Support » Fixing WordPress » Access plugin file

  • Hi

    I’ve created successfully several plugins for wordpress. But one piece of code is missing:

    – how do I access externally (from my main site for instance) a file within the plugin dir (in my client dir) let’s say as a GET request?

    Basically I want to call a plugin file (for example user_info.php) with the correct url, and verify the registration data using a GET request – whith my admin passord and username of course.

    Any help is very welcomed 🙂

    Kind regards

    JKepler

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator Steven Stern

    (@sterndata)

    Support Team / Sword in the Darkness

    You can certainly access any php file and pass it parameters, but allowing for a login seems like a really, really, really bad idea to me. You’d be passing your admin credentials in clear text (and they’d be preserved in the site’s log).

    Is this a real user login or a backdoor for you as the plugin dev?

    • This reply was modified 1 year, 4 months ago by  Steven Stern.

    Hi Steve

    Yes you’re right. It is not a visual login of course. It’s a simple backdoor to my plugin to retrieve registration and authentication important information – including debug logs. If you could help me out, I would apreciate it very much.

    Kind regards

    JKepler

    Moderator Steven Stern

    (@sterndata)

    Support Team / Sword in the Darkness

    Backdoors are a big no-no. https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#7-the-plugin-may-not-%e2%80%9cphone-home%e2%80%9d-or-track-users-without-their-informed-explicit-opt-in-consent

    I strongly suggest you review this with someone on the plugins review team.

    • This reply was modified 1 year, 4 months ago by  Steven Stern.
    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Plugin Review Team Rep

    Any backdoors are absolutely disallowed. You don’t have any plugins hosted here, but be aware that if you were to add in a security hole like that, your account may be banned.

    Hi,

    I was looking at the docs you kindly gave me, and I must confess I’ve explained everything wrong – my fault.

    What I’m trying to do is get an answer from a plugin file if I give the proper user and pass.

    Example: I call the file register.php from within the plugin dir like this

    http://…/register.php?user=admin&password=mypassword&data=2

    The plugin responds if the user and pass are correct. And returns, for instance, the double of data – in this case 4.

    Sorry for the confusion.

    Kind regards

    JKepler

    • This reply was modified 1 year, 4 months ago by  jkepler.

    Hi again

    I was able to achieve part of my objective through the REST API of WP. Here’s the code:

    function prefix_get_endpoint_time() {
    $t = “My message”;
    return rest_ensure_response( $t );
    }
    function prefix_register_example_routes() {
    register_rest_route( ‘myplugin/v1’, ‘/getinfo’, array(
    ‘methods’ => WP_REST_Server::READABLE,
    ‘callback’ => ‘prefix_get_endpoint_time’,
    ) );
    }
    add_action( ‘rest_api_init’, ‘prefix_register_example_routes’ );

    I call http://mydomain.com/wp/wp-json/myplugin/v1/getinfo and get “My message”, which is good 🙂

    My doubt now is how do I pass arguments to the function and how to retrieve them for authentication. I think the arguments ‘user’ and ‘password’ should be in the array? But how? And how do I retrieve them in the prefix_get_endpoint_time function?

    Sorry for the trouble.

    Kind regards,

    JKepler

    Hi again

    Problem solved. The routine becomes (for example):

    function prefix_get_endpoint_time( $request ) {
    $user = $request[‘user’];
    $pass = $request[‘pass’];
    /* routines here saved in $result */
    return rest_ensure_response( $result );
    }
    function prefix_register_example_routes() {
    register_rest_route( ‘myplugin/v1’, ‘/getinfo’, array(
    ‘methods’ => WP_REST_Server::READABLE,
    ‘callback’ => ‘prefix_get_endpoint_time’,
    ) );
    }
    add_action( ‘rest_api_init’, ‘prefix_register_example_routes’ );

    with the call:

    http://mydomain.com/wp/wp-json/myplugin/v1/getinfo?user=admin&pass=123456

    Kind regards,

    JKepler

    I’m looking to do something similar but I keep getting a 500 error. Even when I copy the default code from WP docs…. Dito with your code… Any tips/tricks ?

    I placed the functions in the wrong place so they were hooking to early/late, so disregard my previous comment 🙂

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Access plugin file’ is closed to new replies.