WordPress CAS plugin adventures

I am building some SFU websites using WordPress and I need to set them up to use the SFU central authentication service (CAS). A quick search on Google found this plugin:
cas-authentication

I downloaded and installed it without trouble, but couldn’t seem to get it working. Likely it has something to do with the fact that it was written for WordPress 2.5.1, and I’m using the latest (2.6.1). The errors I was getting were unhelpful, basically just stating that the CAS authentication failed and that I was not logged in. I tried in vain to debug the script for an hour or so.

Then I came across a thread in a WordPress message forum indicating that I was not the only one having these problems. Through this thread, I was able to find another CAS plugin (written by Casey Bisson) that claimed to work with WordPress 2.6.1 – and the claims were true.

The plugin can be found at http://wordpress.org/extend/plugins/wpcas/

(Note to self: SFU uses CAS 1.0; not 2.0).

The only thing that this new plugin lacked was the ability to automatically create accounts when users log in. I made the following change to the wpcas.php file to add this behavior.


function authenticate() {
		global $wpcas_options, $cas_configured;

		if ( !$cas_configured )
			die( __( 'wpCAS plugin not configured', 'wpcas' ));

		if( phpCAS::isAuthenticated() ){
			// CAS was successful
			if ( $user = get_userdatabylogin( phpCAS::getUser())){ // user already exists
				// the CAS user has a WP account
				wp_set_auth_cookie( $user->ID );
				if( isset( $_REQUEST['redirect_to'] ))
					wp_redirect( function_exists( 'site_url' )  ? site_url( $_REQUEST['redirect_to'] ) : $_REQUEST['redirect_to'] );
				wp_redirect( function_exists( 'site_url' )  ? site_url( '/wp-admin/' ) : '/wp-admin/' );
			}else{
				// the CAS user _does_not_have_ a WP account

/**  BEGIN CHANGES TO ADD AUTO ACCOUNT CREATION **/
				if (function_exists( 'wpcas_nowpuser' ))
					wpcas_nowpuser( phpCAS::getUser() );
				else
					{
					// auto-registration is enabled
					require(dirname(__FILE__).'/../../../wp-includes/registration.php');
				  // User is not in the WordPress database
				  // they passed CAS and so are authorized
				  // add them to the database
				  $username = phpCAS::getUser();
     			  $password = md5('testing');
				  $user_email = '';
				  if ($cas_authentication_opt['email_suffix'] != '')
					$user_email = $username . '@sfu.ca';
				  
				  $user_info = array();
				  $user_info['user_login'] = $username;
				  $user_info['user_pass'] = $password;
				  $user_info['user_email'] = $user_email;
				  $res = wp_insert_user($user_info);
				  
				  $user = get_userdatabylogin( phpCAS::getUser());
				  
				  wp_set_auth_cookie( $user->ID );
				  if( isset( $_REQUEST['redirect_to'] ))
				  	wp_redirect( function_exists( 'site_url' )  ? site_url( $_REQUEST['redirect_to'] ) : $_REQUEST['redirect_to'] );
				  wp_redirect( function_exists( 'site_url' )  ? site_url( '/wp-admin/' ) : '/wp-admin/' );
				}			//	die( __( 'you do not have permission here', 'wpcas' ));
			}
/** END CHANGES TO ADD AUTO ACCOUNT CREATION **/		
			
		}else{
			// hey, authenticate
			phpCAS::forceAuthentication();
			die();
		}
	}

Now it works like a charm.

Feed2JS: Incorporate News feeds into static HTML webpages

My Recent goal. Minimize the amount of infrastructure in building a small website (i.e only use static HTML pages), and still incorporate dynamic content such as news and events in the web page.

Feed2JS is an invaluable tool for achieving this (at least the news and events part). You can embed an RSS feed into your web page with a tiny bit of HTML code (a script tag). Likely this RSS feed would go to a blog of sorts (easy to set up on any service).

You now have a web page with updated news and events, but doesn’t require any infrastructure (e.g. database or scripts).

IE Annoyances

There are hundreds of reasons not to use IE (Internet Explorer), but the common folk still seem to use it en masse, so I am forced to deal with its bugs when developing web pages.

A couple that I ran into today in IE 6:

1. No support for onload handler on script tag (makes dynamically loading scripts a pain).
2. No support for transparency or opacity in PNG files. I have a beautiful logo that looks great in all browsers except IE. IE just shows a gray background where it is supposed to be clear.

Haven’t gotten my hands directly on an IE 7 machine to test out, but by all indications, these problems still exist in IE7.

If you are still using IE, I beg you to switch to something else – anything else (e.g. Firefox, Safari (yes it is available for windows now), Opera, Google Chrome (Google’s new shiny browser). Just stop using IE and make the world a better place.

When the statistics show that less than 2% of the users are using IE, I can stop wasting my time on workarounds for it and focus on developing.

P3P: The answer to IE7 Iframe cookies problem

Problem:

I have a website where users log in at http://example.com.
I have an iframe that embeds pages from example.com on http://mysite.com.
IE7 Won’t retain the cookie (i.e. it keeps asking me to log in in the iframe)!

Workarounds:

1. Have your IE7 users set Internet Options >> Privacy >> Advanced >> Check “Override Automatic Cookie Handling” and “Always allow session cookies”

This is not so good because it is inconvenient most times to have all of your users make this change.

2. Use a P3P header. IE7 will allow the cookies as long as your site appears to have a privacy policy (using the W3C standard). Send this header just after session_start(); in PHP:


session_start();	// start the session
header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"'); 

For more on P3P see:

http://www.sitepoint.com/article/p3p-cookies-ie6/2/

For more on the IE7 Bug (or rather annoyance!!) see:

http://aspnetresources.com/blog/frames_webforms_and_rejected_cookies.aspx