Jason Giedymin (@jason_jm)

Forum Replies Created

Viewing 25 replies - 26 through 50 (of 50 total)
  • Personalization has moved to buddypress. This is what you want. Just disable eveything you don’t.

    Try Mu 2.7.1, bbpress v1 (just released) and integration plugin v1 (just released). Do this without SSL. More importantly follow the screencast with a FRESH INSTALL + Empty DB.

    SSL is another matter and you can’t move on if you haven’t gotten plain auth working first.

    I would flag this as resolved and post again if you have a problem with the new software.

    How about changing this to resolved? I saw you were happy with v1.0.

    “Why logged in users can’t have cached pages? (This is what I am not able to understand)”

    Because when you log in your given headers with cache control = “no-cache”.

    We run a varnish head and cluster on top of another farm running nginx. Having said that we’ve changed our forum index to link the login page. Meaning users must navigate to that page to log-in. This allows us to cache the front page (for a short time) on varnish.

    We manually force the cache on some pages (rejecting all cookies first).

    Forum content gets updated frequently, and you don’t want to cache user logged in sessions or content that changes as speedily as forums. In this I completely agree with how automatic has done it and everyone else out there should take this model as a good base.

    If you want cache your best non-destructive option is memcached server.

    Cash Helps…

    I confirm it can work. I have it working in both HTTP and HTTPS, that is logging in to anyone one will log you into the other as well. This is the preferred most users seek.

    Flagged as resolved, see (in order, each a diff patch):

    https://trac.bbpress.org/ticket/1136

    https://trac.mu.wordpress.org/ticket/1014

    https://bbpress.org/forums/topic/bbpress-10-released/page/3 [Do a search for “Proposed Patch for integration plugin”]

    How about buddypress? Comments (activity) show up in the profile (which is shared amongst the sites).

    Having a self contained username universe (pretty usernames) and not relying on composite user+domain login can be useful.

    Either way there is an Ldap plugin for WordPressmu: http://wpmuldap.frozenpc.net/

    In reply to: bbPress 1.0 released

    I’m suprised the cgi rewrites didn’t transform these. Check your perms, do a chmod -R 777 just to see

    In reply to: bbPress 1.0 released

    Correct.

    In wpmu: define both force sll keys (admin an the other one I forget)

    In bbp: define force ssl login and user forms

    Make sure your not using adminssl plugin (at first?)

    Independently of each other that is how you would enable use of ssl, as long as your webserver is ready to accept and configured correctly to use https.

    It’s integration where things break and you’ll need three patches.

    Time for bed…Zz…

    .

    In reply to: bbPress 1.0 released

    bbpress trac ticket for wp_admin_cookie_path issue when using wpmu.

    https://trac.bbpress.org/ticket/1136

    In reply to: bbPress 1.0 released

    Also, I had to put into my bb-config.php the below so that logging in via bbpress will allow login to wpmu admin page.

    // Not defining below will not create /wp-admin cookie in current bbpress 1.0. Required for SSL.

    // Guess this could be another bug as well.

    $bb->wp_admin_cookie_path=’/wp-admin’;

    In reply to: bbPress 1.0 released

    Trac Submission and patch for 2.7.1 if you demand SSL. Requires patch to integration plugin as well.

    https://trac.mu.wordpress.org/ticket/1014

    In reply to: bbPress 1.0 released

    I found the bug. Trac ticket submitted. Dang hard one to find.

    I have SSL working back and forth, forth and back etc…………

    Track patch + integration patch required.

    I have wasted my weekend on this one.

    – Jason Giedymin

    In reply to: bbPress 1.0 released

    Proposed Patch for integration plugin:

    function bbpress_integration_set_bb_cookies( $uri, $expire = false, $expiration = ”, $user_id = ” )

    {

    if ( !$uri_parsed = @parse_url( $uri ) ) {

    return false;

    }

    $secure = false; //Default no auth

    if ( force_ssl_login() || force_ssl_admin() )

    {

    $secure = true; //Will create secure flagged cookies

    }

    (I’m still going through my debug)

    In reply to: bbPress 1.0 released

    SSL? With force ssl?

    In reply to: bbPress 1.0 released

    If anyone can get WPMU 2.7.1 + BB1.0 working with:

    – SSL

    – Subdomains

    – main Blog is the root of the mu install

    Let me know because out of the box I don’t think it’s possible. What am I doing wrong?

    In reply to: bbPress 1.0 released

    This is a good manual way of upgrading below.

    – Create a new database, call it wordpress2 or 3 or whatever. Make sure it is different from the database in use.

    – Choose Option A or B Below:

    Option A

    – Backup (because you’ll be overwriting the old files) your http folder the server points to.

    – If your httpdocs folder is called: [httpdocs] then: mv [httpdocs] [httpdocs_backup]

    Option B

    – Create a new directory, with correct permissions.

    – Tell your webserver to serve from this new location

    – Install wordpress and bbpress and assign it to use the new wordpress database.

    – Get all functionality working, like integration plug-ins etc…

    – Once it all works, backup the httpdocs folder. [tar -cvjf httpdocs.bz2 httpdocs] This is a good step as you can now take these working configs and stick it into a new upgraded wordpress.

    – Go back and restore the old wordpress because now you will upgrade.

    – Install wordpress first. Install using the Old database name, when it asks you to upgrade the database, do so.

    – Install bbpress, do the same as above.

    – take your Config file from the test run above, and copy them into your upgrade.

