Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Did I understand how it works correctly?

edited August 2010 in Vanilla 2.0 - 2.8
Spent a day working with it on Wordpress 3.0, and also my custom application built in Kohana 3. I also went through the instructions in detail several times. But I still can't make it work. What am I not getting?

From what I understand this is how it goes.

External App Side
1. Create a cookie named "Vanilla"(or whatever) when a user is logged in. This cookie must be accessible to Vanilla.
2. Create an Authentication URL which outputs the information of the logged in User.

Vanilla's Side
1. Vanilla will detect if the cookie Vanilla exists
2. Vanilla will try to show the sync window, or just fetch the user's details by accessing the Authentication URL.

If those things went well, the user should be logged in automatically inside Vanilla.

I'm using WordPress 3.01, Vanilla ProxyConnect 1.6, Vanilla 2.03.
I'm using Firefox(with WebDeveloper to view cookie information) and Safari (I'm on a Mac). Debugged it as much as possible, as far as I can.

But I still can't make it work. Even the Wordpress 3 integration which is supposed to work out of the box. Is there anything I'm missing here?

I hope you can point me to the right direction.

Thank you!


  • Options
    Just to follow up.

    I understand that ProxyConnect gets the authentication url behind the scenes. The problem here is that it will always get blanks. Why? Because if PHP calls a URL, it doesn't have the browser information. If a user is really logged in, the log in details are stored in the browser.

    If I call the Authentication URL through my browser, it will return the logged in User details because it can check if the user is logged in through the browser session.

    If PHP calls the Authentication URL from within, it doesn't know what to do. How will it know which user is logged in without browser session?

    So what is really going on here?

    Thanks for your help if ever...
  • Options
    ToddTodd Chief Product Officer Vanilla Staff
    We have as a stipulation that both sites must be on the same subdomain and have their cookies set up properly. When ProxyConnect makes its request it sends all of its cookies and will thus be detected properly.
  • Options
    TimTim Operations Vanilla Staff
    edited August 2010

    Let me clarify something from your first post.
    External App Side 1. Create a cookie named "Vanilla"(or whatever) when a user is logged in. This cookie must be accessible to Vanilla. 2. Create an Authentication URL which outputs the information of the logged in User.

    The first step there is not needed. Your app should handle its own sessions without regard for Vanilla. The only stipulation is that you should be able to detect "logged-in" users via cookies.

    Here's how it works:
    When a user is logged into your app, they should have a cookie (for your app, named whatever you like, formatted however your app likes) which identifies them.

    When that user comes to your vanilla forum (on the same domain), we will have access to their entire list of cookies, including the one for your app. We'll read that list (name + value pair) and store it temporarily.

    We'll then make a socket request to your site's "Authentication URL" as you described earlier. During that request, we send the aforementioned list of cookies just like your user's browser would have done. This lets us pretend to be that user for this one request. Your Authentication URL should then behave as if the user himself had visited it, allowing it to display the required details.

    Does this help?

    Vanilla Forums COO [GitHub, Twitter,]

  • Options
    Ahh... now I understand. This answers my question on the other post. The only tricky part is to make sure Vanilla can find the CMS's cookie.
  • Options
    Hm. According to a print_r($_COOKIE) in the Vanilla index.php file, it does indeed see the cookie. And my authentication page does contain the required information. But it's not doing anything. Where would I begin troubleshooting this?

    Here's the function that generates the authentication page. Is this the correct format?
    if(isset($_SESSION['webInternalKey'])) {
    $output = "UniqueID=" . $_SESSION['webInternalKey'] . "\n\n";
    $output .= "Name=" . $_SESSION['webShortname'] . "\n\n";
    $output .= "Email=" . $_SESSION['webEmail'] . "\n\n";
    return $output;
  • Options
    I'm getting entries in the user_authentication table with the correct ForeignUserKey, but that's all that appears to be happening.
  • Options I get it. Log in again, and you'll get the sync account dialog, which will create a new account. Wow. This is really, really easy, once you figure out exactly how it works! Now to set up the plugin for logging out of Vanilla when logging out of MODx.
  • Options
    Thanks for your answer Tim. After 2 days, I finally understand how it works by going through the code. The problem lies in the different hashes that frameworks use in encrypting the Cookie.

