book

Building Web Apps with WordPress

by Brian Messenlehner, Jason Coleman

April 2014

Intermediate to advanced

462 pages

10h 48m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Who This Book Is ForWho This Book Is Not ForWhat You’ll LearnAbout the CodeConventions Used in This BookUsing Code ExamplesSafari® Books OnlineHow to Contact UsAcknowledgments
Foreword
1. Building Web Apps with WordPress
What Is a Website?What Is an App?What Is a Web App?Features of a Web AppWhy Use WordPress?You Are Already Using WordPressContent Management Is Easy with WordPressUser Management Is Easy and Secure with WordPressPluginsFlexibility Is ImportantFrequent Security UpdatesCost.NET AppWordPress AppResponses to Some Common Criticisms of WordPressWhen Not to Use WordPressYou Plan to License or Sell Your Site’s TechnologyThere Is Another Platform That Will Get You “There” FasterFlexibility Is NOT Important to YouYour App Needs to Be Highly Real TimeWordPress as an Application FrameworkWordPress Versus MVC FrameworksMVC plugins for WordPressModels = pluginsViews = themesControllers = template loaderAnatomy of a WordPress AppWhat Is SchoolPress?SchoolPress Runs on a WordPress Multisite NetworkThe SchoolPress Business ModelMembership Levels and User RolesClasses Are BuddyPress GroupsAssignments Are a Custom Post TypeSubmissions Are a (Sub)CPT for AssignmentsSemesters Are a Taxonomy on the Class CPTDepartments Are a Taxonomy on the Class CPTSchoolPress Has One Main Custom PluginSchoolPress Uses a Few Other Custom PluginsSchoolPress Uses the StartBox Theme Framework
2. WordPress Basics
WordPress Directory StructureRoot Directory/wp-admin/wp-includes/wp-content/wp-content/plugins/wp-content/themes/wp-content/uploads/wp-content/mu-pluginsWordPress Database Structurewp_optionsFunctions Found in /wp-includes/option.phpadd_option( $option, $value = ', $deprecated = ', $autoload = yes )update_option( $option, $newvalue )get_option( $option, $default = false )delete_option( $option )wp_usersFunctions Found in /wp-includes/…wp_insert_user( $userdata )wp_create_user( $username, $password, $email )wp_update_user( $userdata )get_user_by( $field, $value )get_userdata( $userid )wp_delete_user( $id, $reassign = novalue )wp_usermetaget_user_meta( $user_id, $key = '', $single = false )update_user_meta( $user_id, $meta_key, $meta_value, $prev_value = '' )add_user_meta($user_id, $meta_key, $meta_value, $unique = false)delete_user_meta($user_id, $meta_key, $meta_value = '')wp_postsFunctions found in /wp-includes/post.phpwp_insert_post($postarr, $wp_error = false)wp_update_post( $postarr = array(), $wp_error = false )get_post( $post = null, $output = OBJECT, $filter = raw )get_posts($args = null)wp_delete_post( $postid = 0, $force_delete = false )wp_postmetaFunctions Found in /wp-includes/post.phpget_post_meta($post_id, $key = '', $single = false)update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '')add_post_meta($post_id, $meta_key, $meta_value, $unique = false)delete_post_meta($post_id, $meta_key, $meta_value = '')wp_commentsFunctions Found in /wp-includes/comment.phpget_comment( $comment, $output = OBJECT )get_comments( $args = '' )wp_insert_comment( $commentdata )wp_update_comment( $commentarr )wp_delete_comment( $comment_id, $force_delete = false )wp_commentsmetaFunctions Found in /wp-includes/comment.phpget_comment_meta($comment_id, $key = '', $single = false)add_comment_meta($comment_id, $meta_key, $meta_value, $unique = false)update_comment_meta($comment_id, $meta_key, $meta_value, $prev_value = '')delete_comment_meta($comment_id, $meta_key, $meta_value = '')wp_linkswp_termsFunctions Found in /wp-includes/taxonomy.phpget_terms( $taxonomies, $args = '' )get_term( $term, $taxonomy, $output = OBJECT, $filter = raw )wp_insert_term( $term, $taxonomy, $args = array() )wp_update_term( $term_id, $taxonomy, $args = array() )wp_delete_term( $term, $taxonomy, $args = array() )wp_term_taxonomy/wp-includes/taxonomy.phpget_taxonomies( $args = array(), $output = names, $operator = and )get_taxonomy( $taxonomy )register_taxonomy( $taxonomy, $object_type, $args = array() )wp_term_relationshipsget_object_taxonomies( $object, $output = names )wp_get_object_terms( $object_ids, $taxonomies, $args = array() )wp_set_object_terms( $object_id, $terms, $taxonomy, $append = false )Extending WordPress
3. Leveraging WordPress Plugins
The GPLv2 LicenseInstalling WordPress PluginsBuilding Your Own PluginFile Structure for an App Plugin/adminpages//classes//css//js//images//includes//includes/lib//pages//services//scheduled//schoolpress.phpAdd-Ons to Existing PluginsUse Cases and ExamplesThe WordPress LoopWordPress Global Variables$wpdbUsing custom DB tablesRunning queriesEscaping in DB queriesSELECT queries with $wpdbInsert, replace, and updateAction HooksFiltersFree PluginsAll in One SEO PackBadgeOSCustom Post Type UIPosts 2 PostsMembersW3 Total CachePremium PluginsGravity FormsBackup BuddyWP All ImportCommunity PluginsBuddyPressDatabase tablesComponentsPagesSettingsProfile fieldsBuddyPress plugins
4. Themes
