This topic is locked

PHPRunner and Wordpress

5/26/2010 5:05:50 PM
PHPRunner Tips and Tricks
admin

If you are looking for PHPRunner 8.x and Wordpress 4.x integration tutorial proceed here.
1. Install and activate rootCookie plugin
Wordpress stores login data in cookies. If we want to access Wordpress cookies from PHPRunner application we need to make them accessible domain-wide. That's what rootCookie plugin does for us.
2. Install and activate embed-iframe plugin
This plugin allows to insert an iframe into any post.
This plugin didn't work right out of the box with PHP 5.3.
I had to modify wp-content/plugins/embed-iframe/view/embediframe/iframe.php file the following way:

<div class="iframe-wrapper">

<iframe src="<?php echo $url ?>" frameborder="0" style="height:<?php echo $height?>px;width:<?php echo $width?>px;">Please upgrade your browser</iframe>

</div>


3. Insert an iframe with PHPRunner application into any blog post:
[iframe http://localhost:81/tmp/menu.php 550 300]
Make it point to your PHPRunner application menu page.
4. Add code to 'After application initialized' event in PHPRunner:
Copy line with AUTH_KEY definition from wp-config.php file (Wordpress config file).


define('AUTH_KEY', 'put your unique phrase here');

$wpconn=db_connect();
function get_option($option)

{

global $wpconn;

$ret="";

$rs=db_query("select option_value from wp_options where option_name='$option'",$wpconn);

$data=db_fetch_array($rs);

if($data)

{

$ret = $data["option_value"];

}



return $ret;

}
if ( !function_exists('hash_hmac') ):

function hash_hmac($algo, $data, $key, $raw_output = false) {

return _hash_hmac($algo, $data, $key, $raw_output);

}

endif;
function _hash_hmac($algo, $data, $key, $raw_output = false) {

$packs = array('md5' => 'H32', 'sha1' => 'H40');
if ( !isset($packs[$algo]) )

return false;
$pack = $packs[$algo];
if (strlen($key) > 64)

$key = pack($pack, $algo($key));
$key = str_pad($key, 64, chr(0));
$ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64));

$opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64));
$hmac = $algo($opad . pack($pack, $algo($ipad . $data)));
if ( $raw_output )

return pack( $pack, $hmac );

return $hmac;

}
function wp_salt($scheme = 'auth')

{
$salt=get_option('auth_salt');

return $salt;

}
// get wordpress username from cookies

$cookie_key = "wordpress_" . md5(get_option('siteurl'));
foreach ($_COOKIE as $key=>$value)

{

if (substr($key,0,strlen($cookie_key))==$cookie_key)

{

$cookie = $value;

}
}
$logged=true;
// parse cookie

$cookie_elements = explode('|', $cookie);

if ( count($cookie_elements) == 3 )

{
$username=$cookie_elements[0];

$expiration=$cookie_elements[1];

$hmac=$cookie_elements[2];



// Quick check to see if an honest cookie has expired

if ( $expiration < time() ) {

$logged=false;

}

}

else

$logged=false;
// check if username exists in the database
if ($logged)

{

$rs=db_query("SELECT * FROM `wp_users` u inner join wp_usermeta m on u.ID=m.user_id

where meta_key='wp_capabilities' and user_login='$username'",$wpconn);
$data=db_fetch_array($rs);

if($data)

{
$pass_frag = substr($data["user_pass"], 8, 4);
$salt = wp_salt();
$key = hash_hmac('md5', $username . $pass_frag . '|' . $expiration, $salt);

$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( $hmac != $hash ) {

$logged=false;

}

else

{
$meta=$data["meta_value"];

preg_match('/"([^}]+)"/', $meta , $matches);

$group=$matches[1];

}
}

}
if ($logged)

{

$_SESSION["UserID"] = $username;

$_SESSION["GroupID"] = $group;

if ($group=='administrator')

$_SESSION["AccessLevel"] = ACCESS_LEVEL_ADMIN;

else

$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;

}

else

{

$_SESSION["UserID"] = "";

$_SESSION["AccessLevel"] = "";

$_SESSION["GroupID"] = "";

}


This code snippet assumes PHPRunner application shares database with Wordpress. This is not a requirement though. If you want to keep databases separate - connect to Wordpress database manually in the very beginning of 'After application initialized' event.
5. More security options
If your PHPRunner applications uses advanced security options or AfterSuccessfulLogin event you need to copy some code from login.php to 'After application initialized' event.
Open login.php file in any text editor and find the following section:

if($logged)

{

$_SESSION["UserID"] = $pUsername;

$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
...
if($myurl)

header("Location: ".$myurl);

else

header("Location: ".$defaulturl);

return;
}


Select and copy everything between $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER; and if($myurl)

Paste it to the end of 'After application initialized' event;
This is it.

