Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: No Rights to create Forum as Key Master

This is apparently caused by servers running the Suhosin PHP hardening patch… it encrypts cookies. I was having a simlar problem about a year ago on another site:

Can’t post. Topic turns yellow. Can’t delete.

I found this plugin for WP that fixes it (in WP).. it’s apparently a bug in WP’s AJAX handling. Perhaps something similar is going on inside BBpress’ AJAX functionality?

http://sparepencil.com/code/ajax-referer-fix/

in pluggable.php (current)

if ( !function_exists('bb_check_ajax_referer') ) :
function bb_check_ajax_referer() {
if ( !$current_name = bb_get_current_user_info( 'name' ) )
die('-1');

$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
foreach ( $cookie as $tasty ) {
if ( false !== strpos($tasty, bb_get_option( 'usercookie' )) )
$user = substr(strstr($tasty, '='), 1);
if ( false !== strpos($tasty, bb_get_option( 'passcookie' )) )
$pass = substr(strstr($tasty, '='), 1);
}

if ( $current_name != $user || !bb_check_login( $user, $pass, true ) )
die('-1');
do_action('bb_check_ajax_referer');
}
endif;

From above mention (wordpress) plugin:

if (!function_exists('check_ajax_referer')) :
function check_ajax_referer() {
// Explode cookie data like WordPress normally does
$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
foreach ( $cookie as $tasty ) {
if ( false !== strpos($tasty, USER_COOKIE) )
$user = substr(strstr($tasty, '='), 1);
if ( false !== strpos($tasty, PASS_COOKIE) )
$pass = substr(strstr($tasty, '='), 1);
}

// This variable is set when cookie data was sent in an encrypted fashion
// For more information:
// * http://forum.hardened-php.net/viewtopic.php?pid=616
// * http://www.hardened-php.net/suhosin/
if(isset($_SERVER['RAW_HTTP_COOKIE']))
{
// Explode the raw (HTTP) cookie data using the WP method
$crypt_cookie = explode('; ', $_SERVER['RAW_HTTP_COOKIE']);
foreach ( $crypt_cookie as $tasty ) {
if ( false !== strpos($tasty, USER_COOKIE) )
$crypt_user = substr(strstr($tasty, '='), 1);
if ( false !== strpos($tasty, PASS_COOKIE) )
$crypt_pass = substr(strstr($tasty, '='), 1);
}
// Set $user and $pass to the decrypted values if the cookies match
if($crypt_user == $user && $crypt_pass == $pass)
{
$user = $_COOKIE[USER_COOKIE];
$pass = $_COOKIE[PASS_COOKIE];
}
}

if ( !wp_login( $user, $pass, true ) )
die('-1');
do_action('check_ajax_referer');
}
endif;

Skip to toolbar