordPress WP)

The typical way I’ve made AJAX handlers that hook into admin-ajax.php is with Firebug and little bits of Javascript code to exercise the REST API. The problem with this is that you lose all the development code. This note shows how to use PHPUnit to write your code as tests, and develop the REST API using something like test driven development (TDD). Continue reading Developing admin-ajax.php Handlers with PHPUnit and Curl (WordPress WP)

htdigest Password Function in PHP

This is a function to change a password within an htdigest password database file. htdigest is one method of user authentication in Apache HTTP Server.

Global $htdigest contains a path to the htdigest file. Global $domain is the security domain.

The htdigest formula for the hash is:

md5("$username:$securitydomain:$password")

htdigest is like htpasswd, except it uses the md5 hash for hiding the password, and it supports digest authentication. Digest authentication is more secure than “basic” authentication, because basic authentication sends your password in clear text. Digest authentication sends a hash. This is ever-so-slightly more secure. (Use SSL for real security.)

For more information: read the caveat about basic authentication.

function changePass( $username, $secdom, $oldp, $p )
{
        global $domain;
        global $htdigest;

        $changed = false;
        $in = fopen( $htdigest, 'r' );
        while ( preg_match("/:/", $line = fgets($in) ) )
        {
                $line = rtrim( $line );
                $a = explode( ':', $line );
                if ($a[0]==$username && $a[1]==$secdom)
                {
                        if ($a[2] == md5("$username:$secdom:$oldp"))
                        {
                                $a[2] = md5("$username:$secdom:$p");
                                $changed = true;
                        }
                        else
                        {
                                print "Old password was wrong, or username exist
s.";
                                exit;
                        }
                }
                $output .= implode( ':', $a )."\n";
        }
        if (! $changed) // assume it's a new password
        {
                $hash = md5("$username:$secdom:$p");
                $output .= "$username:$secdom:$hash\n";
        }
        fclose($in);
        $out = fopen( "$htdigest.new", 'w' );
        fwrite( $out, $output );
        fclose( $out );
        system("mv -f $htdigest.new $htdigest");
}