Themes Versus PluginsWhen Developing AppsWhen Developing PluginsWhen Developing ThemesThe Template HierarchyPage TemplatesSample Page TemplateUsing Hooks to Copy TemplatesWhen to Use a Theme TemplateTheme-Related WP FunctionsUsing locate_template in Your PluginsStyle.cssVersioning Your Theme’s CSS FilesFunctions.phpThemes and Custom Post TypesPopular Theme FrameworksWP Theme Frameworks_s (Underscores)StartBoxGenesisNon-WP Theme FrameworksCreating a Child Theme for StartBoxIncluding Bootstrap in Your App’s ThemeMenusNav MenusDynamic MenusResponsive DesignDevice and Display Detection in CSSDevice and Feature Detection in JavaScriptDetecting the screen and window size with JavaScript and jQueryFeature detection in JavaScriptDevice Detection in PHPBrowser detection in WordPress coreBrowser detection with PHP’s get_browser()Final Note on Browser DetectionVersioning CSS and JS Files
5. Custom Post Types, Post Metadata, and Taxonomies
Default Post Types and Custom Post TypesPagePostAttachmentRevisionsNav Menu ItemDefining and Registering Custom Post Typesregister_post_type( $post_type, $args );labellabelsmenu_namedescriptionpublicly_queryableexclude_from_searchcapability_typecapabilitiesmap_meta_caphierarchicalpublicrewritehas_archivequery_varsupportsregister_meta_box_cbpermalink_epmasktaxonomiesshow_uimenu_positionmenu_iconcan_exportshow_in_nav_menusshow_in_menushow_in_admin_bardelete_with_user_builtin_edit_linkWhat Is a Taxonomy and How Should I Use It?Taxonomies Versus Post MetaCreating Custom Taxonomiesregister_taxonomy( $taxonomy, $object_type, $args )labellabelshierarchicalupdate_count_callbackrewritequery_varpublicshow_uishow_in_nav_menusshow_tagcloudshow_admin_columncapabilitiesregister_taxonomy_for_object_type( $taxonomy, $object_type )Using Custom Post Types and Taxonomies in Your Themes and PluginsThe Theme Archive and Single Template FilesGood Old WP_Query and get_posts()Metadata with CPTsadd_meta_box( $id, $title, $callback, $screen, $context, $priority, $callback_args )Custom Wrapper Classes for CPTsExtending WP_Post Versus Wrapping ItWhy Use Wrapper Classes?Keep Your CPTs and Taxonomies TogetherKeep It in the Wrapper ClassWrapper Classes Read Better
6. Users, Roles, and Capabilities
Getting User DataAdd, Update, and Delete UsersHooks and FiltersWhat Are Roles and Capabilities?Checking a User’s Role and CapabilitiesCreating Custom Roles and CapabilitiesExtending the WP_User ClassAdding Registration and Profile FieldsCustomizing the Users Table in the DashboardPluginsTheme My LoginHide Admin Bar from Non-AdminsPaid Memberships ProPMPro Register HelperMembers
7. Other WordPress APIs, Objects, and Helper Functions
Shortcode APIShortcode AttributesNested ShortcodesRemoving ShortcodesOther Useful Shortcode-Related FunctionsWidgets APIBefore You Add Your Own WidgetAdding WidgetsDefining a Widget AreaEmbedding a Widget Outside of a Dynamic SidebarDashboard Widgets APIRemoving Dashboard WidgetsAdding Your Own Dashboard WidgetSettings APIDo You Really Need a Settings Page?Could You Use a Hook or Filter Instead?Use Standards When Adding SettingsIgnore Standards When Adding SettingsRewrite APIAdding Rewrite RulesFlushing Rewrite RulesOther Rewrite FunctionsWP-CronAdding Custom IntervalsScheduling Single EventsKicking Off Cron Jobs from the ServerUsing Server Crons OnlyWP MailSending Nicer Emails with WordPressFile Header APIAdding File Headers to Your Own FilesAdding New Headers to Plugins and Themes
8. Secure WordPress
Why It’s ImportantSecurity BasicsUpdate FrequentlyDon’t Use the Username “admin”Use a Strong PasswordExamples of Bad PasswordsExamples of Good PasswordsHardening Your WordPress InstallDon’t Allow Admins to Edit Plugins or ThemesChange Default Database Tables PrefixMove wp-config.phpHide Login Error MessagesHide Your WordPress VersionDon’t Allow Logins via wp-login.phpAdd Custom .htaccess Rules for Locking Down wp-adminBackup Everything!Scan Scan Scan!Useful Security PluginsSpam-Blocking PluginsAkismetBad BehaviorBackup PluginsBackup BuddyVaultPressScanner PluginsWP Security ScanExploit ScannerBBQAntivirus-OnceLogin and Password-Protection PluginsLimit Login AttemptsAsk Apache Password ProtectWriting Secure CodeCheck User Capabilitiesuser_can( $user, $capability )current_user_can( $capability )current_user_can_for_blog( $blog_id, $capability )Custom SQL StatementsData Validation, Sanitization, and Escapingesc_url( $url, $protocols = null, $_context = display )esc_url_raw( $url, $protocols = null )esc_html( $text )esc_js( $text )esc_attr( $text )esc_textarea( $text )sanitize_option( $option, $value )sanitize_text_field($str)sanitize_user( $username, $strict = false )sanitize_title( $title, $fallback_title = '' )sanitize_email( $email )sanitize_file_name( $filename )wp_kses( $string, $allowed_html, $allowed_protocols = array () )Nonceswp_create_nonce( $action = -1 )wp_verify_nonce($nonce, $action = -1)check_admin_referer($action = -1, $query_arg = _wpnonce)wp_nonce_url( $actionurl, $action = -1 )wp_nonce_field( $action = -1, $name = “_wpnonce”, $referer = true , $echo = true )check_ajax_referer( $action = -1, $query_arg = false, $die = true )