F
FunkDaddy 5/29/2010

Awesome! Thanks Sergey.... I plan on trying this in the next couple of days. I'll update a post here once I try it to let everyone know how the integration with Wordpress worked out for me.
Marcelo

F
fmbma 2/7/2011

Sergey,

I tried this and ran into some problems. The first part - putting it into an iframe and interfacing with the Wordpress tables worked fine. The trouble came with integrating the security using the appinit event.
First, this line

$rs=db_query("select option_value from wp_options where option_name='$option'",$wpconn);
should be

$rs=db_query("select option_value from wp_options where option_name='".$option."'",$wpconn);
shouldn't it?
However, there must be something else wrong with the code, because I get this error:

Fatal error: Table 'wordpress1.wp_options' doesn't exist in C:\aweb\Wordpress1\runner\include\dbconnection.php on line 36
The connection string must not be set up right. The table does exist, and phprunner can access it if I don't put anything into the appinit even.

The option that it is looking for during the error is the siteurl. If I hardcode the function to return the real siteurl, it goes to a login, but will not accept the correct username and password.
Can you check your code again?
thanks,

Fred Blau

F
fmbma 2/7/2011

OK, I see now that in my install I'm not using wp as the table prefix. There are also 1 or 2 other places in the code where the variable name needs to be broken out of the string. It works now. Nice example!

Fred



Sergey,

I tried this and ran into some problems. The first part - putting it into an iframe and interfacing with the Wordpress tables worked fine. The trouble came with integrating the security using the appinit event.
First, this line

$rs=db_query("select option_value from wp_options where option_name='$option'",$wpconn);
should be

$rs=db_query("select option_value from wp_options where option_name='".$option."'",$wpconn);
shouldn't it?
However, there must be something else wrong with the code, because I get this error:

Fatal error: Table 'wordpress1.wp_options' doesn't exist in C:\aweb\Wordpress1\runner\include\dbconnection.php on line 36
The connection string must not be set up right. The table does exist, and phprunner can access it if I don't put anything into the appinit even.

The option that it is looking for during the error is the siteurl. If I hardcode the function to return the real siteurl, it goes to a login, but will not accept the correct username and password.
Can you check your code again?
thanks,

Fred Blau

S
Siobhan3 11/22/2011

PHPRunner 5.3 Build 7474

I normally don't write reviews, but I found this product very good. as of today (Aug 2 2011) they are releasing version 6 ... But I have used version 4 through 5.3, and all have been very good.
They do do a complete application generation, with a nice UI and some advanced search features that are very nice. Teh ease-of-use is very very high ... I think this is a great way to break in to new web development.
The one drawback is the WYSIWYG editor, not that it is bad, but the concepts of code generation get messy when people try to edit the UI themselves.... It you add a new field to the database table, the system may not place the field where you want it ... (Since you modified the UI) .. and PHPRunner will try and place the field ... but can't always get it right .... If you use any code generator, you need to "Buy in" the the generated UI and try to keep the the generated paradigm. In that case, a full regeneration is easy.
PHPRunner does provide code exits, this is nice since they persist screen regeneration ... (A very good way to add features). If your using "any" code generator product, this is the best manner to make changes ... Otherwise, you may be repainting the screen via wysiwig every time you add or remove a field.
I done matrix analysis of many application code generation products, and on paper, this was the best. However, I admit that I have only limited experience with the other products.

V
Vienna 1/25/2012

I just installed a PHPRunner 6 project onto a WordPress 3.3.1 site with a custom Template successfully.
I followed these instructions, for the most part, but I had to do work arounds.
First of all, the IFRAME plugin mentioned in this article, the latest version of it with the recommended code change in this tutorial still did not function.
The iFrame insisted on mirroring back the same page.. So I had a page within a page when I used a Page with the IFrame plugin shortcode.
So, I gave up trying to use the IFrame plugin.
I did install the rootCookie plugin and it worked fine without any special changes. It auto-detected the necessary structure and when I saved it in the configuration window it seemed to work fine. In other words, it allowed permissions to extend all the way into my PHPRunner code folders.
The instructions here about what to add to the "After application initialized" file are a bit unclear because the code example used for the login.php is now outdated if you are using PHPRunner 6.
I have updated it in the following example to reflect what PHPRunner 6 produces.
[b]I should also point out that despite the code that does this -- // check if username exists in the database

The user does NOT have to be logged in to the WordPress function when used as I used it.

The Login that applies is the one that PHPRunner uses. In my case I hard-coded some login usernames and passwords.
Here is the complete code I added that created no errors when put into PHPRUNNER 6 Events : After application initialized[/b]
(I left a long modified version of a "Auth key" as an example):


define('AUTH_KEY', '$mCv%IR#)-1KT888<!Q.987YV4-XaHA&Rh3yLPlN[;Qa:SNM.YX)+ooF;OxSOAfHs6MDSd5');

$wpconn=db_connect();

function get_option($option){

global $wpconn;

$ret="";

$rs=db_query("select option_value from wp_options where option_name='$option'",$wpconn);

$data=db_fetch_array($rs);

if($data) {

$ret = $data["option_value"];

}

return $ret;

