Skip to:
Content
Pages
Categories
Search
Top
Bottom

No Rights to create Forum as Key Master


  • JanEllers
    Member

    @janellers

    Hi,

    I just installed bbPress and integrated it to my WordPress Site. It’s wonderful! But i have a Problem…

    I want to create a second forum, so i go to content -> forums and fill in the two forms under “Add Forum”. After clicking the Add Button I get the Error Message that i dont have the permissions to create a Forum? How could this be? I’am logged in as admin, as key master. Do you have any ideas?

    thanks,

    Jan

Viewing 25 replies - 1 through 25 (of 25 total)

  • JanEllers
    Member

    @janellers

    sorry, just found the thread with the solution ;)

    Deactivating the Display Name Plugin. Is there a new Version for this Plugin wich solves the Problem?

    I have the same issue even after not using the Display name plugin anymore.

    This is apparently caused by servers running the Suhosin PHP hardening patch… it encrypts cookies. I was having a simlar problem about a year ago on another site:

    http://bbpress.org/forums/topic/cant-post-topic-turns-yellow-cant-delete

    I found this plugin for WP that fixes it (in WP).. it’s apparently a bug in WP’s AJAX handling. Perhaps something similar is going on inside BBpress’ AJAX functionality?

    http://sparepencil.com/code/ajax-referer-fix/

    in pluggable.php (current)

    if ( !function_exists('bb_check_ajax_referer') ) :
    function bb_check_ajax_referer() {
    if ( !$current_name = bb_get_current_user_info( 'name' ) )
    die('-1');

    $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
    foreach ( $cookie as $tasty ) {
    if ( false !== strpos($tasty, bb_get_option( 'usercookie' )) )
    $user = substr(strstr($tasty, '='), 1);
    if ( false !== strpos($tasty, bb_get_option( 'passcookie' )) )
    $pass = substr(strstr($tasty, '='), 1);
    }

    if ( $current_name != $user || !bb_check_login( $user, $pass, true ) )
    die('-1');
    do_action('bb_check_ajax_referer');
    }
    endif;

    From above mention (wordpress) plugin:

    if (!function_exists('check_ajax_referer')) :
    function check_ajax_referer() {
    // Explode cookie data like WordPress normally does
    $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
    foreach ( $cookie as $tasty ) {
    if ( false !== strpos($tasty, USER_COOKIE) )
    $user = substr(strstr($tasty, '='), 1);
    if ( false !== strpos($tasty, PASS_COOKIE) )
    $pass = substr(strstr($tasty, '='), 1);
    }

    // This variable is set when cookie data was sent in an encrypted fashion
    // For more information:
    // * http://forum.hardened-php.net/viewtopic.php?pid=616
    // * http://www.hardened-php.net/suhosin/
    if(isset($_SERVER['RAW_HTTP_COOKIE']))
    {
    // Explode the raw (HTTP) cookie data using the WP method
    $crypt_cookie = explode('; ', $_SERVER['RAW_HTTP_COOKIE']);
    foreach ( $crypt_cookie as $tasty ) {
    if ( false !== strpos($tasty, USER_COOKIE) )
    $crypt_user = substr(strstr($tasty, '='), 1);
    if ( false !== strpos($tasty, PASS_COOKIE) )
    $crypt_pass = substr(strstr($tasty, '='), 1);
    }
    // Set $user and $pass to the decrypted values if the cookies match
    if($crypt_user == $user && $crypt_pass == $pass)
    {
    $user = $_COOKIE[USER_COOKIE];
    $pass = $_COOKIE[PASS_COOKIE];
    }
    }

    if ( !wp_login( $user, $pass, true ) )
    die('-1');
    do_action('check_ajax_referer');
    }
    endif;

    Still having this issue and host says they don’t have Suhosin installed. This seems to happen only when AJAXy type admin stuff is used so I’m willing to bet it has something to do with it.

    Just uploaded a new installation to the server and it’s still going this. Why does it just up and do this out of nowhere?


    chrishajer
    Participant

    @chrishajer

    Can you verify if you are using Suhosin or a hardening patch from your phpinfo(); ?

    Running BBpress 0.8.3.1, WordPressMU 1.3.3, PHP 5.25

    I don’t see any sort of indication of Suhosin, etc:

    http://geekdc.com/phpinfo.php

    I just tried a bunch of things and any and only admin functions that involve Ajax gives me the “You do not have permission to do that.” error.


    chrishajer
    Participant

    @chrishajer

    Yeah, I’d say the Suhosin thing doesn’t apply to your situation.

    Interesting. Can you run with a local proxy server like Paros to see what’s going back and forth when you try some of those admin functions?

    I am running bbPress 0.8.3.1 and WP 2.x(something) but not MU. I am not having any trouble like that, but obviously some people are.

    Does using a different browser make the problem any different? What browser and OS are you using when you see the problem?

    Same thing happening in all browsers. For some reason Paros wont even start on my machine. I click the icon and nothing happens. Reinstalled Java and everything.

    I can actually rename and re-order forums, but can’t delete or create new ones. This is like Deja Vu all over again.


    chrishajer
    Participant

    @chrishajer

    I just got an email from someone with a WordPress 2.2.2 site, and all of the sudden she lost the ability to create a new post (in the last month anyway). She gets a javascript error. Take a look at the screenshot:

    http://www.chrishajer.com/bbpress/ajax-permissions.jpg

    She is using IE7. I did not get the same error when I logged into her blog and created a new test post or page (with either IE7 or FF.) So, she cleared her cookies and everything is back to normal. Maybe it’s something simple like that for you as well.

