I’ve recently used wordpress to make some simple web sites. WordPress is a very fast solution when creating a blog or a site of which the requirements are just a subset of the wordpress features.
What we can do with wordpress: fixed pages, site news (that are blog posts), simple search, multi-level page and news content management, WYSIWYG editor, changeable themes, lots of free themes already available, url rewriting etc…).
Sometimes we need to extra customize the frontend aspect of the site/blog, and we have to modify the standard behaviour of wordpress. It needs to know a little how its atchitecture, how it works and some of its functions.
Since the first wordpress was released on 2003, its architecture is still using a non OOP style and it has nothing to do with a modern framework, nor a MVC application. Lots of informations are kept in global variables and there are thousand of functions.
Folllowing, some my notes about its architeecture, in order to speed up any type of structural change or extra customization.
It’s a good practice not to keep the clear values of the passwords in the db, but to store only their hash values.
You can do login operations comparing the hash value of the inserted password with the stored hash value.
How to do it with Symfony 1.2, propel ORM, MD5 hashing:
- db schema: Use a VARCHAR, length must be at least 32
– require a minimum length (ex: 3 chars) or (better) regexp validation
– use a widget Schema password
$this->widgetSchema[‘password’] = new sfWidgetFormInputPassword (array(
‘always_render_empty’ => false, //IMPORTANT !!
- model: modify the method setPassword($v) assigning the md5 value:
public function setPassword($v)
//set md5 password if there is a new inserted password
if (strlen($v)!=32) //if is not a md5 value, convert into it (*)
$v = md5($v);
return parent::setPassword($v); }
- To check the login data, use the md5 value in the post action :
From now, only the hash value of the passwords will be stored.
The CRUD operations will work.
(*) Note: it won’t work if the clear password is 32 chars length.