So, while I’ve been playing with this site over the last month, I’ve been telling myself that I’m just learning how to use WordPress so I can set up a blog for a friend.
Tonight I solved my last remaining technical problem (nerdy details below) and now I am forced to admit that I am enjoying this process enough that I want to become a blogger. God, how positively 2002.
This means, of course, that I am going to have to try to get more people than Alex and Will to read this. The trackback system has already pulled one person in, but I want a bit of community here, so I’ll need to reach out. I guess that means email to friend & family, and maybe I’ll try to pull in some Dance Card folks, and some of the New Medievalists.
* * *
As for that last technical problem, it has to do with notification emails. WordPress uses PHP’s built in mail() function to send notifications to the author of a post when a comment is left, and to the administrator when a comment needs to be approved (I don’t have approvals on for everything, but I do have some spam stuff setup that will stick certain posts into an approval queue if they are spamlike),
However, the mail() function simply doesn’t work with my ISP. Essentially the issue is one of auditing. In a setup where a PHP file is being handled by apache and mod_perl and that file calls mail, the only audit trail that is left is that apache sent a mail message–there is no way to see who was really responsible. With multiple people hosted on the same install of apache that means you can’t tell who is spamming (or leaving an open door for spam, or whatever), only that someone is.
So my ISP turned off mail() in a mod_php context. Mail() still works for CGI-invoked PHP however, since in that case there is a trail that shows which domain did the mailing.
So I had to figure a way to get WordPress to use a CGI invocation for scripts that needed to do mail.
The simple answer would be the stick something in my .htaccess to tell apache to do all .php files with the CGI invocation, but that would mean 1) editing all the files in WordPress to include the “bang” line at the beginning to invoke perl, and 2) chmod’ing all the files to 700–which means no editing of templated from within WP, etc.
I didn’t want to go that route, so instead I created a couple of PHP scripts for notifying an author and notifying an admin that were essentially the WP functions wrapped in a bit of code that pulled the parameters out of the post data, and I altered the PHP methods wp_notify_moderator and wp_notify_postauthor to just POST the params to my two new scripts.
This way everything in WP but those two methods are unaffected, and all callers of those methods see no difference. The methods, instead of building and sending mail, just POST the comment ID to the new scripts, which run as CGI, and they build and send the mail. Since the scripts are driven by comment ID, the new scripts can’t be used for spam, etc. (they don’t let you specify anything, the To: and Subject: headers and the message body are all based on the information stored in the DB for that comment ID) although I guess someone could keep invoking them in a denial-of-service attack and I’ll have to fix that later if it becomes a problem.
Anyway, the point is that notification emails are working now, and I have no more excuses not to make this a “real blog”, and no more excuses not to finish the project for my friend.
