Ok, so I'm using Danyy's Wordpress plugin to authenticate my apps login against a wordpress login, which works amazingly well (that plugin is slick!). I needed a php script to handle the new user registration, which I think I found a pretty good one to start with... it takes the hard coded user registration fields and creates a new account on my word press site without an issue, with the hard coded data entered into the fields. Now, what I thought was going to be the easier part is turning out to be the harder part. Isn't that always the case? lol. I'm not sure where to start to do the following: 1) Modify the php script below to use variable instead of the hard coded values 2) Tell code to use my text boxes on my registration screen to make variables 3) When calling my dataurl for the script, take those xcode variables and have the php use them instead of the hard coded values. I'm guessing that instead of just pointing to the script, I'm going to have to assemble a URL string with variables, but my php skills are scary at best. And I'm not sure how to get the script to look for these variables in the url that it's given. like .php?username=testuser&password=mypassword or something like that. I thought getting the script to create the account and authenticate against my user database was going to be the hard part, but turns out the part that should be simple is the part giving me the trouble, everything else worked right out of the box. Here is the script I am using, happy to share it. Maybe someone can help with my 1, 2 and 3 above? <?php // ADD NEW USER TO WORDPRESS // ---------------------------------- // Put this file in your Wordpress root directory and run it from your browser. // This will create a new user with whatever name, email and password you assign in the variables below. require_once('wp-blog-header.php'); require_once('wp-includes/registration.php'); // CONFIG $newusername = 'MYUSERNAME'; $newpassword = 'MYPASSWORD'; $newemail = '[email protected]'; // Make sure you set CONFIG variables if ( $newpassword != 'MYPASSWORD' && $newemail != '[email protected]' && $newusername !='MYUSERNAME' ) { // Check that user doesn't already exist if ( !username_exists($newusername) && !email_exists($newemail) ) { // Create user and set role to subscriber $user_id = wp_create_user( $newusername, $newpassword, $newemail); if ( is_int($user_id) ) { $wp_user_object = new WP_User($user_id); $wp_user_object->set_role('subscriber'); echo 'Successfully created new user!'; } else { echo 'Error with wp_insert_user. No users were created.'; } } else { echo 'This user or email already exists. Nothing was done.'; } } else { echo 'Whoops, looks like you did not set a password, username, or email'; echo 'before running the script. Set these variables and try again.'; }

Just to see if I'm on the right track, again not knowing php very well, I tried this in the script: $newusername = $_POST['username']; $newpassword = $_POST['password']; $newemail = $_POST['email']; and tried passing the variables into a url like this: http://mydomain.com/newuser.php?username=testing1&password=testing1&[email protected] But it's not working. Am I on the right track? Again, my php skills suck, lol.

Hi Ninja! All you should need to do, is replace the config with this: // CONFIG $newusername = urldecode($_GET["newusername"]); $newpassword = urldecode($_GET["newpassword"]); $newemail = urldecode($_GET["newemail"]); What this will allow you to do, is put the parameters in a url, for example: http://mywordpress.com/?username=bob&password=1234&newemail=randomemail%40bob.com Just like you wanted! The one thing is, you will need to urlencode the password, username and email so that the browser accepts special characters (in the username, password or email) as a valid url. You probably want to urlencode them from xcode. You can test it with this tool: http://meyerweb.com/eric/tools/dencoder/

Thanks Cake! I'll give it a try now. Just fiddling around, I got it to work for the first variable (username) like this: $newusername = $_GET['username']; $newpassword = $_GET['password']; $newemail = $_GET['email']; And my URL was this: http://mydomain.com/newuser.php?username=testing1&password=testing&email=test But for some reason it created an account with only the username... no password or email fields filled out. Almost like the second and third variables were not being passed for some reason (even when I didn't use special characters in the email field, just "test" instead of an email address)

Nevermind, your solution worked perfectly. Thanks CakeBit! For my own reference, here is what I used (had to make a few minor edits, just posting it so I can refer to it later and not lose it, lol): // CONFIG $newusername = urldecode($_GET["newusername"]); $newpassword = urldecode($_GET["newpassword"]); $newemail = urldecode($_GET["newemail"]); URL: http://mywordpresssite.com/newuser.php?newusername=bob&newpassword=1234&newemail=randomemail%40bob.com NOW... off to try to get xcode to use the text entered into the text boxes as variables and construct the url string and send it. ;)

Awesome!

