My site has been down while I’ve tried to figure out (i.e., google someone else’s solution) to a crash caused by WordFence, an excellent utility that, ironically, protects your WordPress blog from various maladies.

The problem is severe: Users of your blog see naught but an error message of this form:

Fatal error: Unknown: Failed opening required ‘/home/dezi3014/public_html/wordfence-waf.php’ (include_path=’…/usr/lib/php /usr/local/lib/php’) in Unknown on line 0

The exact path will vary, but the meaning is the same. It is looking for a file that doesn’t exist. You’ll see the same message when you try to open your WordPress site as administrator. You’ll see it even when you manually uninstall WordPress by logging into your host and deleting the wordfence folder from the wp-content/plugins folder

If you look inside the wordfence-waf.php file (which is in whatever folder you’ve installed WordPress into), it warns you that “Before removing this file, please verify the PHP ini setting `auto_prepend_file` does not point to this.”

Helpful, except my php.ini file doesn’t have any reference to this. (I use MediaTemple.com as my host.) Some easy googling disclosed that the command to look for the file may not be in php.ini, but may be in .htaccess or .user.ini instead. And now you have to find those files.

At least for me, the .user.ini file is in the main folder into which you’ve installed WordPress. In fact, the only line in that file was the one that has the “auto_prepend_file” command. Remove that line and you have your site back.

I assume all of this is too obvious to write about for technically competent people. This post is for the rest of us.

20 Comments »

Perhaps you’d like to post to your WordPress blog from an app that isn’t WordPress.

I know I do. I write most of my posts in an editor (javascript + php) I’ve worked on for over ten years. Someday I’ll clean it up and post it at GitHub so you can all have a laugh. Meanwhile, it intermittently loses its ability to post straight to my blog, so I have to copy and paste the text into the WP editor. But I fixed it again today. So, here’s a tutorial for people at my level of non-technicality. (I got huge help from a post at HurricaneSoftware. Thanks!)

First, make sure that the file xmlrpc.php is installed where you’ve installed your WordPress blog software. This file comes from WordPress itself, and it should be there automatically. Check the permissions; I think it should be 644 but I am terrible at permissions.

I run my homegrown editor from my Mac, using the Apache web server that MAMP supplies. That lets me write blog posts even when I’m not online. That means the directory from which I’m running my JavaScript and PHP is on my hard drive. I keep these files in  /Applications/MAMP/htdocs/blogdraft/. (Blogdraft is the name of the folder in which my code resides.) To the web server, the address looks like this: /localhost/blogdraft/.

The operative part of this is your PHP file. Create an empty text file and name it, let’s say, postViaXmlrcp.php. For a first pass, it should look like this—and the brunt of this comes straight from HurricaneSoftware:

This PHP script relies upon another one, so you have to load it. “Require_once” will do so, and it will remember that it has done so during a session so you won’t waste computer resources reloading it every time you run this script.

You can get this script here. Right click on that link and choose “Save file as…” or however your browser puts it. Put it in the same directory as your PHP script. Make sure you name it “IXR_Librabry.php.inc.” Set its permissions. (See above.) Then leave it alone. 

7	$title=$_REQUEST[‘title’];
8	$body=$_REQUEST[‘body’];
9	$keywords=$_REQUEST[‘tags’];
10	$category=$_REQUEST[‘categoryArray’];
11	$customfields=null;

These lines read data that you’ve sent from the JavaScript that we haven’t written yet. It assigns them to some pretty obviously-named PHP variables.

Notice that we’re doing nothing with the $customfields variable. That’s because I don’t know what to do with it. I would have just deleted that line, but it scares me. And yet fascinates me.

12	$encoding = ini_get(“default_charset”);
13	$title = htmlentities($title,ENT_QUOTES,$encoding);
14	$keywords = htmlentities($keywords,ENT_QUOTES,$encoding);

htmlentities is a PHP function that makes sure that your HTML with all of its weird characters arrive without being translated into something more literal and wrong. Line 12 tells it which character encoding to use. I could have decided on one for you, but instead I’m just using whichever one you already use. We have already established I’m a coward, right?

