Archive for category PHP

Long Awaited Release of the WordPress-SMF Bridge 0.2!

Nov 23

Posted by JonnyFunFun in PHP, Programming, Projects | 5 Comments

For those of you using this plugin, the long-awaited 0.2 release has been made today. It has only been tested in a development environment and may have bugs. For anybody wishing to report bugs do not do it here! Instead, please go to the Google Code page (http://code.google.com/p/wp-smf-bridge) and do so there. My response to questions here will be severely delayed. Please use Google Code and the Google Group created for this plugin. Thank you all for your support!

WP-SMF-Bridge is a simple user registration and logon bridge between WordPress and Simple Machine Forum. To get this working, it is highly recommended that you have a fresh, unmodified install of SMF 1.1 or higher installed and running. To install the plugin, either use WordPress’ built-in plugin installation features, or visit the Google Code page for more information.

Tags: Awaited Release, Bridge, Bugs, Development Environment, Google, Google Group, Installation Features, Machine Forum, Running, Wordpress, Wp

WordPress Plugin: WP-SMF Bridge

Mar 23

Posted by JonnyFunFun in PHP, Projects | 2 Comments

So I finally got off my lazy butt and at least released one of my projects – my very own WordPress and Simple Machine Forum user registration and login bridge. I just committed the first round of code to the WordPress plugins SVN repository, tagged the first release, and it should show up in the WordPress plugins list any minute now. For those of you who use the plugin, want to contribute, need help, or want to let me know of some bugs – feel free to visit the website, which is conveniently a Redmine project page, here. Don’t go peeking around this WordPress blog trying to find it in action, though, because it isn’t here. It’s actually going to be used for a different WordPress website I’m putting up to manage LAN parties I plan on having in my new houses’ garage – provided we ever close on it, but that’s a different story.

Tags: Array, Bridge, Bugs, Different Story, Forum User, Lan Parties, Lazy Butt, Machine Forum, New Houses, Repository, Wordpress Blog, Wordpress Plugins

Simple WordPress Login Crowbar

Aug 28

Posted by JonnyFunFun in PHP, Programming, Projects | No Comments

Like many community websites, The Brew Place has its own user management system. The user registration and management system is based entirely on its forums, which is an install of Simple Machine Forums v.1.1.5. Also integrated into the website is an install of WordPress, which I like using to manage news articles and such. Now since the three do not share the same way to manage logged in users (the base website uses both session variables and cookies, the forums and WordPress installs use just cookies, and obviously each cookie has different data) I had to write up a simple log-in crowbar for SMF allowing users to log-in on either the forums or the base website and they would be automatically logged-in to the other. Now since the base website uses the forum’s members table to keep all of it’s membership data, that was not an issue. However, with WordPress, it was an issue.

Now new members can actually only register through the forums – so if somebody clicks a register link on the base webpage, they’re simply forwarded to the forum’s register page. Therefore, there needed to be something in there to make sure the entry is put into the WordPress users table as well. I came up with an easy solution – since SMF already logs into the website, and vice-versa: why not make all of that into a WordPress plugin? And so I did. The wordpress plugin simply checks to see if there is either the forum cookie or the website’s session data, validates it, makes sure there is a corresponding user in its own users table, and then logs the user in. Problem being I couldn’t find a really easy way to crowbar a user into being logged-in to WordPress, until I came up with the solution below:

[php]
function tbp_crowbar() {
/* I removed some code from here for security reasons */
if (isset($_SESSION['UserData'])) {
$SQL = Q(“SELECT `ID` FROM `news_users` WHERE `user_login`=? LIMIT 1″,$_SESSION['UserData']['Username']);
if (!$rs = mysql_query($SQL)) {
trigger_error(mysql_error(),E_USER_ERROR);
}
$user_id = mysql_result($rs,0,0);
$expiration = time() + 172800;
$username = $_SESSION['UserData']['Username'];
$cookie_data = $username . ‘|’ . $expiration . ‘|’;
$key = wp_hash($username . ‘|’ . $expiration, ‘logged_in’);
$cookie_data .= hash_hmac(‘md5′,$username . ‘|’ . $expiration,$key);
$auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
$logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, ‘logged_in’);
setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
setcookie(LOGGED_IN_COOKIE, $cookie_data, $expire, COOKIEPATH, COOKIE_DOMAIN);
} else {
setcookie(LOGGED_IN_COOKIE, null, time() – 60000, COOKIEPATH, COOKIE_DOMAIN);
wp_logout();
}
}
[/php]

The tbp_crowbar function is an action added to the “init” hook of WordPress by simply using the following line of code:

[php]
add_action(‘init’,'tbp_crowbar’);
[/php]

And voila! If a user logs into the website and goes to the news, they’re logged in! If they go to the forums and log in and then go to the news, they’re logged in! If a new user registers (through the forums) and goes to the news, their user information is automatically ported to the WordPress users table, and they are also logged in!

Tags: Checks, Community Websites, Crowbar, Easy Solution, Forums, Membership Data, Mysql Query, News Articles, Query Sql, Security Reasons, Session Data, Session Variables, User Management System, Wordpress Plugin

Using expect to execute SSH commands in PHP

Apr 4

Posted by JonnyFunFun in PHP, Programming | No Comments

Okay, so let’s say you want one of your PHP scripts to do something that PHP doesn’t necessarially have access to do – such as removing a file owned by you when PHP runs as nobody. Well, instead of poking a ton of holes in your server’s configuration and leaving yourself wide open to a bunch of exploits and attacks, why not just have the PHP script log in as you to localhost via SSH and then do what you desire? Sounds great, huh? Yeah, sure, PHP has built-in SSH2 functions – but what if you don’t have access to add the extension to your server’s configuration? Simple! Use the built-in PHP function exec and the command-line program expect! As in the example below, we let expect spawn up ssh, let it tell ssh that we accept the host verification crap (remove that if you need to), let it pass the password, and then echo out the result of the command. In this case, the command is ls ~/.

exec("echo 'spawn ssh username@localhost ls ~/; expect \"(yes/no)?\"; sleep 1; send \"yes\\r\"; expect \"password:\"; sleep 1; send \"password\\r\"; expect eof;' | expect",$str);
foreach ($str as $strstr) {
       print_r($strstr);
       echo "\n\r";
}

Now obviously you do not need to echo out the results if you don’t care. That part is just in this example just so you can see how it works. If you’re doing something like removing a file, you can just run the exec command and then use the built-in PHP functions to check to see if the file was actually removed. Perty nifty, huh?

Tags: Command Line Program, Crap, Echo, Exec, Exploits, Holes, Localhost, Php Exec, Php Functions, Php Script, Php Scripts, Sleep, Spawn, Ssh Commands, Strstr