[wp-hackers] wpmu / adding users/sites/any other admin

horatio bnabble at says.mu
Mon Apr 6 00:09:28 GMT 2009


i made a VERY ROUGH remote api for myself to use before anyone else codes a
proper wp/wpmu api. it works very well for my purposes, but keep in mind
that this leaves some massive holes open, so it should be checking for a
localhost ip, put behind a password protected directory, whitelist
particular functions, check incoming data integrity, etc. use at your own
risk.

it works by posting
"function" (string containing wordpress core or custom function)
and
"args" (array containing the args to pass to the function)
to the script.

you get back a serialized result of the data:
serialize(
success=>true,
results=>(function return value)
)

so you could post 
function=>'testfunc',
args=>Array('one', 'two')
to this script, and you would get back the serialized results from
serialize(testfunc('one, 'two'))

i've also written a cakePHP component that deals with this remote API, if
anyone is interested. i'm creating new domains/blogs/users through it fine.

code follows:

	// Location of Wordpress install
		define('WP_LOCATION', '../../../site');

	// Trap errors
		set_error_handler('return_error_php');
		register_shutdown_function('return_shutdown_php');
			error_reporting(E_ALL);
			ini_set('display_errors', 0);

	// Help Wordpress be quiet
		define('WP_INSTALLING', true);

	// Trick Wordpress into thinking we're in its directory, so it pulls the
correct site from the DB.
	//	global $domain,$path;
	//	$_SERVER[ 'REQUEST_URI' ] = $path = "/site/";

	// Include WP headers
		global $user, $wpdb, $allowedtags, $blog_id;
		require_once(WP_LOCATION."/wp-config.php");
		require_once(WP_LOCATION."/wp-includes/registration.php");

		if (!isset($_POST['function']) && !isset($_POST['args'])) {
return_error('You sent in an empty request.'); }

	// Check request validity
		if (!function_exists($_POST['function'])) { return_error('Function
'.$_POST['function'].' is undefined.'); }

	// Run requested function
		$result = call_user_func_array($_POST['function'], $_POST['args']);

	// Check function results
		if ($result == null || $result == false) { return_error('Function
'.$_POST['function'].' returned false/null.'); }

	return_success(Array('return' => $result));


	// For example above
	function testfunc($one, $two){ return "testfunc(): arg one is $one and arg
two is $two"; }

	// Traps large PHP problems
	function return_shutdown_php(){
		if ($error = error_get_last()){
		    switch($error['type']){
			case E_ERROR:
			case E_CORE_ERROR:
			case E_COMPILE_ERROR:
			case E_USER_ERROR:
				return_error($error['message'], 'php');
			break;
		    }
		}
	}

	// Traps simple PHP problems
	function return_error_php($errno, $errstr, $errfile, $errline, $errcontext)
	{
		switch ($errno)
		{
			case E_USER_WARNING:
			case E_USER_NOTICE:
			case E_WARNING:
			case E_NOTICE:
				break;
			case E_CORE_WARNING:
			case E_COMPILE_WARNING:
			case E_USER_ERROR:
			case E_ERROR:
			case E_PARSE:
			case E_CORE_ERROR:
			case E_COMPILE_ERROR:
			return_error($errstr, 'php');
		}
	}

	// Formats error messages for return_data()
	function return_error($error, $class='wpmu') { return_data(Array(
		'success'=>false,
		'error'=>$error,
		'class'=>$class
	)); }

	// Formats success messages for return_data()
	function return_success($results) {
return_data(array_merge(Array('success'=>true, 'results'=>$results))); }

	// Dumps results as serialized data	
	function return_data($data) { echo serialize($data); exit; }

-- 
View this message in context: http://www.nabble.com/Re%3A-wpmu---adding-users-sites-any-other-admin-tp22811272p22900358.html
Sent from the Wordpress Hackers mailing list archive at Nabble.com.



More information about the wp-hackers mailing list