    I wonder if there was some sort of update on the server (or a couple different hosting companies or something) that is causing these problems. Maybe they upgraded a package because of a vulnerability?


    chrishajer
    Participant

    @chrishajer

    Interesting.

    I wish you could get paros (or similar) running and see what’s happening behind the scenes.

    I got paros running, could login to a bunch of sites (gmail, yahoo, here) but kept asking me for my bbpress’ login over and over.

    What exactly do you want to see from the session in paros?

    GET http://geekdc.com/forum/bb-admin HTTP/1.1
    Host: geekdc.com
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Paros/3.2.13
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Proxy-Connection: keep-alive
    Referer: http://geekdc.com/forum/bb-admin/
    Cookie: __utma=164913321.806591864.1206118840.1206381545.1206389257.5; __utmz=164913321.1206118840.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ?wordpressuser?=admin; ?wordpresspass?=33b7fd3d41082aeb1764e84c5e297d8f; ‘wordpressuser’=admin; ‘wordpresspass’=33b7fd3d41082aeb1764e84c5e297d8f
    Content-length: 0


    _ck_
    Participant

    @_ck_

    Just a thought but I would look at the wp nonce if it’s only happening with ajax. If it’s not being sent or interpreted correctly, I don’t think bbpress will let you do admin actions, even if you are admin.

    (Oh and the newest Suhosin has the option to hide itself in phpinfo)

    does bbpress use it’s own Ajax decryption? I’m OK with following/mucking up php and html, but all that Ajax stuff is beyond me.

    This could be related to the albatross that is ‘integration’ that seems to haunt me from host to host. Now, I WORK at the webhost and have access to root and WHM and everything, but still… I’ve never been able to get WPMU and bbpress to play nice. I’ve followed every set of instructions I can find on it, too. Nothing seems to work. (cant wait for the new versions!)


    _ck_
    Participant

    @_ck_

    WPMU users really are kinda out there on their own right now, sorry. Using 0.9 is probably not an option anyway for you since WPMU uses different style cookies unless there is a plugin to solve that (and there might be, I am not sure).

    I assume you looked at the user meta directly to ensure the roles are set correctly for bbpress?

    From user_id 1

    bb_capabilities a:2:{s:9:"keymaster";b:1;s:8:"throttle";b:1;}


    _ck_
    Participant

    @_ck_

    Yeah that looks okay. Someone more knowledgeable than me is going to have to trace this. I get as far back as the ajax xml generation code but that’s useless without knowing what’s triggering the error. Maybe ask Sam or MDA on the irc or perhaps turn to other WPMU folks to see if they encounter this?


    chrishajer
    Participant

    @chrishajer

    nolageek, I’m with you on the integration. Seems people are usually looking for three things from bbPress:

    1. User integration with WordPress out of the box

    (registration/login)

    2. Theme integration with WordPress out of the box

    (make the forum look like the blog)

    3. Working slugs or permalinks out of the box

    (why is it so easy with WordPress and so hard with bbPress?)

    (Regarding MU, I have no idea. I’m talking mostly about WordPress.)

    I would say those are the most common requests in these forums, ones that come up over and over.

    Sorry for hijacking your thread.

    I agree. I know bbpress isn’t ‘designed’ to be a drop in integration with wordpress, it seems obvious to me that that should be a major focus. There’s simply too many issues with integration for two projects that share so many concepts, etc… Hopefully 2.5/0.9 will solve a lot of that. It shouldn’t be too much longer after that that WPMU will graft the 2.5 code. I just can’t believe there’s threads on here from 2 years ago about problems sharing cookies.. that are still active. heh.

    Getting thread back on track.. i have no access to IRC at the moment, but I definitely think this is AJAX related. It sounds EXACTLY like the issue that above plugin fixed in WP. I’m willing to bet bbpress has a similar promlem with AJAX decrypting cookies.

    Ah, just found this thread. I had just posted the sparepencil ajax-fix link in an older thread.

    I am having permission issues. Have tried creating a new keymaster to no avail. I had the same exact issue with WP 2.3.3 until I used the ajax fixing plugin above. It feels like the same exact problem in every way.

    The sparepencil plugin had a less eloquent fix originally – I don’t remember precisely but you basically just commented out a block of code and replaced it with something short and sweet (something to do with cookie decryption i think). Is there any quick fix like that here?

    Basically, anything that will let me start properly admin’ing bbPress would be fantastic.

    OK. A bit more research…

    For me, it has nothing to do with plug-ins, for this was occurring before plugins.

    It’s also not directly related to Keymaster – I created a moderator account and it can only add one tag before getting permission errors.

    This really feels like the ajax issue.

    This is the post about it before they came up with the eloquent plug-in solution… does it transfer to this problem at all?

    http://sparepencil.com/archives/2007/06/03/wordpress-and-the-cookies/

    After upgrading to WP 2.5 and to bbPress – branches_0.8-r1381

    I still have this rights/permission issue. Can’t add more than one tag, etc.

    Will wait for official .9 release and post an update. This is frustrating.

Viewing 25 replies - 1 through 25 (of 25 total)

You must be logged in to reply to this topic.