Hi, Thanks for your kind words about the Wordpress login script. Glad you like it. I only want to add to this conversation is that you have to be very careful with things you want to store in the database. Make very sure you clean and sanitize all variables before you insert them into the database. If you don't do that, a hacker or someone with programming experience can ruin your complete database in a wink (sql-injection, cross-site-scripting etc)! Hope this helps. Best Regards, Danny

Thanks Danny. Yep, I plan on implementing some safeguards for that... plus it's not a traditional wordpress site like you might think... it's basically a dedicated installation only used to handle the login of the app. There's no actual content on the "site" itself... but yeah, sql injection is certainly something I'm keeping an eye out for while doing this project. It helps where the urls won't be publicly displayed anywhere, but yeah, any hacker with a port sniffer would be able to find where it's posting to. I also have certain characters blocked out when the url is encoded, to prevent some things. As an extra safety precaution, I plan on having the host run a CRON job to backup the database at least once a day, if not more than that, just in case. @Cakebit (or anyone else): Everything is working the way it should now... login form registers new users, parses the url, sends it to WP, etc. The only thing I can't seem to figure out a way to do is to determine if the PHP script was a success or failure. The script itself echo's a different response for each, as you can see in the script posted in my first post... but whats the best way to get xcode to see it? Right now, my xcode just throws the URL out there, which runs the script. I don't have any way of having xcode check the response. I don't have the url loading in a webview or anything, just sending out via NSURL. Any ideas?

Hi Angry Ninja, I don't know the answer. But if I was in your situation I would have a very close look on how the default buzztouch login plugin works. It gets a json response back like "success" (if I remember correctly) if the login credentials are correct. in your case, if the registration was succesful, add a "success" in json too and let Xcode get that message (and follow up what a thank you message or whatever) just like the login plugin. So basically if registration was successful: 1 add values to database 2 show json success message 3 let Xcode search for "success" and based on this perform action Best Regards, Danny

Yep, tried that... it's a little over my head :(

Danny, You are completely right! The Wordpress class that Angry will be using should be safe against SQL Injection. That said, it would be wise to scrub our parameters for safety so that in the situation this process was compromised the Wordpress backend would remain secure. Here is a complete example of how I would do it: <?php // ADD NEW USER TO WORDPRESS // ---------------------------------- // Put this file in your Wordpress root directory and run it from your browser. // This will create a new user with whatever name, email and password you assign in the variables below. require_once('wp-blog-header.php'); require_once('wp-includes/registration.php'); // Define Variables: $newusername = ""; $newpassword = ""; $newemail = ""; //Add value to variables: $newusername = mysqli_real_escape_string(urldecode($_GET["newusername"])); $newpassword = mysqli_real_escape_string(urldecode($_GET["newpassword"])); $newemail = mysqli_real_escape_string(urldecode($_GET["newemail"])); // Make sure you set CONFIG variables if ( $newpassword != '' && $newemail != '' && $newusername !='' ) { if ( !username_exists($newusername) && !email_exists($newemail) ) { // Create user and set role to subscriber $user_id = wp_create_user( $newusername, $newpassword, $newemail); if ( is_int($user_id) ) { $wp_user_object = new WP_User($user_id); $wp_user_object->set_role('subscriber'); echo 'Successfully created new user!'; } else { echo 'Error with wp_insert_user. No users were created.'; } } else { echo 'This user or email already exists. Nothing was done.'; } } else { echo 'Whoops, looks like you did not set a password, username, or email'; echo 'before running the script. Set these variables and try again.'; } ?> Download it here: https://dl.dropboxusercontent.com/u/37533602/Wordpress.php.zip

Sweet, thanks Cake! Just downloaded it and will try it out in the morning. Any ideas on the detection of success or fail from xcode? My one thought was to detect the title of the page through xcode, and have the title change dynamically if login was a failure, or leave as a default if it was a success... but seems that changing the title dynamically requires java script (document.title), and I cant seem to get the above script to play nice with it.

