Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla ProxyConnect

1356

Comments

  • @Mark - My setup has no strange domains or subdomains. I am using the Vanilla 2 from the master Github branch. My blog is in the root / folder, and the Vanilla forum is at /vanilla/. I've also tried deleting cookies for the domain and trying again, nothing works so far.
  • I'm trying to integrate Vanilla 2 with a Kohana application that already works via the Auth module. Note, the Kohana Auth module ecrypts all data in its cookies.

    Is Garden actually looking for a specific session cookie name or for certain values in the session? If so, how does it know the name of the session cookie? Also, is there a simple way to test the information Garden is receiving the Authenticate Url? My Authenticate Url page is returning a page in text/plain.
  • I am going to try to integrate Vanilla with my home-made site, but, being a newby, I am confused by the instructions. This is my first confusion:

    "You'll need to create a "user information" page in your application. This is a simple page that writes information about the currently authenticated user to the screen. The information should be in the following format:..."

    Some of my questions: Is this its own html page or do I just stick the user information on any ol' file that the user calls? What name should it have so that it is user-specific? Is it sitting on the server or is it called by the user? How does this file relate to the instructions on cookies?

    And I guess the most basic, is Vanilla does integrate to apps other than Wordpress, right? Sorry for the dumb questions.

    Mike
  • MarkMark Vanilla Staff
    @mike901 - it should be a php page that looks at your application's session information to see who the user viewing the page is. It takes that information and spits it out in the format explained in the documentation. No html, no xml, just that information formatted as you see in the documentation.

    Vanilla will look at that information and then manage it's own session information based on that. Yes, this method can work with any application - not just wordpress.
  • Sorry, but that didn't help. Here's how I understand it. Please correct.

    1. User logs into my application, entering username, password, hits submit.
    2. I authenticate the user, and I create cookies as I normally do, making sure that I define them so that Vanilla can see them.
    3. User navigates to a Vanilla page.
    4. Upon this action, Vanilla looks for the existence of a cookie created by my application. (Since I create 3, how does it know which one?)
    5. If it sees the cookie, then it calls the "authenticate URL" page which is a php page that looks like this:




    UniqueID=1
    Name=Mark
    Email=mark@emailaddress.com
    TransientKey=02742kjd2820
    DateOfBirth=1975-09-16
    Gender=Male



    (Since it's a php page, I assume you need the tags, etc, even though you said there is no html.) But how does the php page know which user to display, since the request from Vanilla isn't passing any parameters? And what happens when several users are overwriting the same url page? How is this page unique for each user?

    6. If Vanilla gets the authenticate url page with something in it, then it creates it's own cookies and all is good.

    I know this is all wrong, but, as I said at the beginning, I am totally confused.

    btw, when it it planned for 2.0 to be released?
  • Sorry, but that didn't help. Here's how I understand it. Please correct.

    1. User logs into my application, entering username, password, hits submit.
    2. I authenticate the user, and I create cookies as I normally do, making sure that I define them so that Vanilla can see them.
    3. User navigates to a Vanilla page.
    4. Upon this action, Vanilla looks for the existence of a cookie created by my application. (Since I create 3, how does it know which one?)
    5. If it sees the cookie, then it calls the "authenticate URL" page which is a php page that looks like this:


    UniqueID=1
    Name=Mark
    Email=mark@emailaddress.com
    TransientKey=02742kjd2820
    DateOfBirth=1975-09-16
    Gender=Male

    (Since it's a php page, I assume you need the tags, etc, even though you said there is no html.) But how does the php page know which user to display, since the request from Vanilla isn't passing any parameters? And what happens when several users are overwriting the same url page? How is this page unique for each user?

    6. If Vanilla gets the authenticate url page with something in it, then it creates it's own cookies and all is good.

    I know this is all wrong, but, as I said at the beginning, I am totally confused.

    btw, when it it planned for 2.0 to be released?
  • MarkMark Vanilla Staff
    Here is how it works:

    1. User logs into your application, your application does whatever magic it needs to do to manage sessions.

    2. User navigates to a Vanilla page. Vanilla looks for a valid Vanilla session cookie.

    3a. If it does find a valid vanilla session, it carries on normally (do not go to step 4).

    3b. If it doesn't find a valid vanilla session, it looks to the "authentication url" for information about the user requesting the page. The authentication url is a page in your application that looks to your application's session and most likely your database to get information about who the user is. It takes that information and spits it out for Vanilla. There are no special tags (html or php) of any kind. Just the information as explained in the example (Go to step 4).

    4. It takes the information from the authentication url, and looks for matching information in Vanilla. If it finds a matching user (related by the unique id that your page specifies), it creates a vanilla session for the user. If it doesn't find a matching user, it inserts a new user record based on that page's information, and creates a vanilla session for them.

    We aren't setting a date for the release of v2.
  • Hi Mark, I found some error:

    1. Can't chage password
    When I login with wordpress account, it's works great, but I can't change my password at the garden/vanilla profile page, it says "Your old password was incorrect.".

    so I try to use ' ***** ' as the old password (I found at the database) ,it works but it doesn't effect on the wordpress account, so it means useless.