    Personally, I do a complete backup on a schedule and just manually run the script again for when I do an upgrade. This script will backup all my http/https folders, my server configs, and my database all in one shot. If anything gets messed up I just do a restore and It’s like starting from scratch. No matter how messed up things get. You might want to think about that. If there is enough demand I will gladly publish these helpful scripts.

    Here is the latest integration rundown. I first lay out some helpful hints to those out there looking for them, and toward the bottom I point out something which the integration plug-in does not properly handle. That is the HTTPS secure cookie upon logging out. Depending on your setup this may cause issues. Most of the time you’ll be ok. If your like us and have added a proprietary layer of security for internal use only, you like to make sure when your secure cookies expire they expire asap and are completely gone.

    I recommend maybe, just a suggestion as I’m not privy to the dev’s stream of intentions to query if ‘BB_FORCE_SSL_xxx…’ is set. This is probably a much better indication of scheme than relying on the database option only. I know your busy Sam and that wpmu integration is like the last thing on your list. However, some of the code base is already merging.

    Noteables: Step #6, Step #7

    But before you continue:

    1.) Disable Your Cache Server (Varnish/Squid). Go straight to your webserver (Eliminate other causes.)

    2.) Get Integration working on plain http first. DO NOT define any force SSL/Admin anywhere on either wpmu/wp/bbpress.

    3.) Go back and integrate if you can’t get #2 done. Some helpful hints that work:

    3a.) Install wp/wpmu

    3b.) Install bbpress

    3c.) Install integration plugin for wp. In the option where it says complete URL, that means “http://mysite.com” and not “mysite.com”. If your _only_ (meaning 100% of the time) ever going to use HTTPS then go ahead and define HTTPS.

    3d.) I made sure all key/salts were setup in wp first, and then mirrored them into bb-config prepending BB_ in front of each Define. I defined manually: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT, LOGGED_IN_SALT, AND SECURE_AUTH_SALT (7 in total defines).

    Once you have HTTP squared away Proceed with SSL:

    4.) The integration plugin will try do some things for you in the backend, it will actually try to do all the cookie work for you. However it works off values you set via the integration option page and your wpmu site options.

    To take control of a few options, go ahead and define MANUALLY the following: (just as the plug-in suggests and more sometimes):

    COOKIEHASH, COOKIE_DOMAIN, SITECOOKIEPATH, and COOKIEPATH.

    5.) Add to wp-config.php:

    define(‘FORCE_SSL_LOGIN’, true);

    define(‘FORCE_SSL_ADMIN’, true);

    6.) Add to bb-config.php:

    define(‘BB_FORCE_SSL_USER_FORMS’, true);

    define(‘BB_FORCE_SSL_ADMIN’, true);

    7.) The kicker for me since I’m using MU Subdomains, i HAD to put into my bb-config:

    $bb->cookiedomain=’.mydomain.com’ //Yes, with the dot before the domain.

    (This is literally the only direct access object config I set in my PHP file. All the rest is handled by ‘DEFINE’ )

    Up to this point you should have integration with HTTP and HTTPS. Back and forth, forth and back, every which way. You should have it done without any manual speed up accessors. If it works, go ahead and add them but make sure you set them correctly. If your fanatical about security then cross the line, otherwise go get a beer, woman or pillow whatever.


    The Line


    8.) Log into BBpress. Goto your main blog, and wp will see you have a ‘logged_in’ cookie. Will display the site_admin link. Just go ahead and click log out.

    9.) Logging out will log you out, except a few cookies are left over. This is because the integration plug-in never inspects the HTTPS scheme properly. It will always look for HTTP. Test this by editing line 182 in the plugin file to read:

    $secure = true; //Don’t forget to change me back to false (default).

    10.) Repeat, and you’ll notice your cookies (the ones which matter) get blown away.

    Notes:

    – If you install WPMU 2.8 Alpha/Beta/Etc… you must _NOT_ enable

    define( ‘WP_AUTH_COOKIE_VERSION’, 1 )

    as the plugin suggests.

    – I DID NOT use any of the “speed up” manual configs which the bbpress integration tool points out. If you can’t get it working without these settings, adding them may not help at all and masks your real issue which is some other settings are screwed.

    – you NEED to make sure your URLs are correct. That means every single URL defined in your database in any meta table, options etc… Especially the case with the integration plugin.

    Just started debugging but looks like the plugin reads the scheme from the URL stored option of the integration plugin. If your using secure it will never flag secure if using force ssl.

    the defines worked. However logging out does not clear nor log me out of bbpress when I’ve logged on via wpmu. I’ll xdebug tonight, any pointers or things I should check? I have 7 cookie keys/salts define in both configs and all are identical. No go. Thanks guys, -J

    Btw I also created the records on the database too, no go.

    I created the defines in both config files, matching. No dice.

    Need a definitive breakdown no facade of what really is required for secure authorization. Feel like a quick write up?

    WPMU Trunk + bbPress Latest RC + Integration Plugin with:

    define(‘FORCE_SSL_LOGIN’, true);

    define(‘FORCE_SSL_ADMIN’, true);

    Does not work. Setting the values to false (disabling SSL/HTTPS), integration works great. However when it comes to SSL, forget it. I’m going to say it’s impossible. :-)

    We need SSL to work across software packages, security is paramount.

    Any help from anyone or the devs, let me know.

    Again, this is a SSL WPMU install.

Viewing 25 replies - 26 through 50 (of 50 total)