[_ck_]

That is with bbPress 1.0 right? the object_type is for 1.0

You get nothing using get_results because it returns an array – use get_var instead

<?php

global $bbdb;

$result=$bbdb->get_var("SELECT SUM(meta_value) FROM bb_meta WHERE object_type='bb_topic' AND meta_key='views'");

echo $result;

?>

[_ck_]

I need more info than “didn’t work”

Try replacing $bbdb with $wpdb

[_ck_]

ashfame, I meant on lighttpd and nginx – you are are doing permalinks with just one line, it must be some kind of multiviews emulation.

[_ck_]

I’ve never seen or even heard of a forum with reply by email.

In theory this could be done via a unique key sent with every message to the reader.

But writing code to download and process email replies would be tricky.

Since bbPress 1.0 will have trackbacks for topics, this might open another avenue.

This kinda defeats the whole idea of a forum though, allowing people to stay away from the site entirely.

[_ck_]

That’s a good hack Ann but keep in mind insert_id isn’t always reliable.

[_ck_]

Do not even “try” the alpha as you can then never go back to 0.9

Many plugins will not work with the alpha and won’t for some time.

You want to downgrade the wp cookies. Use Ann’s plugin.

[_ck_]

Yes you still need to fill the bbPress/WP user table (many plugins also refer to it directly).

All you are replacing is authentication.

You can write a plugin to auto-fill the user table when a newly authenticated user first tries to see a bbPress page. Actually it could go into the authentication code directly.

[_ck_]

andyimages, to use WP 2.7 with bbPress 0.9 you need one of the two plugin solutions now updated in the first post. Changing the cookie path is not enough, you have to change the cookie method entirely.

[_ck_]

By the way there are now windows ports of lighttpd and nginx to use on a local PC for testing too for a faster, lighter footprint. But their installs are not as robust as xampp or wamp though and not for novices. Also since they don’t use .htaccess but their own proprietary system you have to hand write the rules for pretty permalinks.

xampp can be installed and running in under a minute flat, it’s amazing.

[_ck_]

View counts in the forum section require part of “my-views” plugin to be installed (my-views-most-least-views.php) or just make this a mini-plugin:

add_filter('get_forums','forums_views_append');

function forums_views_append($forums) {

if (is_front() || is_forum()) {

global $bbdb, $forums_views; $sum_meta_value="SUM(meta_value)";

if (!isset($forums_views)) {

$forums_views = $bbdb->get_results("SELECT DISTINCT forum_id, $sum_meta_value FROM $bbdb->topicmeta LEFT JOIN $bbdb->topics ON $bbdb->topicmeta.topic_id = $bbdb->topics.topic_id  WHERE $bbdb->topics.topic_status=0 AND $bbdb->topicmeta.meta_key='views'  GROUP BY $bbdb->topics.forum_id");

} foreach ($forums_views as $forum_views) {

if ($forum_views->forum_id) {$forums[$forum_views->forum_id]->views=$forum_views->$sum_meta_value;}

}

}

return $forums;

}

[_ck_]

The authentication system in bbPress is completely adjustable via plugins.

Look in the pluggable.php file, there are 4 routines that have to be replaced.

If you look at a plugin like my “freshly baked cookies” you can sort-of see the 4 replacements you need. Actually you only need 2, because the other two are used by the first two. One creates the cookie, the other reads it. If you only want your other software to create the cookie, then in theory you only need one function replacement.

WordPress works the same way, except after WP 2.5 they added 2 or three other kinds of cookies. The older method that WP 2.5 and bbPress 0.9 uses is easier to hook into.

Note that a few obscure WordPress plugins like to read the cookie to gather the username which is a bad approach. No bbPress plugin that I am aware of does this yet, and I hope they won’t so we can switch to a httponly cookie which is more secure and less XSS vulnerable.

ps. technically the auth system doesn’t even have to be via cookies but the only other ways I am aware of would be HTTPS Client Authentication which is impractical for public systems or maybe LDAP

[_ck_]

If rewriting a PM plugin I would try to use as much internal stuff that bbPress has as possible. For example use the same hooks actions/filters that the new post form uses (and specify post id #0), which would make it work with many plugins. And run the message through pre_text before saving and then output through post_text when displaying.

It’s also technically possible to do the whole thing inside of one single file for easy maintenance and make it part of the profile tabs. Look at bb-reputation to see the trick to making profile tabs within a single file, it requires a “wrapper”.

[_ck_]

If anyone is getting this who happens to use post-count-plus,

make sure you have the newest version as there was a similar bug.

[_ck_]

Technically the plugin has been abandoned by the original author.

I don’t think the download can be disabled but Sam or Michael might be able to move it on the SVN from the trunk directory to a tag where the extend section would make a link that would fail to download so that would prevent people from blindly installing it.

The plugin was written after bbPress .7 had just updated to .8 so there were few other plugins available for the author to model some security against. It’s design is a little dated and spread out across several files makes it hard to maintain (a similar problem that the avatar upload plugin shares).

[_ck_]

This is a quick and dirty security fix. Only tested on a basic level.

This code is for the original, not detective’s mod which I will examine tomorrow unless Detective wants to apply the stuff below himself…

replace around line 100 the entire function pm_new_message

from:

function pm_new_message( $id_receiver, $id_sender, $pmtitle, $message ){

...

