[Sam Bauers]

I’d like to put this out to the community as that is where the real support for bbPress comes from in the end. How long should we maintain support for bbPress 0.9?

As long as bbPress 0.9 is maintained some time will have to be spent maintaining the 0.9 branch, mostly with regards to security fixes. I don’t see this as particularly burdensome, but I don’t want to be doing it forever.

Given that plugins and themes will take some time to transition to 1.0 as well I think that support should extend for a reasonable amount of time.

I’m thinking somewhere between 12 and 18 months would be sufficient. People helping out here can inevitably decide for themselves whether they deal with 0.9 issues, but it would be good to set a cutoff date.

[polldaddy poll=”1759316″]

[Sam Bauers]

For those not using the XML-RPC functionality (95% of you) I strongly recommend you delete xmlrpc.php immediately after install. Several of WordPress’s security issues over the years have been through that API.

Doing that will also disable the ability to receive ping-backs.

[johnhiler]

Ah, some other users have reported similar issues getting that plugin to work with the alphas… this tweak seems to have done the trick:

https://bbpress.org/plugins/topic/avatar-upload/page/6/#post-2145

Are you on 1.0? Maybe the tweak will work on 1.0 as well…

[berder]

I’ve installed the Bavatars and it’s works perfectly!

[clarklab]

I just wussed out on a real fix and started using _ck_’s plugin, ‘Post Count Plus’ ( https://bbpress.org/plugins/topic/post-count-plus/ )

One of its options is lets you select where the username link points to. Aside from that its got a handful of other useful options. Good stuff.

[berder]

avatar-upload.0.8.3

[johnhiler]

I think there are a few different avatar plugins… which one are you using?

[berder]

Hi,

I have installed all the files (I thing correctly), but when I click the “Avatar” tab in the user profile page, it getting me to the forum homepage?

Do you know what is the problem?

Thank’s!

[johnhiler]

Regarding bbPM… which version of the plugin are you using? There’s a mention of a “development version” of the plugin in the comments of the plugin page…

Also, there was some mention of similar issues from other users using bbPM with the 1.0 release:

https://bbpress.org/plugins/topic/bbpm/page/6/#post-3781

Have you experimented with htaccess edits?

https://bbpress.org/plugins/topic/bbpm/page/4/#post-3549

[OKTeaRoom]

Hi,

I just recently installed bbpress 1.0 rc3 and today upgraded to 1.0.

I believe I have either set something up wrong or there is something wrong with my database and I’m hoping someone help point me to a solution.

First, the forum is at http://www.oktearoom.com/forum

Ok…problems:

1. bbPM – When I hit send on a PM I get:

Forbidden

You don’t have permission to access /forum/my-plugins/bbpm/pm.php on this server.

2. BBcode Buttons Toolbar

Not showing up at all and and there is no change if this plugin is activated or deactivated.

3. bbPress Smilies

All of the smilies appear as ?’s even though I believe i installed this plugin correctly.

I just thought I’d give you all the details of the problems I’m having since they are all plugin related and thank you in advance if there is any advice you can give me.

Happy 4th of July to the American and to everyone else I hope you’re having a great weekend!

Thanks for taking the time to read my newb post.

[Dreamcolor]

bbPress 1.0 Simplified Chinese Translation.

You can download it in URL below.

http://wpcn.googlecode.com/files/bbPress.1.0.Simp.Chinese.pack.only.v1-wpcng.zip

There maybe still have some translation bugs. So please let me know and I will fix it.

[Jason Giedymin]

Here is the latest integration rundown. I first lay out some helpful hints to those out there looking for them, and toward the bottom I point out something which the integration plug-in does not properly handle. That is the HTTPS secure cookie upon logging out. Depending on your setup this may cause issues. Most of the time you’ll be ok. If your like us and have added a proprietary layer of security for internal use only, you like to make sure when your secure cookies expire they expire asap and are completely gone.

I recommend maybe, just a suggestion as I’m not privy to the dev’s stream of intentions to query if ‘BB_FORCE_SSL_xxx…’ is set. This is probably a much better indication of scheme than relying on the database option only. I know your busy Sam and that wpmu integration is like the last thing on your list. However, some of the code base is already merging.

Noteables: Step #6, Step #7

But before you continue:

1.) Disable Your Cache Server (Varnish/Squid). Go straight to your webserver (Eliminate other causes.)

2.) Get Integration working on plain http first. DO NOT define any force SSL/Admin anywhere on either wpmu/wp/bbpress.

3.) Go back and integrate if you can’t get #2 done. Some helpful hints that work:

3a.) Install wp/wpmu

3b.) Install bbpress

3c.) Install integration plugin for wp. In the option where it says complete URL, that means “http://mysite.com” and not “mysite.com”. If your _only_ (meaning 100% of the time) ever going to use HTTPS then go ahead and define HTTPS.

3d.) I made sure all key/salts were setup in wp first, and then mirrored them into bb-config prepending BB_ in front of each Define. I defined manually: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT, LOGGED_IN_SALT, AND SECURE_AUTH_SALT (7 in total defines).

