[_ck_]

It sounds vaguely to me like a timeout issue, where something in the ajax is waiting for a response from the server.

It would probably take more debugging time that it’s worth, you’d have to watch requests in realtime either from your side through a firewall or from the server side logs (ie. tail).

I haven’t kept up with the ajax changes in wordpress since 2.1 so I have no idea what’s going on there – wish I could be more help. Ajax is usually the first thing I gut out of wordpress (and bbpress).

[_ck_]

You should always evaluate the “need” to run WP with BB at the same time. I don’t mean shared login and common cookies which is simple integration, but instead having bbpress load all of wordpress for every page page. That’s a HUGE number of files and mysql calls being generated for every page, multiplied by the number of plugins you have with their own mysql stored settings.

Many times there are ways around loading both at the same time with a few tricks and plugins. If you are on a shared/vps host that’s giving you limited resources you may find streamlining absolutely necessary to deal with any bursts in traffic.

[_ck_]

In plain english it essentially replaces the need for things like “Sticky:” to be hard coded into templates. Long overdue but at least it got put in there finally.

However when making templates for backwards compatibility, you’d have to detect if that function exists before relying on it.

The only themes I’ve seen that uses it already outside of the built-in default is “K2 for bbPress” (and now my “FutureKind”).

It allows tricks like I’ve done to replace “sticky” with a post-it-note-like yellow rectangle. But it also could be filtered via plugin to change it to a little graphic icon, etc. which was impossible before the function existed.

[_ck_]

Think of attachments just like avatar uploads except they are attached to posts instead of users. Also, the interface has to be attached to the create/edit post instead of the profile. But it’s almost that “simple”.

However there are indeed huge security risks.

Anytime you have a 777 folder somewhere it can be dangerous and filetypes need to be filtered outside of their extension, etc.

(and no, this is one plugin I won’t be coding)

[_ck_]

I really like that idea of colored tabs at the top as “forums”. Very pretty and skips all the jargon that newbies won’t know.

(You did it with graphics instead of css, but still very clever.)

[_ck_]

Okay I have created a new plugin “Human Test” which will do some tests during registration to try to slow down the bots.

Eventually will do more tricky things like captcha and variable math but for version 0.01 it simply asks what the answer to 2+2 is.

I need to know if this still works with older versions and weird themes:

http://ckon.wordpress.com/files/2008/01/human-test.txt

Awaiting inclusion in the bbPress plugin depository for newer versions.

[_ck_]

Whew, after a bit of debugging I found the cookie issue with builds >1008 – and it was all my fault – my apologies!

I finally noticed in the changes from 1008 to 1009, that pluggable.php changed the functions that set the cookies. Then I had a sudden recall where I made an auto-load plugin to force year-long cookies (_cookie-year.php) which was now interfering with the function. Deleting the plugin allowed the logins to work.

So anyone that happens to be using _cookie-year.php will have to replace it when I get time to make an update.

[_ck_]

Thanks for the background Sam. For a moment I panicked about the cookie hash vulnerability as I have legacy WP 2.1 (and bbpress 0.81) installs that are too customized to upgrade (I hack security fixes in manually) but then I read this:

*If* an attacker can gain read access to the wp_user table, for example due to a publicly visible backup or SQL injection vulnerability, a valid cookie can be generated for any account.

You’ve got bigger problems if an attacker can do a SQL injection or has access to your mysql backup. But I can definitely understand why they replaced it. Who the heck figures these vulnerabilities out though, wow.

Since bbShowcase is stand alone bbPress (for now) I’ll give the upgrade another shot later and try to understand what’s going on with the cookies/login.

I take it that 0.8.3.1 doesn’t use the new cookies though? At some point you might need to release 1075 as 0.8.3.5 or something like that?

[_ck_]

Ugh, so an existing forum with 1000 users will have to instruct every single one to clear their cookies – meaning at least 50% won’t understand and try to contact the forum operator personally.

I think there is a better way – perhaps an upgrade plugin that can detect the out of date hash and instruct the client to delete the old cookie and redirect back to the login.

Actually, wouldn’t bbpress replace the hash data in the cookie upon login? None of this sounds right – I created a new user under 1075 and was still unable to login.

I’ve gotten build 1006 to work properly so I guess I will try another investigation into the upgrade from there tonight. I wonder if this has to do with the hard coded hash I have set in bb-config.php

How does this affect a setup with a shared login from wordpress where you have to match the same hash it has? I had the integration working just right, hope there was a good reason to fiddle with it.

[_ck_]

Installed on bbShowcase as a demo:

http://bbshowcase.org/forums/?bbtheme=MistyMorning-bbpress

However you need to test+fix it in Firefox.

While it looks okay in IE, there’s a float/clear problem in Firefox and Opera.

There’s also a overflow/width issue in Safari that I can’t quickly identify.