9. JavaScript, jQuery, and AJAX
What Is AJAX?What Is JSON?jQuery and WordPressEnqueuing Other JavaScript LibrariesWhere to Put Your Custom JavaScriptAJAX Calls with WordPress and jQueryManaging Multiple AJAX RequestsHeartbeat APIInitializationClient-side JavaScriptServer-side PHPInitializationClient-side JavaScriptServer-side PHPWordPress Limitations with Asynchronous ProcessingBackbone.js
10. XML-RPC
wp.getUsersBlogswp.getPostswp.getPostwp.newPostwp.editPostwp.deletePostwp.getTermswp.getTermwp.newTermwp.editTermwp.deleteTermwp.getTaxonomieswp.getTaxonomywp.getUserswp.getUserwp.getProfilewp.editProfilewp.getCommentCountwp.getPageTemplateswp.getOptionswp.setOptionswp.getCommentwp.getCommentswp.deleteCommentwp.editCommentwp.newCommentwp.getMediaLibrarywp.getMediaItemwp.uploadFilewp.getPostFormatswp.getPostTypewp.getPostTypes
11. Mobile Apps with WordPress
App WrapperiOS ApplicationsEnrolling as an Apple DeveloperBuilding Your App with XcodeStoryboardView controlleriOS simulatorApp DistributioniOS ResourcesAndroid ApplicationsAndroidManifest.xmlactivity_main.xmlMainActivity.javaCreating an APK fileGetting Your App on Google PlayAndroid ResourcesExtend Your AppAppPresserMobile App Use Cases
12. PHP Libraries, External APIs, and Web Services
ImagickMaxMind GeoIPGoogle Maps JavaScript API v3DirectionsDistance MatrixElevationGeocodingStreet View ServicePractical AppGoogle TranslateGoogle+PeopleActivitiesCommentsMomentsAmazon Product Advertising APIRequest ParametersOperationsResponse GroupsTwitter REST API v1.1Set Up Your App on Twitter.comLeverage a PHP LibraryFacebookPicturesSearchPermissionsBuilding an ApplicationLeverage What’s Out ThereTwilioMicrosoft SharepointWe Missed a Few
13. Building WordPress Multisite Networks
Why Multisite?Setting Up a Multisite NetworkManaging a Multisite NetworkDashboardSitesUsersThemesPluginsSettingsOperational SettingsRegistration SettingsNew Site SettingsUpload SettingsMenu SettingsUpdatesMultisite Database StructureNetwork-Wide Tableswp_blogswp_blog_versionswp_registration_logwp_signupswp_sitewp_sitemetaIndividual Site TablesShared Site TablesMultisite PluginsWordPress MU Domain MappingBlog CopierMore Privacy OptionsMultisite Global SearchMultisite Robots.txt ManagerBasic Multisite Functionality$blog_idis_multisite()get_current_blog_id()switch_to_blog( $new_blog )restore_current_blog()get_blog_details( $fields = null, $get_all = true )update_blog_details( $blog_id, $details = array() )get_blog_status( $id, $pref )update_blog_status( $blog_id, $pref, $value )get_blog_option( $id, $option, $default = false )update_blog_option( $id, $option, $value )delete_blog_option( $id, $option )get_blog_post( $blog_id, $post_id )add_user_to_blog( $blog_id, $user_id, $role )create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 )Functions We Didn’t Mention
14. Localizing WordPress Apps
Do You Even Need to Localize Your App?How Localization Is Done in WordPressDefining Your Locale in WordPressPrepping Your Strings with Translation Functions__($text, $domain = “default”)_e($text, $domain = “default”)_x($text, $context, $domain = “default”)_ex($title, $context, $domain = “default”)Escaping and Translating at the Same TimeCreating and Loading Translation FilesOur File Structure for LocalizationGenerating a .pot FileCreating a .po FileCreating a .mo FileLoading the TextdomainLocalizing Nonstring Assets
15. Ecommerce
Choosing a PluginShopping Cart PluginsOur favorite: JigoshopNotable runner-up: WooCommerceMembership PluginsOur favorite: Paid Memberships ProDigital DownloadsOur favorite: Easy Digital DownloadsPayment GatewaysMerchant AccountsSSL Certificates and HTTPSInstalling an SSL Certificate on Your ServerSSL with Paid Memberships ProSSL with JigoshopWordPress Login and WordPress Admin over SSLWordPress Frontend over SSLSSL on Select PagesAvoiding SSL Errors with the “Nuclear Option”Setting Up Software as a Service (SaaS) with Paid Memberships ProThe Software as a Service ModelStep 0: Figure Out How You Want to Charge for Your AppStep 1: Installing and Activating Paid Memberships ProStep 2: Setting Up the LevelStep 3: Setting Up PagesStep 4: Payment SettingsStep 5: Email SettingsStep 6: Advanced SettingsStep 7: Locking Down PagesLock down a specific pageLock down a page by URLLock down a portion of a page by shortcodeLock down a portion of a page by PHP code using the pmpro_hasMembershipLevel() functionStep 8: Customizing Paid Memberships ProRestricting nonmembers to the homepageLocking down filesChange user roles based on membership levelsInternational and long-form addressesUpgrade/downgrade pricing
16. WordPress Optimization and Scaling
TermsOrigin Versus EdgeTestingWhat to TestChrome Debug BarApache BenchInstalling Apache BenchRunning Apache BenchTesting with Apache BenchGraphing Apache Bench results with gnuplotSiegeBlitz.ioW3 Total CachePage Cache SettingsMinifyDatabase CachingObject CacheCDNsGZIP CompressionHostingWordPress-Specific HostsRolling Your Own ServerApache server setupNginx server setupNginx in front of ApacheMySQL optimizationadvanced-cache.php and object-cache.phpAlternative PHP Cache (APC)MemcachedRedisVarnishBatcacheSelective CachingThe Transient APIMultisite TransientsUsing JavaScript to Increase PerformanceCustom TablesBypassing WordPress
Index
Colophon
Copyright