Once you have HTTP squared away Proceed with SSL:

4.) The integration plugin will try do some things for you in the backend, it will actually try to do all the cookie work for you. However it works off values you set via the integration option page and your wpmu site options.

To take control of a few options, go ahead and define MANUALLY the following: (just as the plug-in suggests and more sometimes):

COOKIEHASH, COOKIE_DOMAIN, SITECOOKIEPATH, and COOKIEPATH.

5.) Add to wp-config.php:

define(‘FORCE_SSL_LOGIN’, true);

define(‘FORCE_SSL_ADMIN’, true);

6.) Add to bb-config.php:

define(‘BB_FORCE_SSL_USER_FORMS’, true);

define(‘BB_FORCE_SSL_ADMIN’, true);

7.) The kicker for me since I’m using MU Subdomains, i HAD to put into my bb-config:

$bb->cookiedomain=’.mydomain.com’ //Yes, with the dot before the domain.

(This is literally the only direct access object config I set in my PHP file. All the rest is handled by ‘DEFINE’ )

Up to this point you should have integration with HTTP and HTTPS. Back and forth, forth and back, every which way. You should have it done without any manual speed up accessors. If it works, go ahead and add them but make sure you set them correctly. If your fanatical about security then cross the line, otherwise go get a beer, woman or pillow whatever.

---

The Line

---

8.) Log into BBpress. Goto your main blog, and wp will see you have a ‘logged_in’ cookie. Will display the site_admin link. Just go ahead and click log out.

9.) Logging out will log you out, except a few cookies are left over. This is because the integration plug-in never inspects the HTTPS scheme properly. It will always look for HTTP. Test this by editing line 182 in the plugin file to read:

$secure = true; //Don’t forget to change me back to false (default).

10.) Repeat, and you’ll notice your cookies (the ones which matter) get blown away.

Notes:

– If you install WPMU 2.8 Alpha/Beta/Etc… you must _NOT_ enable

define( ‘WP_AUTH_COOKIE_VERSION’, 1 )

as the plugin suggests.

– I DID NOT use any of the “speed up” manual configs which the bbpress integration tool points out. If you can’t get it working without these settings, adding them may not help at all and masks your real issue which is some other settings are screwed.

– you NEED to make sure your URLs are correct. That means every single URL defined in your database in any meta table, options etc… Especially the case with the integration plugin.

[bradsucks]

Congratulations on the release!

[dzver2]

I’ve just upgraded to 1.0. I have bbpress integrated with custom website, not WP.

1. pluggable.php is changed to functions.bb-pluggable.php.

2. some functions are renamed from wp_ to bb_, others aren’t.

3. bb_auth() is used sometimes. And sometimes is not.

4. localization directory is changed.

As a result, my forum needed second full integration. I had to add bb_auth() at the bottom of my bb-custom-pluggable.php to maintain user login, with $wp_auth_object->set_current_user($id) inside.

[Marcomail]

i’ve installed a fresh version of bbpress 1.0 on wordpress wp 2.8 and seems work good, but it’s the first time i use bbpress, i’ve integrated users and cookie

[Marcomail]

i’d use only registration and login page of wordpress, so i can delete this two bbpress pages ?

[Jason Giedymin]

Just started debugging but looks like the plugin reads the scheme from the URL stored option of the integration plugin. If your using secure it will never flag secure if using force ssl.

[Marcomail]

this https://wordpress.org/extend/plugins/md5-password-hashes/

now it works good, but if i login on bbpress the user password it’s converted in phpass format, if i login on wordpress the password it’s converted on md5 format.

i’d delete the login on bbpress, so i think it’s not necessary install the bbpress plugin

[_ck_]

Gravatars should be done 100% via a plugin and not integrated into WordPress/bbPress in the first place. I never did understand why they were hardcoded in, except perhaps a push by Matt after they bought the service.

It should be done exactly like akismet and bozos.

[_ck_]

People can register via my OpenID plugin, it’s just your install where you cannot.

You can disable the registration on one side or the other and force all registration though WP or bb as desired.

[_ck_]

For those not using the XML-RPC functionality (95% of you) I strongly recommend you delete xmlrpc.php immediately after install. Several of WordPress’s security issues over the years have been through that API.

[Marcomail]

Thanks, i’m using wordpress 2.8 and bbpress 1.0

[Ipstenu (Mika Epstein)]

*blinkblink* WOW. Yeah, don’t move yet! Make a test forum and test out all those on there. There’s a list of plugins that work on RC1/RC2 that will give you a starting point for what ones should work…

Allow-Images is messed up and doesn’t work anymore.

[johnhiler]

This plugin allows you to use MD5 hashing in bbPress (not sure if it works in v 1.0 though):

https://bbpress.org/plugins/topic/md5-insecurity-for-bbpress/

What versions of WordPress and bbPress are you using?

[Marcomail]

I’m using a plugin to convert user password on wordpress to MD5, is it a problem if i integrate bbpress on wordpress ?