    2. No roles Integration
    I login garden using my wordpress admin account, but it seems I'm not an administrator of garden/vanilla. And the worst thing is, because I can't using the vanilla login box, so I can not login the garden application as an administrator anymore.

    3. Login window won't disappear
    I have to close by click and refresh before I can login to the garden.

    I'm using MAC+PHP5+Chrome, wish the report can help you improve this plugin.
  • Ive been looking for a forum-like community discussion that integrates nicely with wordpress. I'm soo glad to see this plugin, It sure pwns other options like WP Forum...etc
  • Oh, cool. That's a pretty sweet 'Addon'.
  • Finally got this add-on working on localhost. Unfortunately, the vanilla-overlay is completely messed up as it seems to display my entire wordpress login-page. Any ideas how to solve this?
  • MarkMark Vanilla Staff
    I've just uploaded a new version of the addon, and today released a bunch of handshake improvements to the source code. If you get the latest version of the codebase, and this latest version of the addon, things will function much smoother, including the abiilty to link pre-existing forum accounts to accounts in the new system.

    In order for the addon to function properly, disable it, re-enable it, and then go to the settings screen and uncheck the "use single sign-on" box, save the form, and then re-check it, and save the form again.
  • Great work. Works like a charm so far. Once the accounts are linked, you can even change the password without screwing it all up.
  • Hi, I just installed both the latest version of Vanilla 2 and the SSO plugin, but once I activated SSO, I get the bonk message. Also, the field for Cookie Domain is empty.

    Here's the exact error message:

    Undefined index: host
    The error occurred on or near: /Applications/MAMP/htdocs/forums/library/core/class.handshakeauthenticator.php
    88: if(is_array($this->_HandshakeData))
    89: return $this->_HandshakeData;
    90:
    91: $UrlParts = parse_url($this->AuthenticateUrl);
    92: $Host = $UrlParts['host'];
    93: $Port = ArrayValue('port', $UrlParts, '80');
    94: $Path = $UrlParts['path'];
    95: $Referer = Gdn_Url::WebRoot(TRUE);
    96: $Query = ArrayValue('query', $UrlParts, '');
    Backtrace:
    [/Applications/MAMP/htdocs/forums/library/core/functions.error.php:132] PHP::include();
    [/Applications/MAMP/htdocs/forums/library/core/class.handshakeauthenticator.php:92] PHP::ErrorHandler();
    [/Applications/MAMP/htdocs/forums/library/core/class.handshakeauthenticator.php:172] Gdn_HandshakeAuthenticator->GetHandshakeData();
    [/Applications/MAMP/htdocs/forums/library/core/class.session.php:225] Gdn_HandshakeAuthenticator->GetIdentity();
    [/Applications/MAMP/htdocs/forums/index.php:30] Gdn_Session->Start();
    Variables in local scope:
    [UrlParts] array (
    'path' => '',
    )
    Need Help?
    If you are a user of this website, you can report this message to a website administrator.
    If you are an administrator of this website, you can get help at the Vanilla Community Forums.
    Additional information for support personnel:
    Application: Garden
    Application Version: 1.0
    PHP Version: 5.2.5
    Operating System: Darwin
    User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; de-de) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
    Request Uri: /forums/
    Controller: PHP
    Method: ErrorHandler
  • I was able to fix this by reinstalling the whole thing. Works like a charm now!
  • Hi there, good implementation although it doesnt seem to work with my external application at the minute (a Zend Framework project). Ive pinpointed the problem at line 132 of class.handshakeauthenticator.php, at this point the plugin looks for the userdetails page I have created but returns a server 500 error when I go to print out the response, any ideas why this might be happening?
  • I tried the addon but it ties up my system, and never seems to timeout and apparently is not able to present the request to a matching cookie. I did get it working to some degree. Experimenting, and I see it's very nice. Thanks! I will try to get it working.
  • Nice, trying to get it to work for my custom 13-moon site...
  • MarkMark Vanilla Staff
    @tonykin139 - If it is tying up your system, that sounds like it is having trouble with the fsocket call. Do you have fsock set up? You may have to dive in and debug it a bit.

    We're also working on a non-fsock implementation that should make things easier.
  • Request and Issues:

    Any chance having the Single Sign-on backwards compatible to WP?
    Since I have an existing vanilla 2 forum full of users and just recently installed WP, I am having to add users into WP, then once user logs into WP it links the two. Would it be possible to grab user info from an user who has logged into vanilla and input that user into WP as a specific user?

    After logging out of WP and Vanilla. If I browse to vanilla and try to log in, it links to a WP login. When an existing vanilla user goes to log into vanilla and is redirected to the WP login without having had been added into WP as an user they get: "ERROR: Invalid username" Basically eliminating the chance for existing users to log in if they have not had a WP user account created.

    I also tried logging into vanilla via domain.com/vanilla2/index.php/entry/signin with an existing account that has NOT been added as an user in WP and it replies with: "Sorry, no account could be found related to the email and password you entered."
Sign In or Register to comment.