Content preview from Building Web Apps with WordPress

Chapter 6. Users, Roles, and Capabilities

Back in Chapter 1, we established logins as a crucial component of any web app. One of the great things about using WordPress for your apps is that you get fully featured user management out of the box.

The base WordPress app includes:

Secure logins with passwords that are salted and hashed
User records with an email address, username, display name, avatar, and bio
Admin views to browse, search, add, edit, and delete users
User roles to separate administrators from editors, authors, contributors, and subscribers
Pages for users to login, register, and reset passwords

By using various WordPress functions and APIs, we can:

Add and manage user meta or profile fields for each user.
Define custom roles and capabilities for finer control over which users have access to what.

Managing users in WordPress is a fairly straightforward affair. The User tab in the dashboard makes it easy to browse, search, add, edit, and delete users. It’s easy to manage users via code as well.

This chapter will cover:

How to access user data in your code
How to add custom fields to users
How to customize the user profiles and reports in the dashboard
How to add, update, and delete users
How to define custom roles and capabilities
How to extend the WordPress User class to create your own user-focused classes

Getting User Data

In this section, we’ll go over how to instantiate a WordPress user object in code and how to get basic user information, like login and ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Wordpress Web Application Development - Third Edition

Publisher Resources

ISBN: 9781449364779Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Building Web Apps with WordPress

by Brian Messenlehner, Jason Coleman

Chapter 6. Users, Roles, and Capabilities

Getting User Data

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.