Access plugin file

jkepler
(@jkepler)

6 years, 4 months ago

Hi

I’ve created successfully several plugins for wordpress. But one piece of code is missing:

– how do I access externally (from my main site for instance) a file within the plugin dir (in my client dir) let’s say as a GET request?

Basically I want to call a plugin file (for example user_info.php) with the correct url, and verify the registration data using a GET request – whith my admin passord and username of course.

Any help is very welcomed 🙂

Kind regards

JKepler

Viewing 9 replies - 1 through 9 (of 9 total)

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

6 years, 4 months ago
You can certainly access any php file and pass it parameters, but allowing for a login seems like a really, really, really bad idea to me. You’d be passing your admin credentials in clear text (and they’d be preserved in the site’s log).

Is this a real user login or a backdoor for you as the plugin dev?
- This reply was modified 6 years, 4 months ago by Steven Stern (sterndata).
Thread Starter jkepler
(@jkepler)

6 years, 4 months ago

Hi Steve

Yes you’re right. It is not a visual login of course. It’s a simple backdoor to my plugin to retrieve registration and authentication important information – including debug logs. If you could help me out, I would apreciate it very much.

Kind regards

JKepler
Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

6 years, 4 months ago
Backdoors are a big no-no. https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#7-the-plugin-may-not-%e2%80%9cphone-home%e2%80%9d-or-track-users-without-their-informed-explicit-opt-in-consent

I strongly suggest you review this with someone on the plugins review team.
- This reply was modified 6 years, 4 months ago by Steven Stern (sterndata).
Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

6 years, 4 months ago

Any backdoors are absolutely disallowed. You don’t have any plugins hosted here, but be aware that if you were to add in a security hole like that, your account may be banned.
Thread Starter jkepler
(@jkepler)

6 years, 4 months ago
Hi,

I was looking at the docs you kindly gave me, and I must confess I’ve explained everything wrong – my fault.

What I’m trying to do is get an answer from a plugin file if I give the proper user and pass.

Example: I call the file register.php from within the plugin dir like this

http://…/register.php?user=admin&password=mypassword&data=2

The plugin responds if the user and pass are correct. And returns, for instance, the double of data – in this case 4.

Sorry for the confusion.

Kind regards

JKepler
- This reply was modified 6 years, 4 months ago by jkepler.
Thread Starter jkepler
(@jkepler)

6 years, 4 months ago

Hi again

I was able to achieve part of my objective through the REST API of WP. Here’s the code:

function prefix_get_endpoint_time() {
$t = “My message”;
return rest_ensure_response( $t );
}
function prefix_register_example_routes() {
register_rest_route( ‘myplugin/v1’, ‘/getinfo’, array(
‘methods’ => WP_REST_Server::READABLE,
‘callback’ => ‘prefix_get_endpoint_time’,
) );
}
add_action( ‘rest_api_init’, ‘prefix_register_example_routes’ );

I call http://mydomain.com/wp/wp-json/myplugin/v1/getinfo and get “My message”, which is good 🙂

My doubt now is how do I pass arguments to the function and how to retrieve them for authentication. I think the arguments ‘user’ and ‘password’ should be in the array? But how? And how do I retrieve them in the prefix_get_endpoint_time function?

Sorry for the trouble.

Kind regards,

JKepler

Thread Starter jkepler
(@jkepler)

6 years, 4 months ago

Hi again

Problem solved. The routine becomes (for example):

function prefix_get_endpoint_time( $request ) {
$user = $request[‘user’];
$pass = $request[‘pass’];
/* routines here saved in $result */
return rest_ensure_response( $result );
}
function prefix_register_example_routes() {
register_rest_route( ‘myplugin/v1’, ‘/getinfo’, array(
‘methods’ => WP_REST_Server::READABLE,
‘callback’ => ‘prefix_get_endpoint_time’,
) );
}
add_action( ‘rest_api_init’, ‘prefix_register_example_routes’ );

with the call:

http://mydomain.com/wp/wp-json/myplugin/v1/getinfo?user=admin&pass=123456

Kind regards,

JKepler

Beee
(@beee)

6 years, 2 months ago

I’m looking to do something similar but I keep getting a 500 error. Even when I copy the default code from WP docs…. Dito with your code… Any tips/tricks ?

Beee
(@beee)

6 years, 2 months ago

I placed the functions in the wrong place so they were hooking to early/late, so disregard my previous comment 🙂