.htaccess rewrite with WordPress plugin

Question

I am working on building a WordPress plugin for a custom WordPress multisite network and have a few files that use URL variables to load information from a second database (not the WordPress database).

In the version built outside of WordPress by navigating to http://website.com/NAME-HERE it would check to see if it is a username in my database, if not check to see if its a group in my database and load the file that corresponds to if its a username or group.

Now I'm totally lost about implementing this into WordPress Multisite. As far as I know plugins can't make .htaccess rewrites? How do I make it work on all the network sites?

If not whats the best way to accomplish this?

Do I need to place my pretty.php & .htaccess rewrites into my root directory and point the pages to the files located in the plugin? If so how does this work with multiple themes?

My only other thought as of yet is maybe this can be accomplished with something like RewriteMap.

At this point I figured my best bet was to reach out to the StackOverflow community for assistance or direction.

.htaccess

RewriteEngine On  
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]  
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]  

RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f

RewriteRule ^(\w.+)$ ./pretty.php?pretty=$1 [QSA]

ErrorDocument 404 /404.php

pretty.php

// First check if passed pretty parameter is a username.
if(checkIfUserByUsername($_GET['pretty']))
{
    $_GET['username'] = $_GET['pretty'];

    include("USERNAME.php");

// If not a username, check to see if it's an event.
}else if(checkIfStreamByPretty($_GET['pretty'])){
    $_GET['id'] = getStreamIdFromPretty($_GET['pretty']);

    include("GROUP.php");
}else{
    // If it's none, redirect to the 404 page.

    include("404.php");
}

I want to provide more context of what I am looking to accomplish, I am creating Page Template files one of which is for profiles and one of which is for groups as you've seen above my .htaccess and pretty.php I am then at the top of the page template file then using

$user_id = getIdFromUsername($_GET['username']);
$_GET['user_id'] = $user_id;

I'm really struggling with figuring out how to go about this in a way that allows it to work with multiple themes. Just looking for any sort of solution at this point.

Answer 1

There are a handful of ways you could approach this, if I am understanding what you want to achieve. You likely don't need to use any rewrites.

The easiest solution would be to add your "pretty.php" code to your header.php file in your Wordpress template. This will load on every request to the front end of the website. If you need it to load the code only on a specific page, simply check for what page you are on using is_page.

for example, in your header.php:

if(is_page("groups")){
  if(checkIfUserByUsername($_GET['pretty']))
  {
    // the rest of your code
  }
}

If you want to write a Wordpress plugin, you just need to use "add_action" in your plugin:

add_action('wp_head', 'function_containing_your_code');

Again, this will load on every page so simply check that your are on the page you want to load your code on.

https://codex.wordpress.org/Plugin_API/Action_Reference/wp_head https://developer.wordpress.org/reference/functions/is_page/

Also, you can edit your .htaccess file just like you can edit any file that your user has permission to edit. Assuming you are running an apache server, your .htaccess file needs to have permissions that allow the file to be edited and you can edit the file with PHP. for example:

$file = fopen("/path/to/.htaccess", "a+");
fwrite($f, "RewriteRule ^(\w.+)$ ./pretty.php?pretty=$1 [QSA]");
fclose($f);

Many people would say that it is a security risk to have PHP writing to your .htaccess file. I would say that in some circumstances that is true, but certainly not always. Make you understand permissions before allowing PHP to write to your .htaccess file.

Answer 2

In addition to John Gile's answer please sanitize the Get parameters. You can read about some sanitizing option's here

In your questions context something like $username = sanitize_text_field( $_GET['pretty'] ); Should be sufficient. But please take a deeper look at what needs sanitizing.

Regarding your original Question the first approach John suggested seems to be the better one.

Consider the moment two separate request are requesting the same url with the same username. Since File Reading/Writing is a blocking Stream one of the requests have to wait for the stream to close and the website won't render until this happens.

If you bypass this with an additional stream or whatever your risking to end up with duplicate entries or worse a corrupted file which could lead to Server Errors.

Edit

I'am not quite sure what you are trying to achieve with including include('USERNAME.php') are you creating a dedicated php file for every user that signs up for your "multi-site network"? If that is the case I think you made wrong decisions when planing this.

Usually when you want to share, control or alter behavior depending on external resources you'd fetch data in the JSON data format.

Now if I were in your shoes I'd create a REST web service that returns the JSON depending on the username get parameter and control the output depending on the data coming in.

Creating a api is rather complex and depending on your needs you'd go with whatever tool fits these best. I personally enjoyed working with apigility for rather complex things and lumen for small things. You can also create this yourself if you choose, too.

After creating the api you then could easily get the JSON with file_get_contents() described here or use whatever rest tool you can find for php.