There’s a great article over at Theme.fm on Using the Google Analytics Data Feed API in WordPress which covers some pretty interesting techniques to grab and make use of data stored in your Google Analytics profile, like what are your top 10 posts this month, or what were the most searched ones, etc. I’ve authored that article so feel free to ask questions ;)
WordPress, Automattic and Open Source
Tag Archives: api
WordPress and Magic Quotes
This is crazy, and based on a post called WordPress and PHP magic quotes: you want to run me crazy! by Stefano Lissa. I’m writing a plugin prototype for WordPress that uses the new Facebook Graph API to post stuff to my wall on Facebook (upcoming blog post). The original Facebook PHP SDK comes in very handy when working with the Facebook API, and I had quite some fun using it, but..
I’ve been trying to figure this out for hours! I had code working outside WordPress and once I pumped it into a plugin it suddenly stopped authorizing me. I had to dig through the facebook.php code to figure out what’s happening, and here it is. The getSession() method uses the get_magic_quotes_gpc function and strips the slashes from the $_COOKIE superglobal if it’s switched on. Of course, that’s the correct logic supporting both php 5 and php 6, but not WordPress.
I looked through the latest (3.0.1) WordPress core code and was quite surprised to see a function called wp_magic_quotes(). Oh my god, thought I! Commented as: Add magic quotes and set up $_REQUEST ( $_GET + $_POST ).
What the hell is that? Okay, let’s see:
$_GET = add_magic_quotes($_GET); $_POST = add_magic_quotes($_POST); $_COOKIE = add_magic_quotes($_COOKIE); $_SERVER = add_magic_quotes($_SERVER);
How does that sound? So all my apps, plugins, external libraries working with server variables (like Facebook does with cookies) are not allowed to use the magic quotes function? This means that working with WordPress, we must initially assume that all these are quoted, no matter what the php settings are. I don’t even know what question to ask here, perhaps: Is this the way things are done? Why?
To be honest this is getting me a little frustrated. Not by the fact that they’re slashing the whole input (although I don’t see a reason to) but, heh, I’ve been coding based on WordPress for over two years now, and never came across anything like this. Did I miss something in the Getting Started guide? ;) Anyways, the easiest way to get this working is to replace your get_matic_quotes_gpc function with 1, which says it is always switched on.
Eh, Monday morning disappointment ;) Cheers, and thanks for sharing the post!
Highcharts: Pure Javascript Charts API
I was working on a project lately that involved charts and graphs which had to be interactive, lightweight and somewhat complicated. I looked through quite a lot of different chart APIs, and for some time thought that I’d have to go with Open Flash Chart which is good and simple, but it was Flash. There’s nothing wrong with Flash, but Flash is what makes it more complicated to modify and extend. The standard OFC functionality seemed to work fine for me, but soon I came across Highcharts.
Highcharts is purely written in javascript and uses some advanced SVG to render the content. It’s quite impressive and very well documented. Chart control is all done via javascript, and all the options available make it very flexible and extensible. Since everything’s done in javascript it fits well with PHP without having to write tonnes of code or use some third-party library. The json_encode function comes in very handy when passing options from PHP to Highcharts.
Highcharts is free for personal use, commercial licenses start from $80, which is quite okay. Check out the Highcharts Demo page for some terrific usage examples. Happy charting and thanks for sharing!
How To: Retrieve a User ID via SOAP in SugarCRM
Following the Lead Generation Forms with WordPress and SugarCRM post, I came across the need to assign the generated lead to some person in the CRM. It would be easy if you could do it by simply using usernames in the system, but unfortunately usernames may change, but user IDs do not.
User IDs in SugarCRM are stored in a 36-byte alphanumeric string with symbols, which is easy to capture from the database, but not very usable that way. I worked a little more on the snippet I gave before and came up with a new function called getUserId, where a search is performed based on the username.
I’m not sure if this is very secure, but will surely work if you need to simply capture the ID of a certain user and perhaps hard-code it in your script or settings file. Make sure you read the previous post about SugarCRM to capture the whole Sugar class together with the authentication and lead creation functions. The following function is simply an addition to the class:
function getUserId($username)
{
$result = $this->soap->call('get_entry_list', array(
'session' => $this->session,
'module_name' => 'Users',
'query' => "user_name = 'pavel'",
'max_results' => 1
));
return $result;
}
Once you’re done with that, use your sugar object to authenticate and request for a user id:
$sugar = new SugarCRM('username', 'password');
$sugar->login();
$result = $sugar->getUserId('john');
print_r($result);
So $result will contain an array where you’ll find the alphanumeric ID of the person with the username “john”.
