@eleith thanks! I also have a question, perhaps you or someone knows the answer so I'll just throw it in here rather than creating a new thread.
If I have a php page, which is outside of the vanilla2/garden framework. is there a way to check to see if the visitor is logged into the the website forum and if so display something like "hello username!"? I looked into single sign on integration, but I dont really have another application I'm trying to integrate with per se. Any feedback is much appreciated.
if your forum is on another domain than your php page and you don't have single sign on integration, then the answer is no. (or it might be possible but not without complex cross domain setups)
if your php page is just on another subdomain, then you can have the vanilla cookie set itself to the ".domain.com" (a dot before the domain, can be set in the config file) such that the cookie will be visible across all subdomains, and you can use the /api/session call while passing through the vanilla session cookie to /api/session for verification.
@eleith makes sense. It is on the same domain, so I'll get to work on this and try to figure it out. Thanks again for your help and the API, it has really gone a long way in helping me figure this out.
@eleith can you double check the comment/add, please. I keep getting "You do not have credentials to post as this user" even though everything being submitted for the logged in user is correct.
i know for sure discussion/add works, so can you try that? if you can get it working, then i'll be convinced your authentication through proxy works, and will fix comment/add asap.
if it doesn't work for you, then the transient key you are passing to the api is incorrect.
i kept it this way (it's like this for vanilla originally), because i just reused the validation models internal to vanilla and did not want to rewrite my own.
try again and let me know. i imagine for the comment/add, you'll need to replace Discussion with Comment (but again, i haven't verified)
if the page is on the exact same domain as your forums, then yes. however, if you are running the page on a subdomain, that will not work because ajax calls can not cross domains even if subdomain, http/https, or port numbers change.
what would, in your opinion, be the best course of action of passing the variables to the api/comment/add when the forums are in a subdomain? (comments being posted on www.domain.com/page.php while the api is at forums.domain.com/api/comment/add/)
submitting a form directly to api/comment/add does work and the comment is posted, but then the user is looking at the api output when instead they should be redirected back to the page with the comments. Not sure if there is a workaround for that.
this is the situation i have as well. i haven't analyzed what would be best, i just focused on getting something working.
i use only ajax calls. my ajax calls makes request to pages living on the same subdomain, and this controller proxies these request to the forums which live on another subdomain and then return the results through the ajax request.
this way, my users can interact with the forum, without ever leaving the service. (i use the forum in a get satisfaction type plugin i wrote for the service).
in the end, it's about what is best for your users. for mine, they are using a service, they don't want to be perusing a forum, just interact with it at times when they want to leave feedback about the service.
anyway the data can be passed to the api as a string? ex: Comment/DiscussionID=1&Comment/CategoryID=1&Comment/Name=Name&Comment/TransientKey=123456&Comment/Body=textgoeshere
or will that require rewriting the validation models?
since i'm using the vanilla's validation models, the answer is no. you could replace _POST with _GET, or add a check on _GET in their validation postback method, but i wouldn't recommend it.
in general, you want to use POST when it changes things on the server, and POST has no limits on message passing like GET does, which is needed for things like passing the body of a comment.
if you write a proxy, you could have your php proxy page do the post, but then only require a GET when using ajax to proxy your request.
Well thats the issue that I'm having with my proxy page, I can't seem to get it to do a post to the api, keeps returning "You do not have credentials to post as this user" for me. I guess I'll keep playing with it.
//url-ify the data for the POST foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } rtrim($fields_string,'&');
//open connection $ch = curl_init();
//set the url, number of POST vars, POST data curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_POST,1); curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
//execute post $result = curl_exec($ch);
//close connection curl_close($ch); ?>
Basically I've been trying to post the variables to the api through cURL
even though you have a transient key, you'll still need to make the post as the user (transient key is used only to protect cross site scripting attacks).
so you'll want to capture either your services user cookie/session, or the vanilla cookie session and then run:
//sets header of request to contain the cookies in $cookie_string curl_setopt($ch, CURLOPT_COOKIE, $cookie_string)
when executing this, the api should then be able to validate the user by the cookie, and then validate the use of the api by the transient key, and this should get you around the problems you ran into.
i actually like your idea of using vanilla as a repository of comments. how are you setting it up? one category for everything, and then one discussion per article in your system, and the threads are just comments in that discussion?
Comments
If I have a php page, which is outside of the vanilla2/garden framework. is there a way to check to see if the visitor is logged into the the website forum and if so display something like "hello username!"? I looked into single sign on integration, but I dont really have another application I'm trying to integrate with per se. Any feedback is much appreciated.
if your php page is just on another subdomain, then you can have the vanilla cookie set itself to the ".domain.com" (a dot before the domain, can be set in the config file) such that the cookie will be visible across all subdomains, and you can use the /api/session call while passing through the vanilla session cookie to /api/session for verification.
i know for sure discussion/add works, so can you try that? if you can get it working, then i'll be convinced your authentication through proxy works, and will fix comment/add asap.
if it doesn't work for you, then the transient key you are passing to the api is incorrect.
form action="domain.com/api/discussion/add" method="post">
input type="hidden" id="CategoryID" name="CategoryID" value="1" />
input type="hidden" id="Name" name="Name" value="<?php echo $name; ?>" />
input type="hidden" id="TransientKey" name="TransientKey" value="<?php echo $key; ?>" />
textarea id="Body" name="Body">
input name="" type="submit" />
/form>
both $name and $key come back as per the info in api/session. removed the opening < as it wouldnt let me post the code.
Discussion/CategoryID
Discussion/Body
Discussion/Name
Discussion/TransientKey
i kept it this way (it's like this for vanilla originally), because i just reused the validation models internal to vanilla and did not want to rewrite my own.
try again and let me know. i imagine for the comment/add, you'll need to replace Discussion with Comment (but again, i haven't verified)
submitting a form directly to api/comment/add does work and the comment is posted, but then the user is looking at the api output when instead they should be redirected back to the page with the comments. Not sure if there is a workaround for that.
i use only ajax calls. my ajax calls makes request to pages living on the same subdomain, and this controller proxies these request to the forums which live on another subdomain and then return the results through the ajax request.
this way, my users can interact with the forum, without ever leaving the service. (i use the forum in a get satisfaction type plugin i wrote for the service).
in the end, it's about what is best for your users. for mine, they are using a service, they don't want to be perusing a forum, just interact with it at times when they want to leave feedback about the service.
or will that require rewriting the validation models?
since i'm using the vanilla's validation models, the answer is no. you could replace _POST with _GET, or add a check on _GET in their validation postback method, but i wouldn't recommend it.
in general, you want to use POST when it changes things on the server, and POST has no limits on message passing like GET does, which is needed for things like passing the body of a comment.
if you write a proxy, you could have your php proxy page do the post, but then only require a GET when using ajax to proxy your request.
<?php
//extract data from the post
extract($_POST);
//set POST variables
$url = 'http://forums.domain.com/api/comment/add/';
$fields = array(
'Comment/DiscussionID'=>urlencode($discussionid),
'Comment/CategoryID'=>urlencode($categoryid),
'Comment/Name'=>urlencode($name),
'Comment/TransientKey'=>urlencode($key),
'Comment/Body'=>urlencode($body)
);
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
?>
Basically I've been trying to post the variables to the api through cURL
so you'll want to capture either your services user cookie/session, or the vanilla cookie session and then run:
//sets header of request to contain the cookies in $cookie_string
curl_setopt($ch, CURLOPT_COOKIE, $cookie_string)
when executing this, the api should then be able to validate the user by the cookie, and then validate the use of the api by the transient key, and this should get you around the problems you ran into.