    I'm using Kohana 3. Kohana Auth uses a session cookie. But Vanilla did not or can't pass that cookie when it makes the Curl request. And even if I was able to make a work around on that, I wonder why the sync screen always shows even if I turned it off in the config.

    Anyway I ended up creating my own authentication plugin which works seamlessly with my App. It's at magicthemes dot com and forum dot magicthemes dot com.

    Do you plan to create a Joomla integration? I plan to create themes for Vanilla as we are a theming company. But a seamless Joomla integration is essential.

    Thank you!
  • Options
    Greetings.. I wish my php skills were very high like you guys do.. but Iam trying my butt off to get it work lol. I am so far successfully able to log in to vanilla using wordpress username and pass, but I can't login when user details are in vanilla user table but not in wordpress, it says user doesn't exits. can anyone tell me does it matter if users details are stored in vanilla db tables and not in wordpress? or do I have to transfer all the vanilla users to wordpress? thanx any help is appreciated. ;)
  • Options
  • Options
    ToddTodd Chief Product Officer Vanilla Staff
    When you use the Wordpress plugin then all of the users do have to be in Wordpress. You are basically letting Wordpress take over all of the user management.
  • Options
    jeez! finally a reply, thankx..
    damn i imported all my phpbb data to vanilla 2.0.. :(
  • Options
    TimTim Operations Vanilla Staff
    jeez! finally a reply
    You posted at 2:30AM our time, and still received a reply on the same day.

    Vanilla Forums COO [GitHub, Twitter,]

  • Options
    lol thankx for the reply, I am thinking of using vanilla, i already have a phpbb powered site with around 2000 members, but the activity level dropped since last year cos of spams and other exploitations, and managing this small phpbb community is so much confusing, no easy way out.. I have other scripts integrated with with phpbb such as mediawiki, elgg and wordpress. I think vanilla has big potential, it's so user friendly & easy to use, i think it will atleast help me boost my forums activity.. that's the reason I was looking back n forth for the answers lol..perhaps I will able to manipulate vanilla like i did with phpbb.. but I realized I still have to wait may be 1 or 2 years more and let vanilla grow even more.. thats my story, but thank for the reply, appreciated.
  • Options
    Ok I've got the login procedure working with another app, but I'm a bit confused as to the logout procedure. When I click signout it takes me to my applications logout page and of course I get logged out of my app, but It never logs me out of vanilla. Do I need to delete the Vanilla cookie during the logout procedure or what?
  • Options
    TimTim Operations Vanilla Staff
    That's the best way currently. I've got a beta build locally which lets you redirect the user to after logging them out of your app. The /entry/leave page logs them out of Vanilla in turn.

    Vanilla Forums COO [GitHub, Twitter,]

  • Options
    First of all, let me say this is a great plugin.

    But I also have a logout problem. I can login it easily from my site to the forum. New users can do the same as well. But when you logout the site, that is the problem!

    You get returned to my main website and you are logged out of that and it seems to destroy the cookie but does not log you out of the Forum. If someone tries to go to the forum directly, they then have a "blank" user name showing up, plus it creates a blank user in the DB. I run a script that checks for all cookies running on my server, the Vanilla ones have been deleted and don't show up but the user is still logged into the site but now with no user ID and can still click create.

    When the site runs normally, its all good, I can logout nice and easy and I'm defiantly out. When i try and logout with this plugin i get problems.

    Can anyone actually point me in the direction of the forums original logout page. I'm thinking of pointing my logout page in the plugin to that page and then putting a redirect at the bottom of that page back to my main website.

    Can any one help ?
  • Options
    edited September 2010
    I kind of created a quick fix .. When they logout my site, it deletes a username cookie.

    So i dropped some cookie checking code right at the top in


    like this

    $cookievalue = $_COOKIE['Name'];
    < me ta http- equiv="refresh" content="0;url=http://Fashn.Co" />
    echo "";

    Now on every part of the site it will check and see if the user has a cookie available called Name. If yes, it wont redirect them them from the forum.

    Nice and simple .. and it works! :-)

    (double check the code if ur usiong it. I think this site drops in some < br > every now and then.)
Sign In or Register to comment.