Zotpress for Wordpress
Congratulations to kseaborn on releasing a new plugin to feed Zotero collections into WordPress!
Details at http://wordpress.org/extend/plugins/zotpress/
[And apologies for pre-empting any official announcement, but this just popped up on my radar.]
Details at http://wordpress.org/extend/plugins/zotpress/
[And apologies for pre-empting any official announcement, but this just popped up on my radar.]
To prevent hammering the API, the plugin should probably also cache the data for a short while even before making an If-Modified-Since request.
Next up: Caching and 304 checks. Really appreciate the feedback and ideas.
There are two Zotpress tags, for two different individual items.
I looked at the code for the first time, and I wonder if it wouldn't be better to initiate the Zotero API call from PHP, rather than in client-side JavsScript. This would improve performance and not leak API keys. The key leakage is a big deal, especially since this has the potential to allow selective library display without creating extra groups or making your main library public.
I'll see about making the switch to a purely PHP-based approach. (Caching is currently driven by PHP.) Entering into unfamiliar territory ... stay tuned.
I switched most of the request code to PHP and used a combination of cURL and PHP DOM XML. It's still jQuery on the front-end so that the rest of the page can load instead of waiting for the request to go through. Regardless, all private keys are now hidden and/or encrypted. I've also implemented a new way of caching: citation data is stored in a local table in the Wordpress database instead of in user-specific PHP sessions. The data is per-request, too, so Zotpress won't try to update every piece of data in the table at once—only the request needed. Also, Zotpress will send out a request to the Zotero server ONLY IF a request is made AND it's been 10 minutes since the last request. The 10 minutes is arbitrary. Also, this is temporary until the If-Modified-Since header is properly implemented on the Zotero server, and I can check for the 304 status. Finally, I fancied things up a bit ... you can poke around and see, it's a bunch of little aesthetic updates.
@ajlyon I also installed a local copy of Wordpress 3.1 and tested out a Zotpress after adding a one-liner check for jQuery. It's working on my end, but let me know if it's not for you.
I hope this solves the above issues in the best way currently possible. I'm certainly open to further suggestions.
Also, next on the to-do list is implementing OAuth. As I understand it, this would obviate the need for Zotero users to register private keys.
Warning: DOMDocument::loadXML() [domdocument.loadxml]: Empty string supplied as input in /[snip]/wp-content/plugins/zotpress/zotpress.default.php on line 169
And the citations show up as "null" on the blog post (see link above). The null issue was in 2.1 as well, perhaps the preferences error was as well.
One small note regarding the tooltip text: it states that user and group IDs "should be a series of five digits." In fact they currently range from one to six digits and will hit seven soon enough.
Many thanks for this cool plugin!
One thing I noticed while debugging this for him: is there a reason you're making multiple external requests back to the local web server? It's not much of a problem for small sites, but it's not a great practice unless you have a really compelling architectural reason to do so, since it adds extra load to the server and slows down the original request unnecessarily. It also litters the access logs with the Zotero API key, which is OK if the logs are under the control of the original user but bad otherwise. (Using POST would fix that, but it'd be better just to eliminate those subrequests, which shouldn't be necessary—you're already in PHP when you make those calls.)
I'm not certain what you mean by multiple requests. Zotpress should only send a request if a user makes one and it's been 10 minutes since the last request (from version 2.1 onward). It sounds like I've misunderstood something. Also: once I've implemented OAuth, will this issue still exist?
Off topic, but is there a way to continue to receive notifications from a forum? I've subscribed to "Forum", "Category" and "Discussion" for this post.
...zotpress.rss.php?account_type=users&api_user_id=3&public_key=*****&data_type=collections HTTP/1.1" 200 - "-" "Mozilla/5.0"
...zotpress.rss.php?account_type=users&api_user_id=3&public_key=*****&data_type=tags HTTP/1.1" 200 - "-" "Mozilla/4.0" There's no way to receive continuous notifications, but you can ensure you'll get notified of the next post by just clicking the link in the e-mail and then closing the browser window (as long as you're logged in). The notifications aren't meant to be a replacement for the thread itself.
Oh, and I'll be sure to update the notice and database given my new knowledge of the format of user IDs, too.
PHP already has the private key, because the user submitted and it's stored in the database. Anything the subrequest can do, the original request from the client can do itself. There's no reason your server-side code should be sending additional HTTP requests through the web server just to run code that you already have access to in the original request—that's what include files and function calls are for.
I didn't really mean for this to turn into a big discussion, since there's nothing at all specific to Zotpress here. Web app code just generally shouldn't make HTTP requests to itself.