[_ck_]

I’ll probably be forced to join the dev list to try to solve this but I just tried moving from 951 to 1075 and I cannot get the logins to “stick” (ie. logs in and then acts as if it is not logged in)

Seems like the old cookie path issue but I’ve looked the cookies and the code and everything seems healthy. Even created a new user with 1075 and that user cannot login either.

eta: 1006 does not exhibit the login issue

ps. don’t kid yourself with Akismet stopping spam. Spammers just escalate their deviousness on what they can get through it. My wordpress.com blog gets spam almost daily now, bleeding right through Akismet. And Akismet hasn’t been given peer-review for privacy/security issues such as passing every single message entered on every single blog and bbpress through automattic – even for private posts and private sub-forums. Won’t make for good headlines when people start to think about it.

[_ck_]

Thanks for taking the time to write that up.

I guess my biggest question for now is if build 1075 should be treated as the most relatively stable build for alpha users.

I’ll say this to the day I abandon bbpress – adding trackbacks/pingbacks to it is the biggest waste of limited time and resources and will make the program the spammers target of choice while leaving it with the worst reputation.

ps. if Matt held some kind of contest I am sure a better name could be come up with than “TalkPress”. The problem is he wants to stick to that “press” suffix which implies a one-way communication for a something that is specifically for two-way interaction.

[_ck_]

Should build 1075 be treated as the last relatively stable build for now?

Any chance of a 0.84 release with all the pre-backpress fixes?

(why does dev use a 1990’s-style mailing list for it’s own *forum* software?)

[_ck_]

Ah I see we both noticed it at the same time.

(started another topic without realizing)

[_ck_]

This wouldn’t be related to “bozo” issues would it?

https://bbpress.org/forums/topic/fix-or-remove-bozo-function-before-it-kills-bbpress

Bozo is first thing I disable on a new bbpress install.

[_ck_]

I *still* find it hilarious that forum software uses a mailing list.

Developers should use the product they develop!

Email lists are so 1990’s

We should have a sub-forum here or if they aren’t willing I’d be happy to host on bbshowcase

[_ck_]

https://bbpress.org/plugins/topic/5

https://bbpress.org/forums/tags/images

[_ck_]

Nice job!

That’s a strange feature to use an email address that the person didn’t use to register but you made it work so I guess you made it work.

Remember that gravatars are going to be allowed up to 128×128 soon (so says Matt).

[_ck_]

I think there is indeed a gravatar for bbpress plugin but I like the more developed avatar plugin by Louise Dade.

A locally cached copy of a gravatar is always better than relying on the remote copy, even with the enhanced WP speed. Perhaps Louise’s can show the remote gravatar and give the member the option to use it as the default local. I’ve got a very large blog using gravatars and polling for a couple thousand members is a serious load issue with gravatars.

Then there is the issue of universal avatar support across bbPress<->WP which I don’t quite have working yet, I have to look at what other people have done.

In any case this is a good move for gravatars. But I simply cannot believe they built something with Ruby on Rails and were hoping to scale it for millions of users though. That’s going to have to be changed radically.

[_ck_]

If creating a new user and assigning them as a Keymaster works, then it’s obviously a problem where the user in the existing WP/WPMU table doesn’t have the correct role set by bbpress when it installs/configures itself.

For those that know what they are doing, you can examine the new, working admin user under phpmyadmin and compare them to the old non-working admin and see what’s different. I think roles are stored in the usermeta?

Unfortunately I personally don’t have the time/setup to try to hunt down the exact bug with this right now, but I bet there are plenty of people on those similar threads with experience who can tell you what’s wrong.

https://bbpress.org/forums/tags/wpmu

https://bbpress.org/forums/tags/keymaster

(also unfortunately this is yet another demonstration of bbpress integration weaknesses that must be fixed before it will be widely accepted by existing WP users. WP has a role editing table in the admin options, or might be a plugin, maybe that can be ported?)

[_ck_]

This might be a role assignment issue and you might have to edit the mysql tables by hand in phpmyadmin to fix it…

added – or try this?

https://bbpress.org/forums/topic/no-site-keymasters?replies=6#post-909

[_ck_]

What if someone within the company wants to pretend to be someone else and insult the manager on the forum? How would you authenticate who is who on the forum?

In any case what you probably want is the anonymous posting ability which I think a few people have tried hacking into bbPress with various success.

[_ck_]

Scrivs, could you tell me where to track your stats?

I can’t seem to find them.

You’re in the top1000 but I have no way of quantifying you otherwise. You can email me directly at bbpress.showcase -=at=- gmail.com if there is a private page/data I can use.

[_ck_]

Update: I figured it out easily after taking a break and looking at it with fresh eyes. I do a “clear:both” for the switcher and that was breaking your style. In fact yours is the only style I’ve encountered so far that it breaks, so this is a problem I will have to work on (for now just switching to clear:right)

Suggestion: maybe the views list should be moved under the login box so it persists across the entire forum? Or at least for the front page it should maintain the same kind of title block.

[_ck_]

I’m trying to track down why the side columns are not rendering (they are there in the view source, just some weird css issue) in my theme switcher:

http://bbshowcase.org/forums/?bbtheme=bb-bluesands

any ideas?

I can view your own demo in firefox (windows) just fine and the side columns show up. Weirdness.