I was hoping that I would be able to make this work with RC2, but there were unavoidable changes that I had to make to the core, which means that you'll need the latest GitHub code to make this work
@Tim - Thanks for your help. I got another error after trying that, so I'm installing the latest ProxyConnect with Vanilla 2 RC 3 now. If I get more errors, I will report them.
Hmmm, with RC3 I'm just getting an arseload of "Strict Standards" errors, and then a fatal error on attempting to enable any of the default plugins, in addition to ProxyConnect. Didn't have these errors the other day on the 2nd last nightly of RC2. :S
Well, the plugin does work in some way, however the integration is not that 'seamless'. A few things to consider: - I sometimes have to push the sign-in button (without having to enter the credentials) before vanilla seems to recognize the cookie information - upon login / logout, users are always redirected to their WP profile-page (WP 3.0) while they should be redirected to vanilla / discussions - WP nag-screen when logging out from vanilla's page ('You are about to log-out...') - newly registered members always have to manually sync their accounts, would be much nicer if accounts were in sync immediately after registration
However, for me... after I get the WP nag-screen when clicking on the logout link from vanilla, the user is properly logged out of WordPress (and remains on the wp-login.php page as you would expect) but they are still logged into Vanilla. In fact, it's impossible to log out of Vanilla this way.
and wordpress says, "are you sure you want to log out?" and then it confirms you are logged out, but it doesn't log you out of Vanilla. Any ideas??
I have the cookie domain set to ".mydomain.com" in three places: conf/config.php, wp-config.php and on the WordPress ProxyConnect plugin page. Isn't that how it should go?
@Ellie, To safely remove the plugin, try removing the two lines from config.php that mention the enabling of the ProxyConnect plugin (they are under EnabledPlugins, and Plugins).
Totally agree to what @marronlounge said before. Though there are bbpress, simplepress and some others that integrate quite well with WP, they do not compare to vanilla in terms of usability & simplicity.
Thanks for the comments so far. Next step for this (wordpress-wise) is to do some WP3 testing. Let me respond to a couple of points here.
- I sometimes have to push the sign-in button (without having to enter the credentials) before vanilla seems to recognize the cookie information
This is by design. If you visit your vanilla forum while not logged into WordPress, the forum sets a cookie on your browser that tells it not to do the behind-the-scenes request to wordpress on every page hit. This prevents the forum from hammering your wordpress site with a request for every hit on your forum by a not-logged-in user. The downside of this protection is that if you visit your forum while logged out, and then subsequently log in, it wont know to do a check, and you'll remain logged out of vanilla. In order to permit logins while this cookie is set, I made the 'Sign in' action cause one last check before sending you to the WP login page. That's why you sometimes have to click the button to get logged in.
- upon login / logout, users are always redirected to their WP profile-page (WP 3.0) while they should be redirected to vanilla / discussions
This plugin effectively converts your wordpress site into an authentication server for vanilla. As such, all logout events must be handled by wordpress, not vanilla. Currently the plugin does not modify the way WP handles logouts, but in the future I suppose it wouldn't be impossible to have WP redirect the user back to vanilla after logging out.
- WP nag-screen when logging out from vanilla's page ('You are about to log-out...')
I'll look into this. It seems like a problem with wp_nonce.
- newly registered members always have to manually sync their accounts, would be much nicer if accounts were in sync immediately after registration
I hadn't thought about new users, but I suppose it would be possible to auto link them. I'll check into that.
I hadn't thought about new users, but I suppose it would be possible to auto link them. I'll check into that.
Autolinking would be great. I'm in the process of creating a brand new site from scratch and I'd really love to use Vanilla for this project. For this new site, there won't be any existing Vanilla users since the forum is brand new. Not only is checking the username unnecessary in that situation, but it's also really confusing for a brand new user....
...Imagine you just registered and logged into a site for the first time and then you head on over to the site's forum only to be immediately asked if you want to "Create a New Account?" or "Use an existing account" for the forum. To be honest, neither of those two choices would make any sense to that new user. Many users would be confused and simply leave. Autolinking is essential for that situation.
