phprunnerQuite a few customers aske us to add WordPress integration to PHPRunner. Since this solution is quite generic I thought I would share it here.
The key is to display third party app in iframe. Besides that we need to make third party app login/logout automatically. This tutorial applies to WordPress 2.9.2 and PHPRunner 5.2.
1. Install and activate rootCookie plugin
WordPress stores login data in cookies. If we want to access WordPress cookies from PHPRunner application we need to make them accessible domain-wide. That's what rootCookie plugin does for us.
2. Install and activate embed-iframe plugin
This plugin allows to insert an iframe into any post.
This plugin didn't work right out of the box with PHP 5.3.
I had to modify wp-content/plugins/embed-iframe/view/embediframe/iframe.php file the following way:
<div class="iframe-wrapper">
<iframe src="<?php echo $url ?>" frameborder="0" style="height:<?php echo $height?>px;width:<?php echo $width?>px;">Please upgrade your browser</iframe>
</div>3. Insert an iframe with third party PHP application into any blog post:
[iframe http://localhost:81/tmp/yourapp.php 550 300]
4. In your application add the following code to one of common include files.
This code needs to execute on every page load.
Copy line with AUTH_KEY definition from wp-config.php file (WordPress config file).
define('AUTH_KEY', 'put your unique phrase here');
$wpconn=db_connect();
function get_option($option)
{
global $wpconn;
$ret="";
$rs=db_query("select option_value from wp_options where option_name='$option'",$wpconn);
$data=db_fetch_array($rs);
if($data)
{
$ret = $data["option_value"];
}
return $ret;
}
if ( !function_exists('hash_hmac') ):
function hash_hmac($algo, $data, $key, $raw_output = false) {
return _hash_hmac($algo, $data, $key, $raw_output);
}
endif;
function _hash_hmac($algo, $data, $key, $raw_output = false) {
$packs = array('md5' => 'H32', 'sha1' => 'H40');
if ( !isset($packs[$algo]) )
return false;
$pack = $packs[$algo];
if (strlen($key) > 64)
$key = pack($pack, $algo($key));
$key = str_pad($key, 64, chr(0));
$ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64));
$opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64));
$hmac = $algo($opad . pack($pack, $algo($ipad . $data)));
if ( $raw_output )
return pack( $pack, $hmac );
return $hmac;
}
function wp_salt($scheme = 'auth')
{
$salt=get_option('auth_salt');
return $salt;
}
// get wordpress username from cookies
$cookie_key = "wordpress_" . md5(get_option('siteurl'));
foreach ($_COOKIE as $key=>$value)
{
if (substr($key,0,strlen($cookie_key))==$cookie_key)
{
$cookie = $value;
}
}
$logged=true;
// parse cookie
$cookie_elements = explode('|', $cookie);
if ( count($cookie_elements) == 3 )
{
$username=$cookie_elements[0];
$expiration=$cookie_elements[1];
$hmac=$cookie_elements[2];
// Quick check to see if an honest cookie has expired
if ( $expiration < time() ) {
$logged=false;
}
}
else
$logged=false;
// check if username exists in the database
if ($logged)
{
$rs=db_query("SELECT * FROM <code>wp_users</code> u inner join wp_usermeta m on u.ID=m.user_id
where meta_key='wp_capabilities' and user_login='$username'",$wpconn);
$data=db_fetch_array($rs);
if($data)
{
$pass_frag = substr($data["user_pass"], 8, 4);
$salt = wp_salt();
$key = hash_hmac('md5', $username . $pass_frag . '|' . $expiration, $salt);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( $hmac != $hash ) {
$logged=false;
}
else
{
$meta=$data["meta_value"];
preg_match('/"([^}]+)"/', $meta , $matches);
$group=$matches[1];
}
}
}
if ($logged)
{
// logged in
$_SESSION["UserID"] = $username;
$_SESSION["GroupID"] = $group;
if ($group=='administrator')
$_SESSION["AccessLevel"] = ACCESS_LEVEL_ADMIN;
else
$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
}
else
{
// logged out
$_SESSION["UserID"] = "";
$_SESSION["AccessLevel"] = "";
$_SESSION["GroupID"] = "";
}This is it.
More info on PHPRunner/Wordpress integration. PHPRunner is a PHP code builder that creates nice looking PHP/MySQL websites.