15	$content = array(
16	‘title’=>$title,
17	‘description’=>$body,
18	‘mt_allow_comments’=>1, // 1 to allow comments
19	‘mt_allow_pings’=>1, // 1 to allow trackbacks
20	‘post_type’=>’post’,
21	‘mt_keywords’=>$keywords,
22	‘categories’=>$category,
23	‘custom_fields’ => array($customfields)
24	);

We are eventually going to be sending all of the content information to  WordPress via XMLRPC. This section packs an array (“$content”) with the information XMLRPC needs, attached to the keywords it loves. If you want to argue about it, take it up with XMLRPC.

26	$client = new IXR_Client(‘http://www.yourblog.com/myWP/xmlrpc.php’);

We now create a new client for the IXR script you downloaded. It wants to know where your xmlrpc.php file is, which should be where the rest of your WordPress files are folders are.

27	$username = “your-WP-username”;
28	$password = “your-WP-password”;

Fill in your WordPress username and password.

29	$params = array(0,$username,$password,$content,true); // Last parameter is ‘true’ which means post immediately, to save as draft set it as ‘false’

Now we’re making another array. This one includes the prior array ($content) as well as your username and password. And note the comment. Setting to “draft” is very useful when you’re playing around with these scripts.

31	if (!$client->query(‘metaWeblog.newPost’, $params)) {
32	die(‘Something went wrong – ‘.$client->getErrorCode().’ : ‘.$client->getErrorMessage());
33	} else { echo “Article Posted Successfully”; } ?>

This does the deed. No one knows how.  If it fails, it’ll pop up the error messages and kill it before it spawns evil. Otherwise, it sends back the message that it posted successfully.

You can test this PHP script by running it in your browser. If you’re running a local web server, you’d enter something like this: /localhost/blogdraft/postViaXmlrcp.php. (That’s assuming you put it in a folder called “blogdraft,” of course.) Check with MAMP or whatever you’re using for your web server for details.

But running this as-is won’t work because it’s expecting the content to be sent to it from the JavaScript we still haven’t written. So, comment out lines #7-11, and insert something like these:

	$title=”TEST TITLE”;
	$body=”<h1>Hello, world!</h1>”
	$keywords=”tag1,tag2″
	$category=array(“cat1″,”cat2”);
	$customfields=null;

Replace the categories (“cat1”, “cat2”) with the names of categories that you actually use. Also, change “true” to “false” in line #29 so you’ll just produce drafts, not actually publish anything yet.

Now when you run this PHP file in your browser ( /localhost/yourLocalFolder/postViaXmlrcp.php), if should create a draft post. Check via the “All posts” page at your WP administration page to see if the draft got created.

When it’s working, comment out the four lines immediately above and uncomment lines #7-11.

The JavaScript

I’m going to pretend that you have some HTML page that has a text box where you can enter the content of your post, a similar box for entering the title, one for entering tags separated by commas, and checkboxes that list the categories you use. I’ll also assume that you use jQuery. So, your HTML might look soomething like this:

So, roughly, here’s what’s happening:

6	<script src=”https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js”></script>

This loads jQuery from Google. Of course you could keep a local copy and include it that way.

8	function postIt(){
9	// get the title
10	var titlecontent = $(“#titlebox”).val();
11	// get the body of the post
12	var bodycontent = $(“#contentbox”).val();
13	// get the tags
14	var tagscontent = $(“#tagsbox”).val();

The postIt function begins by using jQuery to fetch the values entered into the three text areas. (Just in case you don’t know jQuery, “$(“#titlebox”) gets the element with the ID of “titlebox.” And if you don’t want to use jQuery, you can get the same result with: var titlecontent = document.getElementById(‘titlebox’).value.

16	// get an array of all checkboxes in the div
17	var checks = $(“#categories”).find(“input”);
18	// create an empty array
19	var cats = new Array();
20	// go through all the checkboxes
21	for (var i=0; i < checks.length; i++){
22	// is this one checked?
23	if ($(checks[i]).is(‘:checked’)){
24	// if so, then push its value into the array
25	cats.push( $(checks[i]).val() );
26	}
27	}

Creating an array of categories takes a little more work. Line #17 creates an array (“checks”) of all of the checkboxes in the div with the id “categories.” Lines #21-27 look at each of the checkboxes in that array. If line #23 sees that a particular checkbox has in fact been checked, then it puts the value of that checkbox into the created on line #19. (You want the value to be exactly the same as the name of the category in your WordPress installation. Also, remember that the checkbox’s value is not necessarily the same as the text displayed to the user.)

