2012.sandiego.wordcamp

2012 · SAN DIEGO · WORDCAMP@BRANDONDOVE OF @PIXEL_JAR #PREMIUMGPL

HOW TO SELL PREMIUM PLUGINS WHILE STILL SUPPORTING THE GPL


HTTP://BDOVE.ME/WCSD2012-SLIDES


‣ WORDPRESS PLUGIN & THEME DEVELOPER FOR PIXEL JAR‣ WORDCAMP ORANGE COUNTY ORGANIZER‣ LEAD DEVELOPER OF THE PREMIUM PLUGIN ADSANITY

INTRO


‣ ONE DEVELOPER'S SOLUTION TO THIS PROBLEM (MINE)‣ AUTHENTICATION AGAINST A “MOTHERSHIP” USING XML-RPC‣ REAL, ACTUAL CODE – YOU'VE BEEN WARNED

WHAT WE’RE GOING TO COVER


A PLUGIN THAT REQUIRES YOU TO PAY

FOR ACCESS TO CODE OR THE DEVELOPER

SO, WHAT IS A PREMIUM PLUGIN?


PREMIUM DOES NOT ALWAYS MEAN BETTER

JUST CAUSE YOU PAY FOR SOMETHING...


BUT WHAT ABOUT THE GPL?

DON’T ALL WORDPRESS PLUGINS HAVE TO BE

OPEN SOURCE?



INSERT PHILOSOPHICAL DEBATE HERE< >



YES**UNLESS YOU’RE A DIRTBAG



UNDER THE GPL, CODE CAN BE REDISTRIBUTED AND/OR MODIFIED BY

ANYONE. END OF STORY.


‣ DONATIONWARE‣ FREEMIUM‣ PAY ONCE FOR CODE‣ SUBSCRIBE TO UPDATES & SUPPORT‣ PROBABLY OTHERS...

MORE THAN ONE WAY TO SKIN A KITTEH

HTTP://WHYEVOLUTIONISTRUE.WORDPRESS.COM/2010/05/29/CATURDAY-FELIDS-COOL-CATS/SHAVED-CAT-2/




‣ ENCODING = BAD‣ YOU RESPECT THE GPL‣ SUPPORTING USERS IS A FULL TIME JOB‣ YOU NEED TO MAKE A LIVING

SOME ASSUMPTIONS ON MY PART


ENCODING MAKES IT HARD FOR USERS TO

CUSTOMIZE YOUR CODE

PREMIUM PLUGINS SHOULDN’T TAKE AWAY YOUR RIGHTS

YOU ARE USING ACTIONS & FILTERS, RIGHT?


STOPPING PIRACY IS HARD

JUST ASK LAMAR SMITHHTTP://WWW.MEMBERGUIDE.GPOACCESS.GOV/112/RP/SMITHLAMAR

SOPA & PIPA SUCK

HTTP://WWW.MEMBERGUIDE.GPOACCESS.GOV/112/RP/SMITHLAMAR

HTTP://WWW.MEMBERGUIDE.GPOACCESS.GOV/112/RP/SMITHLAMAR


WITH AUTHENTICATION, WE CAN:‣ CHARGE FOR SUPPORT & ACCESS TO UPDATES‣ CHARGE FOR ADD-ONS

AUTHENTICATION IS EASY


‣ USER DOWNLOADS THE PLUGIN FROM THE WORDPRESS REPO‣ USER INSTALLS/ACTIVATES THE PLUGIN‣ DEVELOPER RELEASES AN UPDATE‣ USER IS NOTIFIED OF THE UPDATE IN THE WORDPRESS DASHBOARD‣ USER UPDATES THE PLUGIN

STANDARD PLUGIN WORKFLOW


‣ CUSTOMER PURCHASES THE PLUGIN‣ CUSTOMER DOWNLOADS THE PLUGIN FROM DEVELOPER’S SITE‣ CUSTOMER INSTALLS/ACTIVATES THE PLUGIN‣ DEVELOPER RELEASES AN UPDATE‣ CUSTOMER IS NOTIFIED OF THE UPDATE IN THE WORDPRESS DASHBOARD‣ IF CUSTOMER IS AUTHENTICATED ‣ CUSTOMER IS ALLOWED TO UPDATE THE PLUGIN

THE WORKFLOW


IN PRACTICAL TERMS, HOW DO WE DO THAT?


STEP 1: MAKE A SWEET LOOKIN’ CHART

2A

2B

Plugin Authentication

email

password

Submit

Mothership

auth

Oh Noes!Success!