}

to this:

function pm_new_message( $id_receiver, $id_sender, $pmtitle, $message ){

global $bbdb, $bb_table_prefix;



$created_on = bb_current_time('mysql');

$id_receiver = intval($id_receiver);

$id_sender = intval($id_sender);



$pmtitle=substr(strip_tags($pmtitle),0,64);

remove_filter('pre_post', 'post_regulation');

$message=substr($message,0,2048);

$message=force_balance_tags($message);

$message=apply_filters('pre_post',$message,0,0);

$message=apply_filters('post_text',$message,0);



$pmtitle=mysql_real_escape_string($pmtitle);

$message=mysql_real_escape_string($message);



$bbdb->query("INSERT INTO ".$bb_table_prefix."privatemessages

(id_sender, id_receiver, pmtitle, message, created_on)

VALUES

('$id_sender', '$id_receiver', '$pmtitle',  '$message','$created_on')");

}

This patch should in theory make it virtually completely sanitized (but still not completely validated unfortunately) and has the added bonus that most other plugins that affect posts like bb-smilies, etc. should work inside PM’s

[_ck_]

It’s worse than validations.

You improved a few areas but the main problems are still wide open.

I think I can post a temporary fix soon but it’s still not completely safe.

[_ck_]

First post updated to reflect the two new plugins available to allow WP 2.6, 2.7 or 2.8 to work with bbPress 0.9

[_ck_]

You can manually mark spam posts with my “Mass Edit” plugin.

https://bbpress.org/plugins/topic/mass-edit/

There are two email notification plugins available, one is the “post notification”

https://bbpress.org/plugins/topic/post-notification/

https://bbpress.org/plugins/topic/auto-add-favorites/

and the other is my “subscribe to topics” (which is not robust yet).

[_ck_]

Your plugin will have a far longer useful life than you’d might think.

I’d estimate at least six months. I wish I thought of it six months ago.

But at least people have two ways to avoid 1.0 alpha 7 which will break my plugins.

[_ck_]

Oh and by the way Ann, welcome to bbPress (though I see you were around here a few months ago for a short bit).

Seems like you know how to code so that’s great to see, hopefully you’ll get addicted to bbPress too and churn out some plugins

[_ck_]

It’s strange that I didn’t think to downgrade WP 2.7 to match bbPress 0.9 but I guess I overthought the process and figured the new “auth” cookie method would be required in the admin area on WP so it would break. I assume you have tested your admin access in WordPress after your changes?

WordPress 2.7 added three new kinds of cookies, surprised it doesn’t break anything when you force it backwards. Did you delete all of your old cookies on your browser to make sure it wasn’t “cheating” ?

In any case, my new plugin is here and should be downloadable for testing shortly:

https://bbpress.org/plugins/topic/freshly-baked-cookies/

One plus to the WP downgrade method is it might work with deep integration where mine will definitely not work and should not even be tried that way.

[_ck_]

What she did is downgrade the cookie functions in WP 2.7 to the cookie functions from WP 2.5

This takes away the extra auth cookie that WP 2.6-2.8 uses but it should be okay.

There are only 4 functions that need to be replaced.

However I’ve just finished a plugin that does the opposite approach, it allows WP 2.7 to keep it’s cookies and bbPress 0.9 switches to the newer cookie method instead.

[_ck_]

On a funny coincidence, I just finished a plugin to make 0.9 work with 2.7 cookies.

But are you saying you downgraded WP 2.7’s cookies into 2.5 cookies to make it work with bbPress by replacing the functions from the WP 2.5 pluggable?

Mine is the opposite approach, it let’s WP 2.7 keep it’s cookies and bbPress uses the logged_in cookie from WP.

I guess either technique is valid. You must have forced the salt to be the same on both sides though.

[_ck_]

The news about bbPress on that blog is just rehashing news elsewhere (and it’s a month out of date at that). 2009 will indeed be a big year for *development* for bbPress 1.0 – but that doesn’t mean 1.0 should be adopted for use on live sites in 2009.

I don’t know how to explain it any further that 1.0 is not simply a continuance of 0.9, it’s about 50% rewritten. 0.9 was reaching a certain maturity but now virtually every major function has been changed in some way that makes it more complex (for the same functionality).

You’re not using code in 1.0 that’s been proven stable in 0.9, you are using code that’s been rewritten to mimic the functionality of 0.9 with complexity added to force the use of BackPress (essentially WordPress core functions). Not only does the added bulk slow things down, but it degrades the proven stability that was in 0.9 because the new code is not thoroughly tested.

You shouldn’t be nagging about 1.0 over here, the key question you should be nagging developers about is over on the WordPress side: When will WordPress use BackPress? If it’s not going to (anytime soon) what was the point in rushing to break a stabilized bbPress to make it use Backpress and why are people rushing to use bbPress 1.0 when it’s not finished?

I think there was only one problem: it’s that 0.9 never got support for the cookies in WP 2.7 so way too many people rushed to 1.0 despite heavy warnings not to do so, somehow thinking they know better, or worse, that they’d just nag about any problems they have and get some kind of priority fix.

I am considering releasing a plugin to make 0.9 work with WP 2.6-2.8 cookies to stop this nonsense once and for all however people still won’t be able to downgrade unless I also make another plugin to downgrade the database also. But it’s a lot of work and I have little motivation since I would never use WP 2.7+ myself.

[_ck_]

Well let me technically correct that people can probably immediately downgrade because the old tables are left in place but any further changes to the db would be lost (as far as meta data) making downgrading infeasible to just “try out for a day” on a live site.