}if ( !function_exists('hash_hmac') ):function hash_hmac($algo, $data, $key, $raw_output = false)

{

return _hash_hmac($algo, $data, $key, $raw_output);

}

endif;

function _hash_hmac($algo, $data, $key, $raw_output = false) {

$packs = array('md5' => 'H32', 'sha1' => 'H40');

if ( !isset($packs[$algo]) )

return false;

$pack = $packs[$algo];

if (strlen($key) > 64)

$key = pack($pack, $algo($key));

$key = str_pad($key, 64, chr(0));

$ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64));

$opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64));

$hmac = $algo($opad . pack($pack, $algo($ipad . $data)));

if ( $raw_output )

return pack( $pack, $hmac );

return $hmac;}function wp_salt($scheme = 'auth')

{

$salt=get_option('auth_salt');

return $salt;}// get wordpress username from cookies

$cookie_key = "wordpress_" . md5(get_option('siteurl'));

foreach ($_COOKIE as $key=>$value){ if (substr($key,0,strlen($cookie_key))==$cookie_key)

{

$cookie = $value;

}}$logged=true;// parse cookie

$cookie_elements = explode('|', $cookie);

if ( count($cookie_elements) == 3 )

{

$username=$cookie_elements[0];

$expiration=$cookie_elements[1];

$hmac=$cookie_elements[2];

// Quick check to see if an honest cookie has expired

if ( $expiration < time() )

{

$logged=false;

}

}

else

$logged=false;

// check if username exists in the database

if ($logged){

$rs=db_query("SELECT * FROM `wp_users` u inner join wp_usermeta m on u.ID=m.user_id

where meta_key='wp_capabilities' and user_login='$username'",$wpconn);

$data=db_fetch_array($rs);

if($data)

{

$pass_frag = substr($data["user_pass"], 8, 4);

$salt = wp_salt();

$key = hash_hmac('md5', $username . $pass_frag . '|' . $expiration, $salt);

$hash = hash_hmac('md5', $username . '|' . $expiration, $key);

if ( $hmac != $hash )

{

$logged=false;

}

else

{

$meta=$data["meta_value"];

preg_match('/"([^}]+)"/', $meta , $matches);

$group=$matches[1];

}

}}if ($logged){

$_SESSION["UserID"] = $username;

$_SESSION["GroupID"] = $group;

if ($group=='administrator')

$_SESSION["AccessLevel"] = ACCESS_LEVEL_ADMIN;

else

$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;}else{ $_SESSION["UserID"] = "";

$_SESSION["AccessLevel"] = "";

$_SESSION["GroupID"] = "";

}
$_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;
if($auditObj)
{
$auditObj->LogLogin($pUsername);
$auditObj->LoginSuccessful();

}
if($globalEvents->exists("AfterSuccessfulLogin"))

{

$dummy=array();

$globalEvents->AfterSuccessfulLogin($pUsername,$pPassword,$dummy);

}


Then, I created a Wordpress template to ReDirect any page using this Template to the PhpRunner 6 project in another folder on the same site. I uploaded this so that I could use it as a template when I created a new page.


<?php

/*

Template Name: RedirectPHPrunner

*/

?>

<?php header('Location: http://www.awebsiteexample.com/wp-content/themes/TemplateinUse/Phprunner/login.php';);

die();

?>


I Added a new page, selected Page Template "RedirectPHPrunner", gave it a title to use as a menu link name such as "Reporting", wrote no content, SAVED to PUBLISH and Public.
In the main menu of the WordPress website when I clicked on the link "Reporting" it instantly loaded the LOGIN page for my PHPRunner project.
At this point I was not using the WordPress headers and footers, simply the PHPRunner 6 headers and footers. If I wanted to simulate the look of the Wordpress site I could have modified the PHPRunner templates during the project build phase, but I elected not to do that.
What I appreciated was that I did not get errors!
Thank you, Sergey for the tutorial. If you can get the IFrame component to work in WordPress 3.3.1 then please update us on that accomplishment!

K
kenny_robb 7/14/2014

I know that it has been a while since anyone posted in this thread but hopefully there might be some updates that I am missing.
I have Wordpress 3.9.1 and php runner 7.1 build 20347 and I am trying to get my application to appear in a wordpress page.
Good news is I can get the iframe sorted and can bring up the login page. I use the menu.php page and I get the login page because there is security.
Problem is that the code above does not let me login automatically using the cookie stuff. (have installed the rootcookie)
I suspect that some things may have changed. Does anyone have any ideas.
Thanks in anticipation
Kenny

H
headingwest 10/7/2014



I know that it has been a while since anyone posted in this thread...


Hi Kenny, did you get this to work??

N
nrodrz 12/12/2014

Hi Team
Is this still working With the new WP and PHPRunner versions. I would like to integrate my application with my WP site to share some pluggins. Any help will be great. thanks.

M
msskls 6/8/2015

Hello Friends,
Has anyone updated the integration methodology for PHPRunner 8 & Wordpress 4.2.2
Regards

Mark