I believe there was some other method for doing that in SugarCRM version prior to 5.5.2 CE, but the new SOAP Web Services are mostly based on a few general methods – get_entry, get_entry_list, set_entry, etc, which are applicable to basically any module including Users.
Now, in order to assign the new lead to your retrieved user (using the createLead function), just add an extra parameter to the array:
$result = $sugar->createLead(array( 'lead_source' => 'Web Site', 'lead_source_description' => 'Contact form on my website', 'lead_status' => 'New', 'first_name' => $_POST['firstname'], 'last_name' => $_POST['lastname'], 'phone_work' => $_POST['phonenumber'], 'description' => $_POST['description'], 'email1' => $_POST['email'], 'assigned_user_id' => $user_id // Your ID goes here ));
Now your newly created leads will be assigned to your user, which is quite convenient when you have e-mail notifications turned on during assignment. Hope that helped somebody! Cheers, and thanks for sharing!
The Twitter API v2 Transition
It’s a mess around the current working copy of the Twitter API, there are more issues than functionality and the whole naming and renaming is a total disaster. Today for instance I tried a simple search query to the API and kept receiving “400 Bad Request” errors without any further explenation. As soon as I changed the address from search.twitter.com to api.twitter.com/1 (I got this from Abraham Williams’ php code), which is not clearly mentioned anywhere in the Twitter docs, everything started working fine.
But then I realised that the from_user_id field that’s being returned is far from the correct user ID. People in the Twitter Development Talk Google group stated this problem a few times (since March 2009 I believe). It seems that the “wrong” user IDs are meant for the second version of the Twitter API, thus cannot be used before it’s released. But wait! What the hack should I do with my app now? It’s not working y’know! Here you go:
$response = $oauth->get('search', array('q' => $search_query));
foreach($response->results as $result)
{
$id = $result->id;
$text = $result->text;
$user_name = $result->from_user;
$user = $oauth->get("users/show", array("screen_name" => $user_name));
$user_id = $user->id; // Get the old-style user ID
}
Yeah, that’s one extra API call, but it solves things temporarily ;)
I guess there’s nothing that we could really do right now, and it’s probably true that we’ll have to rewrite some parts of our code as soon as Twitter API v2 is released, but then again, what about the apps which stopped development? Will they stop working? Tonnes of Twitter clients and web apps still use basic authentication. Twitter mentioned that everybody must use OAuth these days, and that basic auth will be closed sooner or later.
Oh well, software comes, software goes. The best thing to do right now would be sign up to Twitter API Announce Google group and follow @twitterapi. By the way, @web2feed can now use the new features of the API to retweet messages based on hashtags and build user lists ;)
The Twitter OAuth PHP Class Gets Even Better
Or perhaps simpler?.. Together with the Twitter API itself, the TwitterOAuth PHP class (the one by Abraham Williams) is being updated too! According to GitHub the latest changeset was commited on December 3rd so yeah, I tried to take a look at what’s going on there a few days ago and was quite disapointed. Disappointed with the fact that all my previous code was broken without giving any reason.
Just like everybody else, I never read the readme or other documentation files so I dug straight into the class code and examples. Soon after I realized that the new changes were not that bad, so instead of the usual 5 lines of code, I shortened it up to only one. I stopped worrying about parsing XML or JSON, converting them to objects, and I stopped typing in the full address for Twitter API calls. Abraham did all that for us, so all we have left is:
$credentials = $oauth->get("account/verify_credentials");
if ($oauth->http_code == 200)
echo "Hey there, {$credentials->screen_name}!";
I’m not going to publish all the new features and stuff (read about them at GitHub), but hey, this is quite sweet isn’t it? The only drawback was having to rewrite some parts of the code I wrote for the past few months (the Twitter Robots stuff), but I guess that’s partly my bad as it’s not as organized as it should be. That’s the main reason why I’m not publishing the whole code here yet, have a lot of cleaning up to do ;)
Meanwhile you may take a look at this buddy: @web2feed. I turned off the auto-replies because they were getting quite annoying, and I’ve added a couple of feeds to the big list, oh and it’s DM controlled too!
Google Docs API: Client Login with PHP and Curl
A few days ago I started looking deeper into the Google Code APIs and threw a few experiments using the Google Documents List Data API. Unfortunately, the only library they have for the third version of their protocol is written in Java. There is a PHP wrapper for the first version of the protocol, but it totally depends on the Zend Framework. Here’s a little code snippet for logging into a Google Docs account (writely) using ClientLogin with Curl and PHP. The Auth string is stored into the $auth variable for later use.
