Skip to content

Month: January 2013

Changing Your WordPress Theme Using XML-RPC, Part II

Published by Stefan on January 27, 2013

Last week I talked about how to enable getting theme names within WordPress using XML-RPC. So now our imaginary mobile app can retrieve a list of theme names from WordPress, but we want to switch the theme once a name is selected. We’ll have to create another function and assign it to method to be called.

WordPress has another function called switch_theme, so this time around we will be making this available. Here is our plugin with the additional code:

<?php
/*
Plugin Name: XML-RPC Theme Changer
Plugin URI: https://github.com/dailyinvention/xml-rpc-theme-changer
Description: Allows the ability to get and switch themes using XML-RPC.
Author: Stefan Holodnick
Author URI: http://blog.dailyinvention.com
Version: 1.0
*/
  
function theme_get_themes($params) {
  global $wp_xmlrpc_server;
  $wp_xmlrpc_server->escape( $params );
  
  $username = $params[0];
  $password = $params[1];
  
  if ( ! $user = $wp_xmlrpc_server->login( $username, $password ) ) {
    return $wp_xmlrpc_server->error;
  }
  else {
    return wp_get_themes(false, true);
  }
  
}
  
function theme_switch_themes($params) {
  global $wp_xmlrpc_server;
  $wp_xmlrpc_server->escape( $params );
  
  $username = $params[0];
  $password = $params[1];
  $theme = $params[2];
  
  if ( ! $user = $wp_xmlrpc_server->login( $username, $password ) ) {
    return $wp_xmlrpc_server->error;
  }
  else {
    switch_theme( $theme );
  }
}
  
function theme_methods($methods) {
  $methods['themes.getThemes'] = 'theme_get_themes';
  $methods['themes.switchThemes'] = 'theme_switch_themes';
  return $methods;
}
  
add_filter('xmlrpc_methods', 'theme_methods');
  
?>

As you can see the theme_switch_themes function that I added is very similar to the theme_get_themes function. It grabs a username and password sent by a client, sanitizes those values, and verifies the user with WordPress. If the username and password do not match up, then it returns an error, otherwise it runs the switch_themes function. You may also see an extra parameter called theme. This is the theme name that a user will send to WordPress through their mobile app. The switch_theme function then switches the theme to the name provided.

You’ll notice that I then include my function within the list of methods, giving it the name “themes.switchThemes”. Again this is the method that your client application will call to trigger a theme switch.

Now we have a plugin that allows a remote application to get and switch themes within WordPress. I’ve included the complete plugin at my Github account, if you would like to try it out. Maybe you may have a different idea for using WordPress’s XML-RPC commands. You can take this example and are free to do what you want with it. Some of the authentication code I used was directly from WordPress’s XML-RPC documentation.

Also, a word on security. Having an SSL certificate for your WordPress installation is preferred when doing XML-RPC calls. Although it is about as risky as logging in to a non-SSL encrypted WordPress site, you are still subject to man-in-the-middle attacks.

The next part of this tutorial, I will be talking about creating a mobile app that interacts with WordPress and uses the methods we have created to make the magic happen.

Leave a Comment

Changing Your WordPress Theme Using XML-RPC, Part I

Published by Stefan on January 16, 2013

I’ve had a project in mind for a little while that involves changing WordPress Themes using a mobile device. When Christmas comes, wouldn’t it be nice to switch your site over to a Christmassy theme with the push of a button? Or maybe use it to give your client the ability to quickly change themes when they want to. The nice thing about WordPress is that something like this is possible! And it can all be accomplished using XML-RPC calls.

XML-RPC (Remote Procedure Call) is a protocol used to communicate with web services, which is sent and received in XML form. You may have come into contact with desktop or mobile applications like Windows Live Writer that allow you to update WordPress. These applications use XML-RPC to add, edit and delete blog posts. In fact, WordPress has a number of methods you can access right out of the box. When I looked at the API, I was disappointed to not see any of the theme get and set functions available to execute remote procedures on. Looking a little deeper, I discovered that you can make the WordPress’s theme functions available.