Wow... after looking at options for scraping the results of the php web script results message, checking out complicated libraries, etc... I found a simple 3 code line solution for the easiest html scraping ever. I simply load my NSURL into a hidden webview, then use this simple code: NSString *parsed; parsed = [webView stringByEvaluatingJavaScriptFromString:@"document.body.innerText"]; NSLog(@"parsed=%@", parsed); Now, whatever text displays in the webview is put into a string variable, and I can simply do a comparison to see if the user successfully logged in or not. I can't believe that html web page scraping is that easy! I thought I was going to have to add multiple files, external libraries, and tons of code. NOPE!

@CakeBit: Everything works great with the default fields in WP using the script, but I can't seem to get it to work with new fields. I have even manually created the fields in my WP database, and it doesn't save them. Here is what I'm using for the script to test it with. Notice the custom field named "rpr_city": <?php //============================================================================ // ADD NEW USER TO WORDPRESS (put this file in root directory of wordpress) //============================================================================ require_once('wp-blog-header.php'); require_once('wp-includes/registration.php'); //============================================================================ // SETUP VARIABLE DATA FIELDS //============================================================================ $newusername = urldecode($_GET["newusername"]); $newpassword = urldecode($_GET["newpassword"]); $newemail = urldecode($_GET["newemail"]); $rpr_city = urldecode($_GET["rpr_city"]); //============================================================================ // MAKE SURE THE USER DOESN'T ALREADY EXIST //============================================================================ if ( !username_exists($newusername) && !email_exists($newemail) ) { //============================================================================ // CREATE THE USER AND SET DEFAULT ROLE AS "SUBSCRIBER" //============================================================================ $user_id = wp_create_user( $newusername, $newpassword, $newemail, $rpr_city); if ( is_int($user_id) ) { $wp_user_object = new WP_User($user_id); $wp_user_object->set_role('subscriber'); add_user_meta( $user_id, 'rpr_city', $rpr_city); //============================================================================ // OUTPUT STATUS MESSAGE BASED ON SUCCESS OR FAILURE //============================================================================ echo 'Successfully created new user!'; } else { echo 'Error with wp_insert_user. No users were created.'; } } else { echo 'This user or email already exists. Nothing was done.'; }

DOH! Forgot to connect my outlets in xcode... it was passing null to the url string. lol It's working now :)

Glad you got it working!! I hope to see you in the chat some time!

Hey Cake or Danny, Using a script similar to the one above, do you know how I would post a variable to an existing field in my database if the table already exists? For example, if I took the users coin value from my app (let's call it $coins), and posted it to the users account under an existing record and table names $coins, what would an example of the php look like? Same thing if I wanted to retrieve and display it instead of posting it. Sorry, I get a little lost when it comes to php

I'll see what I can make for you! Are you using the Wordpress database, or a custom one? Also, come join the chat sometime! We've missed your voice! http://buzztouch.me/chat/

Thaks. I'm using the wordpress database, but with custom fields added. I'll Pm you a copy of what I'm using, for both PHP and Code. Yeah, this app has had me a bit busy lately, so I haven't been in chat for awhile... gonna have to change that :)

@Angry Ninja, AWESOME!

@Cakebit: I just sent you 2 PM's... ignore the code in the first one... the second one has the downloadable project and script. ;)

Hello All. Please I need assistance on how i can get users to redirect to a screen AFTER authentication using the Login plugin. What I need done is to have my buzztouch app redirect to a screen automatically once user has been authenticated. Also, I need a way to keep the session of the user such that I can be able to make references to the user (e.g call the user id/name of the user etc). Any help will be much appreciated!

Hello, I just finished my first app, is a version of a wordpress page, but I need to create a login screen with data from wordpress to save the session in the app . How I can get Danyy's Wordpress plugin to authenticate my app? Thanks