// Construct an HTTP POST request
$clientlogin_url = "https://www.google.com/accounts/ClientLogin";
$clientlogin_post = array(
"accountType" => "HOSTED_OR_GOOGLE",
"Email" => "yourgoogle@email.com",
"Passwd" => "yourgooglepassword",
"service" => "writely",
"source" => "your application name"
);
// Initialize the curl object
$curl = curl_init($clientlogin_url);
// Set some options (some for SHTTP)
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clientlogin_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
// Execute
$response = curl_exec($curl);
// Get the Auth string and save it
preg_match("/Auth=([a-z0-9_-]+)/i", $response, $matches);
$auth = $matches[1];
echo "The auth string is: " . $auth;
ClientLogin assumes you login once and use the auth string for all on-going requests (more info: ClientLogin – Google Code). Here’s a simple example of how to retrieve some data from a Google Docs account, show filename, author and file type. Make sure the simplexml php extension is installed and activated.
// Include the Auth string in the headers
// Together with the API version being used
$headers = array(
"Authorization: GoogleLogin auth=" . $auth,
"GData-Version: 3.0",
);
// Make the request
curl_setopt($curl, CURLOPT_URL, "http://docs.google.com/feeds/default/private/full");
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_POST, false);
$response = curl_exec($curl);
curl_close($curl);
// Parse the response
$response = simplexml_load_string($response);
// Output data
foreach($response->entry as $file) {
echo "File: " . $file->title . "<br />";
echo "Type: " . $file->content["type"] . "<br />";
echo "Author: " . $file->author->name . "<br /><br />";
}
It seems though that Google Docs is purely for documents (spreadsheets and presentations) but not for actual files, as a JPEG I uploaded turned into a text/html type. It opens up in the text editor when viewing in Google Docs, and the nearest-to JPEG export format is PDF (just like all the other documents). So I guess there’s no way of reading and manipulating the raw image as if I would read and manipulate a file.
I came across a cool website which I believe the Googlers have made – Data Liberation:
Users should be able to control the data they store in any of Google’s products. Our team’s goal is to make it easier for them to move data in and out.
I’m working on a little project that involves image (and file) hosting, so the products I’m interested in are Google Docs and Picasa Web Albums. It seems that none of the two make it possible to store and work with files as if it was a flash disk or an FTP server. Google Docs is the closest one but there’s a huge limit on what kind of files you can upload and store. Picasa on the other hand is good for image storing, but the only way to export a set of images is to use their desktop software and Picasa Web, and of course no actual control over the files (edit, delete) via their Picasa Web API. If only it were a little bit closer to Amazon S3 …
Oh and you should probably use OAuth or AuthSub when working with Web Applications and Google APIs but anyways, this was just a quick example.
Create Your Own Automated Twitter Robot in PHP
The ultimate guide to creating your own personalized twitterfeed clone! Kidding… Actualy this is just a mockup, a simple prototype, which is way too fresh for any actual use. We’ll take this forward step by step. I’m not going to give out all my sources but I’ll guide you through authentication, rss lookup, parsing, thanking for retweets, and shooting random stuff at people that mention your robot.
Here’s a brief list of features we will implement:
- Runs in console, no HTTP access
- Authentication via OAuth, tweeting via OAuth
- RSS lookup, parsing, forming tweets in bound of 140 characters including a postfix (hashtag or RT)
- Tweeting ‘thank you for retweeting’ to users that retweet the robot
- Following people that retweet the robot
- Acting strange on users that mention the robot
All this is going to be setup on a linux box running crond and acting every 15 minutes or so. Are you ready? Let’s do it!
The Importance of Using Twitter API via OAuth
I hope you noticed the latest changes at Foller.me. I’m talking about the new Followers rate section thanks to the TwitterCounter API and of course something I’ve been dreaming about since the launch of the project. You view a profile at Foller.me before making a decision about following that particular person or not, right? And yeah, we had a link at the bottom of the page that lead to their profile on Twitter, where you could click the follow button.
Now we’ve updated that section to a Twitter OAuth powered follow button. This means that once you authorize Foller.me to use your Twitter profile without having to even input your username or password, you can follow people directly from Foller.me, without having to do any extra clicks. Yeah, we’re ready to remove our beta label and as we promised we’re coming up with a few more features and optimizations.
Guess that’s enough for the news section. Now, back to the topic of this post. OAuth. Y’know at the very beginning I was thinking about giving people the chance to input their username and password on Foller.me, but hey, that’s dangerous, right? I still see tonnes of websites and Twitter services, which are super cool, and yes, they still use basic authentication instead of OAuth. Seriously, it took me less than two hours to incorporate OAuth into Foller.me and once somebody has authorized with you (on the server side) you’re able to do all the stuff with their account with no difference from baisc auth! No limitations at all! Please take a look at the Twitter OAuth Examples which include ready-to-use libraries (and classes) for the major programming languages including php, Python, Ruby, .NET and a bunch of others.
