Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

ProxyConnect: Accessing forum creates new user - blank name [unSOLVED]

samdoidgesamdoidge
edited February 2011 in Vanilla 2.0 - 2.8
Anyone accessing the forum is automatically logged in with blank username, userid 2 - even if they are not logged into my app. (custom using CodeIgniter framework)

My URL authenticator seems fine to me, outputs the info when they are logged in.
Have applied the patch.


Edit: This is what my URL authenticator looks like under view source when logged in:
http://farm6.static.flickr.com/5126/5227148109_d91d0dde8b.jpg
and blank when not.

I have used the php headers for the URL authenticator ouput:
header('HTTP/1.1 200 OK');
header('Content-Type: text/plain');

Have been trying for 2 days now, any ideas?

Thanks
Sam
Tagged:

Comments

  • TimTim Vanilla Staff
    Are you using this with wordpress?

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • samdoidgesamdoidge
    Using it with on a custom app using the CodeIgniter php framework
  • samdoidgesamdoidge
    Unapplying the patch stops you being signed in upon visiting, but now I can't sign in.. about given up with this. URL authenticator is only thing I think it can be, but seems fine and no one has said any different.

    :RAGE:
  • TimTim Vanilla Staff
    If you give me your site's address and access to the dashboard (and a username I can use with your remote site) I'll try to debug this for you.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • samdoidgesamdoidge
    edited December 2010
    EDIT: overlooked the obvious message option, will send details in a min
  • samdoidgesamdoidge
    Still no luck with this, I'm listing as a Bug
  • 9xnangdong9xnangdong
    I have the same issue
  • MikeStMikeSt
    I have the same issue on my server. On localhost proxyconnect works good. I don't know how to solve this problem.
  • MikeStMikeSt
    edited December 2010
    It seems that I solved my problem. I have been debugging ProxyConnect for a long time and I found some facts.

    1. On my local home computer (with Ubuntu, Apache, PHP5, MySQL) i need to apply this patch:
    http://vanillaforums.org/discussion/13698/patch-for-proxyconnect-problems

    2. On my hosting server (with Debian, Nginx server, PHP5, MySQL) i do NOT need this patch.

    This is because on my local computer my Authenticate URL returns information without any headers and I have different behavior on my hosting (some headers returned before user data).

    So, when we are not logged in to the site, and we are accessing to Authenticate URL we should get empty result, but there are some pre-headers like this:
    [HTTP/1.1 200 OK] =>
    [Date: Fri, 17 Dec 2010 13:10:08 GMT] =>
    [Server: Apache/2.2.3 (Debian)] =>
    [X-Powered-By: PHP/5.2.0-8 etch16] =>
    [Expires: Thu, 19 Nov 1981 08:52:00 GMT] =>
    ...
    If we apply the patch (http://vanillaforums.org/discussion/13698/patch-for-proxyconnect-problems) this pre-headers are not cutting off. ProxyConnect thinks that we get some text and trying to get username from this text. But there are no lines like 'Name=mikest' in this pre-headers, so we get an empty username, and ProxyConnect creates user with an empty username.

    3. Correct cookies are also very important and we need to set correct cookie domain in ProxyConnect configuration and in our logout function.
    As for me, in ProxyConnect configuration I set an empty domain. And in my logout function I do this:
    setcookie('Vanilla', ' ', time() - 3600);
    unset($_COOKIE['Vanilla']);

    p.s.
    1. My forum is in /forum directory of my site (it is like http://mysite.com/forum/).
    2. If you need to use patch, you should always apply it BEFORE enabling and configuring ProxyConnect plugin! Otherwise you will get incorrect behavior.
  • samdoidgesamdoidge
    Thanks for input MikeSt, I tried that but for me it was something else I've just solved.
    Basically CodeIgniter session cookies don't work with ProxyConnect; I'm not sure why, but after creating my own test cookies login system ProxyConnect works!

    For anyone looking for the php url-authenticator this is what mine looks like:

    header('HTTP/1.1 200 OK');
    header('Content-Type: text/plain');
    echo 'UniqueID='.$user_id;
    echo "\n";
    echo 'Name='.$username;
    echo "\n";
    echo 'Email='.$email;

    De-listing as a bug as it's not ProxyConnect's fault.
  • tommycuttertommycutter
    @samdoidge might you shed some light on what it is you're doing to get this to work with CodeIgniter? are you using $_COOKIE or $_SESSION? What keys are you setting?
  • samdoidgesamdoidge
    @tommycutter I basically manually created a very basic cookie setup to track user logged in, on top of the existing codeigniter system.