XMLRPC POST

API Key IXR_Error


COMMUNICATION CHANNEL TO A REMOTE

SERVER USING XML

XML-RPC


gist.github.com/f3e2a1cbd7a3a7c693f2

// check against remote server if( !class_exists( 'IXR_Client' ) ) require_once( ABSPATH.WPINC.'/class-IXR.php' ); $client = new IXR_Client( 'http://mothership.com/xmlrpc.php' );

$client_request_args = array( 'username' => $_POST['U'], 'password' => $_POST['P'], 'plugin' => 'plugin-slug.php', 'url' => site_url() ); if ( !$client->query( 'pue.is_user_authorized', $client_request_args ) ) : add_action( 'admin_notices', 'oh_noes' ); else :

// store the unique api key, and enable auto-updates

endif;

// handle the error function oh_noes() { global $client; echo '<div class="error"><p>' . esc_html( $client->message->faultString ) . '</p></div>'; }

STEP 2A: SUBMIT CREDENTIALS TO THE MOTHERSHIP

https://gist.github.com/f3e2a1cbd7a3a7c693f2

https://gist.github.com/f3e2a1cbd7a3a7c693f2

http://mothership.com/xmlrpc.php'

http://mothership.com/xmlrpc.php'


XML-RPC (PLUGIN)

if( !class_exists( 'IXR_Client' ) )

require_once( ABSPATH . WPINC . '/class-IXR.php' );

$client = new IXR_Client( 'http://mothership.com/xmlrpc.php' );


XML-RPC (PLUGIN)

$client_request_args = array(

'username' => $_POST['u'],

'password' => $_POST['p'],

'plugin' => 'plugin-slug.php',

'url' => site_url()

);


XML-RPC (PLUGIN)

$client->query(

'pue.is_user_authorized',

$client_request_args

);


github.com/brandondove/plugin-update-engine

/* * Adding XMLRPC methods for the client plugin to call /**/ add_filter( 'xmlrpc_methods', 'custom_xmlrpc_methods' ); function custom_xmlrpc_methods( $api_methods ) { $api_methods['pue.is_user_authorized'] = 'custom_auth'; return $api_methods; } function custom_auth( $args = array() ) { extract( $args ), EXTR_OVERWRITE ); if( !$username || !$password || !$plugin || !$url ) : return new IXR_Error( 401, "OH NOES! You're doin' it wrong!" ); endif; if( !user_pass_ok( $username, $password ) ) : return new IXR_Error( 401, 'Sorry, Username and/or Password is Incorrect' ); endif;

require_once( PUENGINE_CORE.'models/pue-authenticated-user.php' ); $user = new pue_authenticated_user( $username );

if( !$user->is_authorized( $plugin ) ) return new IXR_Error( 401, __( "You don't have an active license for this plugin." ) ); if( !$user->has_available_licenses( $plugin, $url ) ) return new IXR_Error( 401, __( 'NOT AUTHORIZED! You have used up all of your licenses.' ) ); return md5( $username.$password.$plugin.$url.PUENGINE_SALT ); }

STEP 2B: HAVE MOTHERSHIP VALIDATE CREDENTIALS


XML-RPC (MOTHERSHIP)

add_filter( 'xmlrpc_methods', 'custom_xmlrpc_methods' );

function custom_xmlrpc_methods( $api ) {

$api['pue.is_user_authorized'] = 'custom_auth';

return $api;

}



extract( $args ), EXTR_OVERWRITE );

// ensure the correct data was submitted

if( !$username || !$password || !$plugin || !$url ) :

return new IXR_Error( 401, "OH NOES! You're doin' it wrong!" );

endif;



// ensure the user/pass combo is real

if( !user_pass_ok( $username, $password ) ) :

return new IXR_Error( 401, 'Username/Password is Incorrect' );

endif;



require_once( PUENGINE_CORE.'models/pue-authenticated-user.php' );

$user = new pue_authenticated_user( $username );



if( !$user->is_authorized( $plugin ) )

return new IXR_Error( 401, __( "No license for this plugin." ) );



if( !$user->has_available_licenses( $plugin, $url ) )

return new IXR_Error( 401, __( 'No more your licenses.' ) );



return md5(

$username . $password .

$plugin . $url .

PUENGINE_SALT

);


THE PLUGIN IS AUTHENTICATED.


NEXT STEPS...

REPO HOSTING“PROFESSIONAL WORDPRESS PLUGIN DEVELOPMENT”

PAGES 263-269

WRITTEN BY THE AWESOMEBRAD WILLIAMS, OZH RICHARD & JUSTIN TADLOCK

HTTP://BDOVE.ME/PWPPD




[email protected]

TWITTER WEB

mailto:[email protected]

mailto:[email protected]

2012.sandiego.wordcamp

Technology

Transcript of 2012.sandiego.wordcamp