Slashes in cookies were replaced with "%2F". This made the application I'm working on using the "Yesod" framework (yesodweb.com) not accept the cookie. I worked around it by changing ProxyConnect from functions.general.php to use fsockopen rather than curl and adding "$Cookie = str_replace("%2F", "/", $Cookie);" to counter this replacement.
Also, I tested using MAMP (a mac apache+mysql+php distro) which defaults to serve at localhost:8888. Vanilla sends in header "Host: localhost" instead of "Host: localhost:8888" which for example Chrome sends. This also makes Yesod reject the cookie. So I added this right before building the header: if($Port != '80') $Host .= ':'.$Port;
The latest version (as of July 12th) doesn't work at all for me. When the plugin is enabled, sign-in and sign out buttons properly redirect to corresponding WP-pages, however, vanilla never seems to ask to sync the accounts. As a result, I'm unable to sign in and cannot reach my vanilla-dashboard. My test-setup is a local XAMPP, WP3.0 and the very latest vanilla-RC.
To be more precise, this is what is happening: go to my forum -> sign-in -> Properly signed into my WP-account / redirected to WP-dashboard -> go back to my forum -> neither signed in nor any message to sync accounts -> push sign in again -> once again, redirected to WP-dashboard I tried with two accounts, my wp-admin (same settings as the initial vanilla-admin) and a regular WP-subscriber (no corresponding vanilla account), both to no avail.
I experimented problem with logout action that doesn't work.
I created my own sso-signout.php file in the root vanilla installation folder. This script just logout from vanilla by removing the cookie like that: setcookie('Vanilla', ' ', time() - 3600);
Firebug told me that the cookie was still there after loading this script in my browser, strange...
So I had a look to my apache log and I saw that favicon.ico was loaded by my browser each time I reload the file. This is a browser common behavior. The problem is that the vanilla rewrite rules are activated by favicon.ico because this file just doesn't exists in the vanilla root dir. More precisely, this rule is executed: RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
The consequence is that the favicon.ico is loading index.php the same time sso-signout.php is loading. The result is that the authenticated cookie that I'm trying to destroy with sso-signout.php is just set again when the HTTP request come back from favicon.ico loading.
The solution to fix this annoying problem is to create a favicon.ico file in the root dir of the vanilla installation. A simple touch favicon.ico is enough.
Maybe a good fix is to embed a favicon.ico in the official vanilla source code ?
Comments
Vanilla Forums COO [GitHub, Twitter, About.me]
Thanks for the reply.
I think i will try it!
Cheers
Nice!
- I sometimes have to push the sign-in button (without having to enter the credentials) before vanilla seems to recognize the cookie information
- upon login / logout, users are always redirected to their WP profile-page (WP 3.0) while they should be redirected to vanilla / discussions
- WP nag-screen when logging out from vanilla's page ('You are about to log-out...')
- newly registered members always have to manually sync their accounts, would be much nicer if accounts were in sync immediately after registration
However, for me... after I get the WP nag-screen when clicking on the logout link from vanilla, the user is properly logged out of WordPress (and remains on the wp-login.php page as you would expect) but they are still logged into Vanilla. In fact, it's impossible to log out of Vanilla this way.
So, the user goes to a URL like this:
http://mydomain.com/wp-login.php?action=logout&_wpnonce=RT1HB7JUP561
and wordpress says, "are you sure you want to log out?" and then it confirms you are logged out, but it doesn't log you out of Vanilla. Any ideas??
I have the cookie domain set to ".mydomain.com" in three places: conf/config.php, wp-config.php and on the WordPress ProxyConnect plugin page. Isn't that how it should go?
Consider this a formal request to prioritize this addon!
Is this an issue with Vanilla or ProxyConnect?