    I create a cookie on login with:

    setcookie("TestCookie", $user_id, time()+3600, "/", ".domainname.com");

    I then get the current user_id from the cookie in the url-authenticator controller with :
    if(isset($_COOKIE['TestCookie']))
    {
    $user_id = $_COOKIE["TestCookie"];
    and get the rest of the user details from the database based on user_id in this cookie.:

    $row = $this->login_model->get_user_details_id($user_id);
    $user_id = $row->user_id;
    $username = $row->username;
    $email = $row->email;
    }
    then echo them as they should be..
    Obviously this isnt the most secure system without cookie encryption or something but it should get it working.

    I destroy on logout with:

    setcookie("TestCookie",'', time()-3600, '/', ".domainname.com");
    unset($_COOKIE['TestCookie']);

    also destroy the Vanilla cookie.

    To note there were some issues with a cookie forming after visiting the Vanilla forum while not logged in, which would disrupt the user then logging in and accessing his forum account, so i destroy the vanilla cookie on Login as well.

    setcookie('Vanilla', '', time()-3600, '/', ".domainname.com");
    unset($_COOKIE['Vanilla']);

    Let me know of any problems.
  • tommycuttertommycutter
    Thanks for the detailed explanation @samdoidge it is much appreciated. I realized my frustrations with getting this working was with using a Codeigniter controller to generate my url-authenticator page. Once I placed that page outside of Codeigniter entirely, my cookies started showing up. CI's input sanitation seemed to be unsetting some of my custom cookies for whatever reason. I also noticed that by setting the cookie domain in my main config file wasn't enough. I had to include the domain manually in each cookie that was set. Anyway, I'm up and running now, woohoo!
  • samdoidgesamdoidge
    @tommycutter No problem, and glad it's working :>
  • fk59fk59
    Sry friends, but i got the same problem today. Wordpress name of poster is blank when logged in over proxy-connect.

    Looks like "1 comment | written by (blank) | postname

    any hints?

    wp and vanilla newest versions.

    thx, Frank
  • FinsterFinster
    I, too, am experiencing this. Although, it works perfectly fine on my local development environment (domain is similar to example.dev) but just started having this issue today on my webserver (domain is similar to example.dev-server.com). I am also using the latest Vanilla and latest WP (3.1, now).
  • FinsterFinster
    Holy cats... I think I just figured out my issue. To protect the development site, I have HTTP authentication (through Apache) set up and I think that's interfering with the curl calls to get the auth data from Wordpress. I'm going to circumvent that, and see if it helps...
  • FinsterFinster
    Nope... that wasn't it... and in fact now, not even the sign in is working correctly. Doesn't redirect to WP anymore, and just signs in the blank user right off the bat. This is infuriating...
  • sirRevelationsirRevelation
    can somebody post a solution for this. I`m using CodeIgniter also and i want to integrate the forum in my app. I have tried all the solutions mentioned but none works.
    They work on my localhost but on the production server ( Ubuntu 10 server with LAMP , PHP 5) it fails
  • jacsrjacsr
    I'm also experiencing a problem on my production server despite everything working on the development machine. Both are running Apache 2.2 with PHP 5.3.5 on Windows, and I'm using CodeIgniter 2 for the application. The cookie seems to be correctly set and read by Vanilla (the user id showed up when using print_r in vanilla's index.php), and when I visit the authentication URL all details appear correctly, but once logged in through the website and visiting the forum, there is a long delay before the page appears, and the user is not logged in. If I click Sign in I am redirected to the correct page of the website, but have to wait an unusually long time for it to load (20-30 secs), and the problem just repeats when I visit the forum after logging in. I've read all of the other discussions related to this and already tried deleting cookies, clearing the cache, reinstalling the forum and plugin several times, and I've now run out of ideas.

    I don't know if this is significant, but after I set the proxyconnect configuration in the dashboard and sign out to test it I also experienced the same wait for the next page to load. Also, would the fact that the server is behind a reverse proxy cause a problem?

    I've wasted hours trying to fix this, so any help would be greatly appreciated. I'm using Vanilla 2.0.17.8 and ProxyConnect 1.8.4.
Sign In or Register to comment.