29	$.ajax({
30	type: “POST”,
31	url: “postViaXmlrcp.php”,
32	dataType: JSON,
33	data: {title: titlecontent, body : bodycontent, tags: tagscontent, categoryArray : cats},
34	error: function(e){
35	if (e.responseText.indexOf(“Successfully”) > -1){
36	alert(“Success! Post has been posted! Let the regrets begin!”);
37	}
38	else{
39	alert(‘Error posting blog via xmlrpc: ‘ + e.responseText);
40	}
41	}
42	})

Now we call the PHP script that we created above. We do this via AJAX, using the jQuery syntax, which is much simpler than the native JavaScript way of doing it. Lines #30-40  specify the communication the JavaScript will have with the PHP file.

Line #30: The “POST” here has nothing to do with posting a blog post. It’s stating what sort of transaction we’re about to have with the PHP script.

Line #31: This is the path to the PHP file we’re going to run. If it’s in the same directory as this HTML file, you don’t have to monkey with a path name.

Line #32: We’re going to pass data to the PHP script in the JSON way of expressing data.

Line #33: This creates the JSON we’re going to send. It’s all within curly brackets. There are four phrases, separated by commas. Each phrase consists of a keyword (which you can think of as being like a variable) and a value. We are free to make up whatever keywords we want, so long as those are the keywords we use in the PHP file to fetch the data that they label; see lines #7-10 in the PHP script above.

Line #44: If there is an error in the PHP, it will send back some information. There is also an equivalent “success:” function available. But I’m doing something wrong, because even when the PHP works and the blog gets posted, I still get an error message. If you go back to Line #33 of the PHP, you’ll see that if the PHP succeeds, it sends the message “Article Posted Successfully.” For reasons I don’t understand, that message shows up in the “error:” function of the AJAX. So, I check the message. If it has the word “Successfully” in it, the script alerts the user that the post has been posted. If it does not, on line #39 it posts an error message.

That’s it. If it doesn’t work, it’s because you’re doing something wrong,  starting with listening to me. Obviously I can’t help you since I don’t even know how this thing works.

Good luck!

3 Comments »

Thanks to Mirek Sopek, the folks at Mako Lab diagnosed why my new WordPress blog template was going all wonky in Internet Explorer 9. Even after I’d discovered that the problem was that I was declaring the HTML page with Quirks, I’d put the type declaration in the wrong spot. I put it at the top of header.php, thinking that would put it at the top of the HTML page that WordPress assembles out of various files. Nope. You have to put it at the top of the index.php file. D’oh!

We still don’t know why it worked on my copy of IE 9, at the same version level and both 64-bit.

Thank you Mirek and Mako Lab! I would never have figured this out without you.

2 Comments »

I’m posting this so I’ll remember, and in case someone else is googling around for it.

I have a little editor I wrote in javascript for creating blogposts. When I’m done editing, it loads the transmogrified text into an iframe that contains the WordPress /wp-admin/post.php page (which is the one you create posts with). Except that it stopped working recently, giving me “X-FRAME-OPTIONS” errors.

A little research showed that x-frame-options are set at the server to prevent people from capturing your pages in their own evil iframes (e.g., inserting your blog posts into their spammy site), either by preventing anyone from doing so, or preventing anyone from inserting into a page that isn’t from the same site as the source page.

I couldn’t figure out how to unset those options. But Chason C., at MediaTemple.net — my hosting company — got back to me within 24 hours with the answer. It turns out that MediaTemple isn’t setting that option; WordPress is. The solution is explained in this blog post, which Chason found for me.

The irony is that the blogpost with the answer has actually captured and embedded the original blog post by Igor at KrazyWorks, which you can find here.

2 Comments »

This site is now officially under construction as I switch it from Movable Type to WordPress. So, pardon the glitches, and, no, I haven’t finished moving my blogroll over yet.

Why am I switching? It comes down to no good reason. I like MT as software and admire it as a company. But, I have it configured for maximum host churn. So, I could work on configuring it better or I could try something new. I’ve been using WP for my Everything Is Miscellaneous blog, and have been enjoying it. I’m also fairly comfortable with it now. So, I opted to try something new.

My only regret comes from mt sense of loyalty to MT. The company is a good contributor to the community and I recommend MT wholeheartedly. In fact, if bradsucks weren’t doing the WP install for me, I’d absolutely fail at it; WP is easy to get up in its default state, but much harder to configure and personalize than MT, at least in my experience.

So, now for the tweaks, the fixes, the general annoyance, and the post-installation regrets…

1 Comment »