- I sometimes have to push the sign-in button (without having to enter the credentials) before vanilla seems to recognize the cookie information
This is by design. If you visit your vanilla forum while not logged into WordPress, the forum sets a cookie on your browser that tells it not to do the behind-the-scenes request to wordpress on every page hit. This prevents the forum from hammering your wordpress site with a request for every hit on your forum by a not-logged-in user. The downside of this protection is that if you visit your forum while logged out, and then subsequently log in, it wont know to do a check, and you'll remain logged out of vanilla. In order to permit logins while this cookie is set, I made the 'Sign in' action cause one last check before sending you to the WP login page. That's why you sometimes have to click the button to get logged in.
- upon login / logout, users are always redirected to their WP profile-page (WP 3.0) while they should be redirected to vanilla / discussions
This plugin effectively converts your wordpress site into an authentication server for vanilla. As such, all logout events must be handled by wordpress, not vanilla. Currently the plugin does not modify the way WP handles logouts, but in the future I suppose it wouldn't be impossible to have WP redirect the user back to vanilla after logging out.
- WP nag-screen when logging out from vanilla's page ('You are about to log-out...')
I'll look into this. It seems like a problem with wp_nonce.
- newly registered members always have to manually sync their accounts, would be much nicer if accounts were in sync immediately after registration
I hadn't thought about new users, but I suppose it would be possible to auto link them. I'll check into that.
Vanilla Forums COO [GitHub, Twitter, About.me]
Autolinking would be great. I'm in the process of creating a brand new site from scratch and I'd really love to use Vanilla for this project. For this new site, there won't be any existing Vanilla users since the forum is brand new. Not only is checking the username unnecessary in that situation, but it's also really confusing for a brand new user....
...Imagine you just registered and logged into a site for the first time and then you head on over to the site's forum only to be immediately asked if you want to "Create a New Account?" or "Use an existing account" for the forum. To be honest, neither of those two choices would make any sense to that new user. Many users would be confused and simply leave. Autolinking is essential for that situation.
Slashes in cookies were replaced with "%2F". This made the application I'm working on using the "Yesod" framework (yesodweb.com) not accept the cookie.
I worked around it by changing ProxyConnect from functions.general.php to use fsockopen rather than curl and adding "$Cookie = str_replace("%2F", "/", $Cookie);" to counter this replacement.
Also, I tested using MAMP (a mac apache+mysql+php distro) which defaults to serve at localhost:8888. Vanilla sends in header "Host: localhost" instead of "Host: localhost:8888" which for example Chrome sends. This also makes Yesod reject the cookie. So I added this right before building the header: if($Port != '80') $Host .= ':'.$Port;
My patch can be found at http://github.com/yairchu/Garden
Note that I know nothing about php and little about web programming. If there are better solutions please enlighten me! thanks!
I tried with two accounts, my wp-admin (same settings as the initial vanilla-admin) and a regular WP-subscriber (no corresponding vanilla account), both to no avail.
I created my own sso-signout.php file in the root vanilla installation folder. This script just logout from vanilla by removing the cookie like that:
setcookie('Vanilla', ' ', time() - 3600);
Firebug told me that the cookie was still there after loading this script in my browser, strange...
So I had a look to my apache log and I saw that favicon.ico was loaded by my browser each time I reload the file. This is a browser common behavior. The problem is that the vanilla rewrite rules are activated by favicon.ico because this file just doesn't exists in the vanilla root dir. More precisely, this rule is executed:
RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
The consequence is that the favicon.ico is loading index.php the same time sso-signout.php is loading. The result is that the authenticated cookie that I'm trying to destroy with sso-signout.php is just set again when the HTTP request come back from favicon.ico loading.
The solution to fix this annoying problem is to create a favicon.ico file in the root dir of the vanilla installation. A simple touch favicon.ico is enough.
Maybe a good fix is to embed a favicon.ico in the official vanilla source code ?
That path is simply not known by the browser when it requests the default /favicon.ico for your custom sso-signout.php.
Vanilla Forums COO [GitHub, Twitter, About.me]