Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Wordpress comments autoposts to Vanilla with wrong user

I've gotten everything going well with Wordpress, Vanilla and the Wordpress Vanilla plugin. However, when a post is published at wordpress, it appears as a thread in Vanilla with the wrong username.

This is apparently because it expects the UserIDs to be the same in both. However, this isn't so for us! So if Wordpress UserID 1 is John, and Vanilla UserID 1 is Bob, John's Wordpress posts appear in Vanilla as being authored by Bob. Is it possible to configure the plugin to go by usernames instead of UserIDs, to set up a map, or somesuch?

Comments

  • that would be very weak security.

    Normally when you have SSO there is a third table to link the two. it can't possibly think that UserID would be the same, that is very poor design.

    I haven't looked into is implementation you speak of. But maybe there is mismatch, regarding accounts. This can happen if accounts were set

    In the old version there is simple only one user, which it uses for posting articles. You change that user, or rename it.

    Personalty this whole system need an overhaul, it has some issues with it.

    grep is your friend.

  • We have no SSO implementation at all -- It's just a vanilla installation (with its own users) and a standard wordpress installation (with its own users), with the vanilla plugin installed and set up to replace the wordpress comment system.

    There are only a handful of users in wordpress, no signups or registration. We're hoping to let vanilla handle the community completely, but with auto-posting from wordpress for those editors.

    I guess I could use SQL to renumber the vanilla and wordpress users to match on userID?

  • in the absence of authentication any link is speculation.

    grep is your friend.

  • If there is no mapping between the two, how does authentication work?

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • @hgtonight said:
    If there is no mapping between the two, how does authentication work?

    are you asking me?

    grep is your friend.

  • @x00 If you know the answer. The only way I could think to do it would be some type of scraper.

    I went full vanilla almost immediately on my main community, so I am not sure how these WordPress solutions always work.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • basically you can set the authentication up from scratch, so each new account is linked. Existing accounts will need to either be manually sticked to, they can give the vanilla password.

    The problem is the embed comment sytem is itself a security weakness. It relies on scraping rather then an api. The last think you wan to do is give more control over what user.

    grep is your friend.

  • beschizzabeschizza New
    edited March 2014

    Here's what I did:

    1. I have a wordpress installation already going. (My blog.)
    2. I set up a vanilla 2.0.18.10 installation at the same domain. (Forums for the blog!)
    3. I have installed the wordpress vanilla plugin ( https://wordpress.org/plugins/vanilla-forums/)
    4. In the wordpress vanilla plugin "setup" page, I entered the URL of my vanilla forum and validated it successfully.
    5. In the wordpress vanilla plugin "Vanilla Comment Integration" page, I checked "Replace your blog's native commenting system with Vanilla comments" and saved the changes
    6. When I post in wordpress, the post gets a Vanilla comment form.
    7. A thread is successfully created in Vanilla when the first comment is posted.
    8. But the thread in vanilla is posted under the wrong username.

    A few things that might help figure it out:

    • Most users are different between the wordpress blog and the vanilla forums. The wordpress blog has a small handful of editorial users only. The vanilla forums, meanwhile, has lots of lots of people imported from an old forum system as well.

    • No SSO was setup as far as I know. I haven't touched the SSO settings in the wordpress vanilla plugin. And I haven't set up anything under jsconnect in Vanilla.

    • The wordpress vanilla plugin nevertheless posts to vanilla successfully. It just posts as the wrong user!

    • The wordpress vanilla plugin posts to vanilla using the same UserID as the corresponding wordpress user. In this case, the specific problem is that I, Rob, has userid 1 in wordpress, but over in vanilla, Tim is userid 1. So my wordpress posts show up in Vanilla as being posted by Tim.

    "But maybe there is mismatch, regarding accounts. This can happen if accounts were set In the old version there is simple only one user, which it uses for posting articles. You change that user, or rename it."

    So my best best would be to just make sure the usernames, userIDs correspond exactly between Wordpress and Vanilla? I suppose that's easily done with SQL! It just seems like I must be missing something more obvious like a setting. SHould I set up SSO anyway? The problem then is that none of the vanilla users have wordpress accounts except for a small handful. The only people I need in wordpress are blog editors :)

  • UPDATE: It turns out that the userID is just a coincidence. It always posts to vanilla as the same user (UserID 2 in fact), no matter who is the wordpress user.

  • I've done some experiments to try and get to the bottom of this.

    When wordpress posts in vanilla the first time, a user named "System" is usually created in Vanilla. Almost all of its columns in the database are simply NULL or insertion timestamps. The Admin column is "2" (whereas a normal admin user is "1")

    For some reason, though, in my site's vanilla setup, this user doesn't get created. The posting is instead posted as an existing user. There's nothing remarkable about that user's account as far as I can tell. He doesn't have a 2 in the admin column.

    All these users were, however, imported using a script from a SQL dump of older software rather than set up using Vanilla registration. Everything else seems to work fine.

    I guess I can immediately solve the problem by taking over that particular vanilla account, thereby reserving it for Wordpress to post with. But it all seems so weird!

  • beschizzabeschizza New
    edited March 2014

    I guess $Configuration['Garden']['SystemUserID'] = '2'; in the config is the thing I was looking for.

    http://vanillaforums.org/discussion/25095/how-to-make-a-new-system-account-in-vanilla

  • yep this is by design.

    grep is your friend.

Sign In or Register to comment.