Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Did I understand how it works correctly?
Spent a day working with it on Wordpress 3.0, and also my custom application built in Kohana 3. I also went through the instructions in detail several times. But I still can't make it work. What am I not getting?
From what I understand this is how it goes.
External App Side
1. Create a cookie named "Vanilla"(or whatever) when a user is logged in. This cookie must be accessible to Vanilla.
2. Create an Authentication URL which outputs the information of the logged in User.
Vanilla's Side
1. Vanilla will detect if the cookie Vanilla exists
2. Vanilla will try to show the sync window, or just fetch the user's details by accessing the Authentication URL.
If those things went well, the user should be logged in automatically inside Vanilla.
I'm using WordPress 3.01, Vanilla ProxyConnect 1.6, Vanilla 2.03.
I'm using Firefox(with WebDeveloper to view cookie information) and Safari (I'm on a Mac). Debugged it as much as possible, as far as I can.
But I still can't make it work. Even the Wordpress 3 integration which is supposed to work out of the box. Is there anything I'm missing here?
I hope you can point me to the right direction.
Thank you!
From what I understand this is how it goes.
External App Side
1. Create a cookie named "Vanilla"(or whatever) when a user is logged in. This cookie must be accessible to Vanilla.
2. Create an Authentication URL which outputs the information of the logged in User.
Vanilla's Side
1. Vanilla will detect if the cookie Vanilla exists
2. Vanilla will try to show the sync window, or just fetch the user's details by accessing the Authentication URL.
If those things went well, the user should be logged in automatically inside Vanilla.
I'm using WordPress 3.01, Vanilla ProxyConnect 1.6, Vanilla 2.03.
I'm using Firefox(with WebDeveloper to view cookie information) and Safari (I'm on a Mac). Debugged it as much as possible, as far as I can.
But I still can't make it work. Even the Wordpress 3 integration which is supposed to work out of the box. Is there anything I'm missing here?
I hope you can point me to the right direction.
Thank you!
0
Comments
I understand that ProxyConnect gets the authentication url behind the scenes. The problem here is that it will always get blanks. Why? Because if PHP calls a URL, it doesn't have the browser information. If a user is really logged in, the log in details are stored in the browser.
If I call the Authentication URL through my browser, it will return the logged in User details because it can check if the user is logged in through the browser session.
If PHP calls the Authentication URL from within, it doesn't know what to do. How will it know which user is logged in without browser session?
So what is really going on here?
Thanks for your help if ever...
Let me clarify something from your first post.
External App Side 1. Create a cookie named "Vanilla"(or whatever) when a user is logged in. This cookie must be accessible to Vanilla. 2. Create an Authentication URL which outputs the information of the logged in User.
The first step there is not needed. Your app should handle its own sessions without regard for Vanilla. The only stipulation is that you should be able to detect "logged-in" users via cookies.
Here's how it works:
When a user is logged into your app, they should have a cookie (for your app, named whatever you like, formatted however your app likes) which identifies them.
When that user comes to your vanilla forum (on the same domain), we will have access to their entire list of cookies, including the one for your app. We'll read that list (name + value pair) and store it temporarily.
We'll then make a socket request to your site's "Authentication URL" as you described earlier. During that request, we send the aforementioned list of cookies just like your user's browser would have done. This lets us pretend to be that user for this one request. Your Authentication URL should then behave as if the user himself had visited it, allowing it to display the required details.
Does this help?
Vanilla Forums COO [GitHub, Twitter, About.me]
Here's the function that generates the authentication page. Is this the correct format?
[code]
if(isset($_SESSION['webInternalKey'])) {
$output = "UniqueID=" . $_SESSION['webInternalKey'] . "\n\n";
$output .= "Name=" . $_SESSION['webShortname'] . "\n\n";
$output .= "Email=" . $_SESSION['webEmail'] . "\n\n";
return $output;
}
return;[/code]
I'm using Kohana 3. Kohana Auth uses a session cookie. But Vanilla did not or can't pass that cookie when it makes the Curl request. And even if I was able to make a work around on that, I wonder why the sync screen always shows even if I turned it off in the config.
Anyway I ended up creating my own authentication plugin which works seamlessly with my App. It's at magicthemes dot com and forum dot magicthemes dot com.
Do you plan to create a Joomla integration? I plan to create themes for Vanilla as we are a theming company. But a seamless Joomla integration is essential.
Thank you!
damn i imported all my phpbb data to vanilla 2.0..
Vanilla Forums COO [GitHub, Twitter, About.me]
Vanilla Forums COO [GitHub, Twitter, About.me]
But I also have a logout problem. I can login it easily from my site to the forum. New users can do the same as well. But when you logout the site, that is the problem!
You get returned to my main website and you are logged out of that and it seems to destroy the cookie but does not log you out of the Forum. If someone tries to go to the forum directly, they then have a "blank" user name showing up, plus it creates a blank user in the DB. I run a script that checks for all cookies running on my server, the Vanilla ones have been deleted and don't show up but the user is still logged into the site but now with no user ID and can still click create.
When the site runs normally, its all good, I can logout nice and easy and I'm defiantly out. When i try and logout with this plugin i get problems.
Can anyone actually point me in the direction of the forums original logout page. I'm thinking of pointing my logout page in the plugin to that page and then putting a redirect at the bottom of that page back to my main website.
Can any one help ?
So i dropped some cookie checking code right at the top in
\applications\dashboard\views\default.master.php
like this
<?php
if(isset($_COOKIE['Name'])){;
$cookievalue = $_COOKIE['Name'];
}else{
?>
< me ta http- equiv="refresh" content="0;url=http://Fashn.Co" />
<?php
}
echo "";
?>
Now on every part of the site it will check and see if the user has a cookie available called Name. If yes, it wont redirect them them from the forum.
Nice and simple .. and it works! :-)
(double check the code if ur usiong it. I think this site drops in some < br > every now and then.)