Hi! You beat me to it. Zotpress is still in its early stages, so I'm very open to comments, suggestions, feedback -- and bug reports. :)

Hmm, interesting. I'll see what I can do!

I should also mention that the plugin is very slick. I definitely did not expect such an elegant little tool!

My citations won't load: http://www.gimranov.com/avram/w/archives/60
There are two Zotpress tags, for two different individual items.

I looked at the code for the first time, and I wonder if it wouldn't be better to initiate the Zotero API call from PHP, rather than in client-side JavsScript. This would improve performance and not leak API keys. The key leakage is a big deal, especially since this has the potential to allow selective library display without creating extra groups or making your main library public.

@ ajlyon They're loading for me too.

I'll see about making the switch to a purely PHP-based approach. (Caching is currently driven by PHP.) Entering into unfamiliar territory ... stay tuned.

And apparently the problem I'm seeing is that jQuery isn't being included when I'm logged. It works for me too-- so long as I'm logged out. I'm using the WordPress 3.1 release candidate.

Alright! Zotpress 2.1 is released. Here's what's new:

I switched most of the request code to PHP and used a combination of cURL and PHP DOM XML. It's still jQuery on the front-end so that the rest of the page can load instead of waiting for the request to go through. Regardless, all private keys are now hidden and/or encrypted. I've also implemented a new way of caching: citation data is stored in a local table in the Wordpress database instead of in user-specific PHP sessions. The data is per-request, too, so Zotpress won't try to update every piece of data in the table at once—only the request needed. Also, Zotpress will send out a request to the Zotero server ONLY IF a request is made AND it's been 10 minutes since the last request. The 10 minutes is arbitrary. Also, this is temporary until the If-Modified-Since header is properly implemented on the Zotero server, and I can check for the 304 status. Finally, I fancied things up a bit ... you can poke around and see, it's a bunch of little aesthetic updates.

@ajlyon I also installed a local copy of Wordpress 3.1 and tested out a Zotpress after adding a one-liner check for jQuery. It's working on my end, but let me know if it's not for you.

I hope this solves the above issues in the best way currently possible. I'm certainly open to further suggestions.

Also, next on the to-do list is implementing OAuth. As I understand it, this would obviate the need for Zotero users to register private keys.

@simifilm I've released Zotpress 2.2, which should address this issue. Let me know if you're still coming across this error.

My turn to report an issue. Now in Zotpress 2.2, in the Citations tab of the Zotpress preferences, I get:Warning: DOMDocument::loadXML() [domdocument.loadxml]: Empty string supplied as input in /[snip]/wp-content/plugins/zotpress/zotpress.default.php on line 169
And the citations show up as "null" on the blog post (see link above). The null issue was in 2.1 as well, perhaps the preferences error was as well.

Sean has user ID 3.

You only receive notifications once after your last visit to the forums.

@ Dan Thanks for the information on the issue Sean was encountering—strange, because I'm using Wordpress's update mechanism for tables, which should have just added the missing cache table. (I'm certain I checked this on one of my other servers and had no issues.) Just to make sure we're on the same page: what version of Zotpress is Sean (and yourself, if different) running?

I'm not certain what you mean by multiple requests. Zotpress should only send a request if a user makes one and it's been 10 minutes since the last request (from version 2.1 onward). It sounds like I've misunderstood something. Also: once I've implemented OAuth, will this issue still exist?

Off topic, but is there a way to continue to receive notifications from a forum? I've subscribed to "Forum", "Category" and "Discussion" for this post.

Ah! I see. So, until I implement OAuth (or even in that case?) I should instead have Zotpress send a request with the user's private key to the server once, say when the user first adds their account (and key) to Zotpress, and after that point requests don't have to have the private key attached to them? (Now I understand what you mean by POST being the solution, since no data, e.g. in this case a URL, is recorded in, say, a log. I'm curious: are the logs not private?)

Oh, and I'll be sure to update the notice and database given my new knowledge of the format of user IDs, too.

And to answer your question, whether web server access logs are private depends entirely on the server configuration, but they could easily not be private. That's somewhat tangential to the main issue, though, which is that web app code shouldn't be making HTTP requests to itself.

PHP already has the private key, because the user submitted and it's stored in the database. Anything the subrequest can do, the original request from the client can do itself. There's no reason your server-side code should be sending additional HTTP requests through the web server just to run code that you already have access to in the original request—that's what include files and function calls are for.

I think that the design is to allow the citations to be loaded asynchronously and/or updated in real time (which mattered much more when the server was slower, and the citations were not cached). Since they're cached most of the time, it seems to me that cached citation content should be sent inline with the post, and provided asynchronously only if the citation was not cached already. Continuous updates also seem unnecessary, although they could be nice for -- say -- a group library that was frequently updated.