I’m extending WordPress’s XML-RPC functions to include themes using a plugin, which if you’re not used to building plugins could sound daunting, but it really isn’t. I’m starting this out by extending WordPress’s wp_get_themes function to a method, so I can retrieve the list of themes in WordPress using my phone.

You always start each plugin with a header so it can be identified and displayed within WordPress:

<?php
/*
Plugin Name: XML-RPC Theme Changer
Plugin URI: https://github.com/dailyinvention/xml-rpc-theme-changer
Description: Allows the ability to get and switch themes using XML-RPC.
Author: Stefan Holodnick
Author URI: http://blog.dailyinvention.com
Version: 1.0
*/
?>

Now I’m going to add a function that runs the wp_get_themes function:

<?php
/*
Plugin Name: XML-RPC Theme Changer
Plugin URI: https://github.com/dailyinvention/xml-rpc-theme-changer
Description: Allows the ability to get and switch themes using XML-RPC.
Author: Stefan Holodnick
Author URI: http://blog.dailyinvention.com
Version: 1.0
*/
  
function theme_get_themes($params) {
  global $wp_xmlrpc_server;
  $wp_xmlrpc_server->escape( $params );
  
  $username = $params[0];
  $password = $params[1];
  
  if ( ! $user = $wp_xmlrpc_server->login( $username, $password ) ) {
    return $wp_xmlrpc_server->error;
  }
  else {
    return wp_get_themes(false, true);
  }
}
?>

WordPress has a built-in class for handling XML-RPC security called $wp_xmlrpc_server. It is being made accessible in the function by assigning it as global. Below that the $parameters value being sent to WordPress is sanitized using the escape method. We are sending an array of values to WordPress that include a username and password. If WordPress does not find the username and password to be true, it returns an error. Otherwise it executes wp_get_themes. You’ll see that I have defined “false” and “true” as arguments in the wp_get_themes function. With these values it will return an array of theme names from WordPress that don’t have errors and are allowed to be used.

Now we assign that function to a method that we can call:

<?php
/*
Plugin Name: XML-RPC Theme Changer
Plugin URI: https://github.com/dailyinvention/xml-rpc-theme-changer
Description: Allows the ability to get and switch themes using XML-RPC.
Author: Stefan Holodnick
Author URI: http://blog.dailyinvention.com
Version: 1.0
*/
  
function theme_get_themes($params) {
  global $wp_xmlrpc_server;
  $wp_xmlrpc_server->escape( $params );
  
  $username = $params[0];
  $password = $params[1];
  
  if ( ! $user = $wp_xmlrpc_server->login( $username, $password ) ) {
    return $wp_xmlrpc_server->error;
  }
  else {
    return wp_get_themes(false, true);
  }
}
  
function theme_methods($methods) {
  $methods['themes.getThemes'] = 'theme_get_themes';
  return $methods;
}
?>

You’ll see “themes.getThemes”. This is the method name that you reference when you do a remote call. And now the finishing touches:

<?php
/*
Plugin Name: XML-RPC Theme Changer
Plugin URI: https://github.com/dailyinvention/xml-rpc-theme-changer
Description: Allows the ability to get and switch themes using XML-RPC.
Author: Stefan Holodnick
Author URI: http://blog.dailyinvention.com
Version: 1.0
*/
  
function theme_get_themes($params) {
  global $wp_xmlrpc_server;
  $wp_xmlrpc_server->escape( $params );
  
  $username = $params[0];
  $password = $params[1];
  
  if ( ! $user = $wp_xmlrpc_server->login( $username, $password ) ) {
    return $wp_xmlrpc_server->error;
  }
  else {
    return wp_get_themes(false, true);
  }
}
  
function theme_methods($methods) {
  $methods['themes.getThemes'] = 'theme_get_themes';
  return $methods;
}
  
add_filter('xmlrpc_methods', 'theme_methods');
?>

Now that we have a method, we need to include it within WordPress’s XML-RPC methods. This “add_filter” function does just that.

Not too bad, was it? Now that WordPress is set up to retrieve the theme names, we probably want our mobile app or web client to be able to switch the current theme when it is selected. The next part of this tutorial I’ll cover the process of enabling WordPress to switch themes over XML-RPC.

Leave a Comment