Ah ok. Let’s backtrace:
bb_new_user
$wp_users_object->new_user
WP_users::_put_user
WP_Pass::hash_password
$wp_hasher->HashPassword
PasswordHash::crypt_private
file bb-include/backpress/class.passwordhash.php line 113. The original comment:
# We’re kind of forced to use MD5 here since it’s the only
# cryptographic primitive available in all versions of PHP
which is true.
The annoying part is that despite the RewriteBase directive all rewrite rules in .htaccess are in the form:
RewriteRule ^the-page/(something)/?$ /forum/index.php?the-page=$1 [L,QSA]
so you need to change all the rules. Or you can switch to numeric mode and then switch back to name-based permalink mode and maybe bbPress will auto-fix it for you.
Well you have the same user database so you can easily access the user email. You should write a plugin that override the gravatar display functions (through the bb_get_avatar filter) and catch the images in /avatars (if exist). Sort of “Add Local Avatar” counterpart for bbPress.
This can be challenging without medium PHP knowledges.
and uploads an avatar (global or local)
It seems that you are using a plugin (Add Local Avatar) that allow your users to upload avatars on WordPress. bbPress use gravatar and cannot automagically determine that you are using that particular WordPress plugin.
bbPress is a standalone software that can share session cookie and the users database with WordPress. Nothing more.
You did use an email registered on gravatar.com?
It’s very easy to do if you know a little of jQuery. Check the template file front-page.php.
md5 checksum stored in the user_pass column of database table bb_users. No salt.
Always wrap PHP code inside script tags
<script language="PHP">echo phpversion()</script>
also remember to make the change explained here: https://bbpress.org/forums/topic/admin-can-paste-php-code-in-post?replies=28#post-71965
Can you please explain what do you mean about production environment?
A public site. The code isn’t tested at all.
Ops, substitute za_ep_filter with:
function za_ep_filter($text)
{
$eval_text = "?>$text";
ob_start();
eval($eval_text);
$ret = ob_get_contents();
ob_end_clean();
return $ret;
}
<?php
/*
Plugin Name: zaerl Eval PHP
Plugin URI: http://www.zaerl.com
Description: execute PHP code posted by admins
Author: zaerl
Author URI: http://www.zaerl.com
Version: 0.1
zaerl Eval PHP: execute PHP code posted by admins
Copyright (C) 2010 Francesco Bigiarini
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
define('ZA_EP_VERSION', '0.1');
define('ZA_EP_ID', 'za-eval-php');
define('ZA_EP_NAME', 'zaerl Eval PHP');
function za_ep_filter($text)
{
$eval_text = "?>$text";
eval($eval_text);
}
function za_ep_allow_tag($tags)
{
$tags['script'] = array('language' => array());
return $tags;
}
function za_ep_initialize()
{
global $bb_current_user;
if($bb_current_user && $bb_current_user->has_cap('administrate'))
{
add_filter('bb_allowed_tags', 'za_ep_allow_tag');
add_filter('post_text', 'za_ep_filter');
}
}
add_action('bb_init', 'za_ep_initialize');
?>
example: I'm running PHP <script language="PHP">echo phpversion()</script>
Keep in mind that this code isn’t suitable for production environment.
No. bbPress is a standalone software. You need a theme that resemble the one you use in WordPress
can be VERY dangerous and should be avoided when possible.
Indeed but the title is Admin can paste PHP code in post.
That “don’t work” means? No cookie set?
BTW in a forum based system, how would you deal with two dozen users that insisted on using “Greg” as their display name and similar avatars?
You adopt my strategy https://bbpress.org/forums/topic/taking-a-look-at-bbpress-09#post-71655
bbPress and WordPress use gravatar which is the same service.
Actually BuddyPress is doing the wrong thing. In bbPress:
forum/topic/topic-name/ redirects to forum/topic/topic-name
so there are no duplicated content, in BuddyPress:
forum/topic/topic-name/ and forum/topic/topic-name point to the same content which is a very bad thing.
http://tr.im/ is actually overloaded and it output an xhtml error page that is injected on your page. See row 111.
It seems that: https://bbpress.org/plugins/topic/social-it/ doesn’t handle this kind of error.
This is what happened. I said:
Try again to contact him. I have a modified version of bbPM with 1), 2) and 3) but I don’t share it cause the nightgunner5 is active in this site.
In my opinion a mere fork is a bad idea when the original author is still around. I have built zaerl Visibility on top of hidden forums cause _ck_ wasn’t active in the last X months.
Then the plugin has been announced. So I dediced that writing plugin will not be funny anymore. I have announced this in my 7 plugins pages:
bbpress.org/plugins/topic/zaerl-editor/page/2/#post-5992
bbpress.org/plugins/topic/zaerl-random-description/#post-5993
bbpress.org/plugins/topic/zaerl-visibility/page/3/#post-5994
bbpress.org/plugins/topic/zaerl-simple-registration/#post-5995
bbpress.org/plugins/topic/zaerl-url-preview/#post-5996
bbpress.org/plugins/topic/zaerl-post-permalink/#post-5997
bbpress.org/plugins/topic/zaerl-wordpress-3-integration/#post-5998
(no direct link in order to not be triggered as spam.)
That’s it.
If I changed my display name to _ck_, I would still be marked as “Member”
But if you change your name in “zaerl” and you put on my same avatar then you will look exactly like me (at first sight obviously, the profile page is different.)
I allow my users to use the display name and implicitly to have the same name/surname/nickname but I use a plugin that transform “The Display Name” to “The Display Name (the_login_name)” so these is no confusion. Also I use another plugin that prevent users for taking a list of display names like: Administrator, Moderator, Key Master etc.
offical bbpress fork
There’s an official bbPress fork?
