Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: No Rights to create Forum as Key Master


Nola1974
Participant

@nolageek

16 years, 1 month ago

This is apparently caused by servers running the Suhosin PHP hardening patch… it encrypts cookies. I was having a simlar problem about a year ago on another site:

Can’t post. Topic turns yellow. Can’t delete.

I found this plugin for WP that fixes it (in WP).. it’s apparently a bug in WP’s AJAX handling. Perhaps something similar is going on inside BBpress’ AJAX functionality?

http://sparepencil.com/code/ajax-referer-fix/

in pluggable.php (current)

if ( !function_exists('bb_check_ajax_referer') ) :

function bb_check_ajax_referer() {

if ( !$current_name = bb_get_current_user_info( 'name' ) )

die('-1');



$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie

foreach ( $cookie as $tasty ) {

if ( false !== strpos($tasty, bb_get_option( 'usercookie' )) )

$user = substr(strstr($tasty, '='), 1);

if ( false !== strpos($tasty, bb_get_option( 'passcookie' )) )

$pass = substr(strstr($tasty, '='), 1);

}



if ( $current_name != $user || !bb_check_login( $user, $pass, true ) )

die('-1');

do_action('bb_check_ajax_referer');

}

endif;

From above mention (wordpress) plugin:

if (!function_exists('check_ajax_referer')) :

function check_ajax_referer() {

// Explode cookie data like WordPress normally does

$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie

foreach ( $cookie as $tasty ) {

if ( false !== strpos($tasty, USER_COOKIE) )

$user = substr(strstr($tasty, '='), 1);

if ( false !== strpos($tasty, PASS_COOKIE) )

$pass = substr(strstr($tasty, '='), 1);

}



// This variable is set when cookie data was sent in an encrypted fashion

// For more information:

// * http://forum.hardened-php.net/viewtopic.php?pid=616

// * http://www.hardened-php.net/suhosin/

if(isset($_SERVER['RAW_HTTP_COOKIE']))

{

// Explode the raw (HTTP) cookie data using the WP method

$crypt_cookie = explode('; ', $_SERVER['RAW_HTTP_COOKIE']);

foreach ( $crypt_cookie as $tasty ) {

if ( false !== strpos($tasty, USER_COOKIE) )

$crypt_user = substr(strstr($tasty, '='), 1);

if ( false !== strpos($tasty, PASS_COOKIE) )

$crypt_pass = substr(strstr($tasty, '='), 1);

}

// Set $user and $pass to the decrypted values if the cookies match

if($crypt_user == $user && $crypt_pass == $pass)

{

$user = $_COOKIE[USER_COOKIE];

$pass = $_COOKIE[PASS_COOKIE];

}

}



if ( !wp_login( $user, $pass, true ) )

die('-1');

do_action('check_ajax_referer');

}

endif;

Forums

Views

Feeds

Tags

404 admin akismet alpha Anonymous avatar bbpress breadcrumbs buddypress bug cookies css custom database email error Forum forums freshness getting started help htaccess i18n import install installation integration keymaster language localization login menu Moderation mod_rewrite notifications Page pagination password permalink Permalinks permissions PHP phpBB plugin plugins post posts private problem profile redirect register registration replies reply roles RSS search shortcode Shortcodes sidebar spam Sticky tags template templates theme themes TinyMCE topic topics translation upgrade URL user username users widget WordPress wpmu
Skip to toolbar