So, why bother switch to OAuth? Well, personally I hate websites and Twitter services that would ask me for my Twitter username and password, I start to think that they’re scam (don’t you?), even if they’re not. I repeat, I see tonnes of those, and I gave out my password only to a couple because I really, really wanted to see what’s inside. After that, I immediately picked a new password for my Twitter account. And yes, I really can’t wait till TweetDeck, Seesmic Desktop and the others implement OAuth into their apps. That would make them extra cool, seriously.
Here’s more! There’s also lots of discussion going on in the Twitter Development in Google Groups and I heard somebody mention that the source parameter for your apps will no longer be available sooner or later. Yep, they’re closing down the basic authentication method. I’m not sure when, and the Twitter API Wiki says that the date hasn’t been announced yet, but hey, you should do it now before it’s too late. OAuth applications won’t need any source parameter as Twitter already knows who they are after signing your app with them.
So dear friends, please switch your apps to OAuth, it’s very, VERY important.
Cloud Tips: Backing Up MySQL on Amazon EC2 to S3
Now that I’m all set up in the Amazon cloud I’m starting to think about backups. Elastic Block Storage (EBS) on Amazon is great and the Snapshots (backups) can be generated with a few clicks from the Management Console, but, for a few reasons I’d like to set up my own backup scripts and here’s why:
- Amazon EBS snapshots are cool, but there might be a situation where I’d like to restore only one file, or a few rows from a MySQL dump or whatever. EBS works in bundled mode, this means that you store an image of the hard-drive you’re working it, no matter how many files there are. It might be painful setting up an extra hard-drive just for backups and work with its snapshots
- I don’t believe there’s a feature to schedule or automate EBS snapshots
- I’d like a simple way to download backed up date onto my local PC
- Some of my clients like to get their weekly backups by FTP
I don’t really care about my php files, images and other stuff that’s located on my EBS, cause I’m sure I have local copies of all that. The most important part in all my projects is the data stored in my MySQL database, thus I’m going to show you how to setup a simple shell script to generate daily MySQL backups and a simple php script to upload them to a secure S3 bucket.
Take a look at this simple shell script:
filename=mysql.`date +%d.%m.%Y`.sql.gz
echo Generating MySQL Dump: ${filename}
mysqldump -uyour_username -pyour_password --all-databases | gzip -c9 > /ebs/backups/${filename}
echo Uploading ${filename} to S3 bucket
php /ebs/data/s3-php/upload.php ${filename}
echo Removing local ${filename}
rm -f /ebs/backups/${filename}
echo Complete
I’m assuming you’re familiar with shell scripting, thus there’s no need to explain the first few lines. Don’t forget to type in your own username and password for MySQL access, also, I used the path /ebs/backups/ for my daily MySQL backups. You choose your own.
There are a few scripts located in /ebs/data/s3-php/ including upload.php, which takes a single parameter – filename (don’t put your path there, let’s keep things simple). The script simply reads the given file and uploads it to a preset path into your preset S3 bucket. I’m working with the S3-php5-curl class by Donovan Schonknecht. It uses the Amazon S3 REST API to upload files and it’s just one php file called S3.php, which in my case is located in /ebs/data/s3-php right next to my upload.php script.
Before going on to upload.php take a look at this file which I called S3auth.php:
$access_id = 'your_access_id'; $secret_key = 'your_secret_key'; $bucket_name = 'bucket'; $local_dir = '/ebs/backups/'; $remote_dir = 'backups/';
This is the settings file which I use in upload.php. These particular settings assume your backups will be located in /ebs/backups and will be backed up to an Amazon S3 bucket called ‘bucket’ and in the ‘backups’ directory within that bucket. Using single quotes is quite important, especially with the secret_key, as Amazon secret keys often include the backslash symbol. Here’s the upload.php script:
require("S3.php");
require("S3auth.php");
$s3 = new S3($access_id, $secret_key);
$s3->putBucket($bucket_name, S3::ACL_PRIVATE);
$s3->putObjectFile($local_dir.$argv[1], $bucket_name, $remote_dir.$argv[1], S3::ACL_PRIVATE);
All simple here according to the S3.php class documentation. Notice the $argv[1], that’s the first argument passed to the upload.php script, thus the filename of the backup file.
That’s about everything. Try a few test runs with the shell script (remember to chmod +x it otherwise you’ll not be able to execute it) and finally setup a cron running the script daily. Mine works like a charm!