[_ck_]

Security considerations and table of contents added.

A bit more later.

Ragekage, to make a plugin, just copy all of the code for the function from pluggable.php inbetween the IF statemate and then edit as desired. Add the simple plugin comment header and save to your desired filename.

[malfhok]

Actually, I’ve been logged into both admins since I upgraded, and it hasn’t asked for my password since the initial upgrade. Any ideas why I’m seeing this “bug” and nobody else is?

Serious, though. Nobody take that as a sure sign that bbPress 0.9 works with WP 2.6. _ck_ knows more about bbPress than I do.

[_ck_]

== Security Considerations when Integrated ==

If for some reason you are on a shared server that uses subdomains and you do not own/control the entire domain (ie. myblog.example.com johnsblog.example.com) or your URL has a tilde in it (“~”) ie. example.com/~myblog/ and you do not own the entire domain (ie. earthlink.com) my cookie advice above is not a good idea and you will have to customize – ask for help.

The reason why is related to some of the cookie changes in WordPress 2.6 – essentially cookies set to the

domain of “.example.com” will get transmitted to the server for ANY subdomain on the server (myblog.example.com will also see the cookies for johnsblog.example.com) The same thing goes for the cookie path in that cookies set to the path of webroot (“/”) will be sent to both example.com/~myblog/ as well as example.com/~johnsblog/ – malicious code on another subdomain or path could snoop on the cookies and steal your admin access to your blog/forum or pretend to be another user.

WordPress 2.6 (and a future version of bbPress) use separate cookies for admin access that can be locked down to very specific paths as well as different cookies for SSL access. This is an attempt to make sure that cookies which give admin access get transmitted as little as possible and only to the specific server/account that needs it so snooping hackers can’t spoof you.

Note this is only a concern if you do NOT control your own server (ie. other people can run PHP on YOUR domain name) or perhaps if you run a WPMU setup. Otherwise, setting the dotted cookie domain and webroot path is the simplest way to get integration cookie sync.

[_ck_]

== The Shared User List (table) ==

The most essential concept to all integration is that WordPress and bbPress just share the same list of users in the database.

This is where some people make a mistake right at the start and accidentally create or keep using two separate copies of the user lists (usually one complete with many users and the other just themselves because it’s a fresh install of bbPress).

If you find that after your integrated install of bbPress that it cannot “see” any of your WordPress uses, you must check that bbPress is using both the correct DATABASE, and the correct TABLE.

The most common name for the user table is called WP_USERS

The WP_ is what we call the prefix and indicates that it’s part of WordPress by default. If bbPress is running by itself and not integrated, the prefix is likely BB_. Unless you are doing reverse integration and don’t want to change the table name, there is a 99.9% chance that your user table should be WP_USERS.

If your bbPress cannot see the WordPress users, check your “User database table prefix” in the bbPress integration admin menu OR add this to the bottom of bb-config.php

$bb->wp_table_prefix = 'wp_';

[_ck_]

== Instant Integration for Power Users ==

If you’ve just installed bbPress 0.9 into a WordPress 2.5 website and followed the integration setup questions but it’s just not integrating correctly and you feel you are fairly web savvy you can try this “shortcut”. (Or read the other posts below for more “theory”.)

** If you have lost admin access entirely, do steps #4+ first and then come back to 1,2,3

1. open this url in a browser window to edit:

http://your-website-url.com/bbpress/bb-admin/options-wordpress.php

(/bbpress/ is your install directory for bbpress)

2. open this url in another browser window for reference:

http://your-website-url.com/wordpress/wp-admin/options.php

(/wordpress/ is your install directory for wordpress)

3. you MUST copy the secret text

from /wordpress/wp-admin/options.php

to WordPress database secret

on /bbpress/bb-admin/options-wordpress.php

They *MUST* be IDENTICAL

4. open to Edit bb-config.php in the bbPress directory

5. open to Edit wp-config.php in the WordPress directory

6. bbPress 0.9

the define("SECRET_KEY","blahblahblah") in

your WordPress wp-config.php MUST MATCH the

define("BB_SECRET_KEY","blahblahblah") in

your bbPress bb-config.php

bbPress 1.0

instead of SECRET_KEY in 1.0 there are 3 replacements

AUTH_KEY

SECURE_AUTH_KEY

LOGGED_IN_KEY

you can go here to generate a complex secret_key(s):

bbPress 0.9: https://api.wordpress.org/secret-key/1.0/

bbPress 1.0: https://api.wordpress.org/secret-key/1.1/

(note you must add the BB_ part for the bb-config.php)

7. Copy all these items into the bottom of bb-config.php and edit as required:

$bb->wp_siteurl = 'http://your-site-url.com/blog/';

// that’s your WordPress URL, not bbPress

$bb->wp_home = 'http://your-site-url.com/blog/';

// almost always the same as siteurl unless you tinker

$bb->wp_table_prefix = 'wp_';

// should almost always be wp_ unless you tinkered

$bb->user_bbdb_name = 'username_wordpress';

// this is the MYSQL database name for *WordPress*

// you can copy it right out of WordPress !

$bb->user_bbdb_user = 'username_wp';

// this is the MYSQL user name for *WordPress*

// you can copy it right out of WordPress !

$bb->user_bbdb_password = 'blahblahblah-changeme';

// this is the MYSQL password for *WordPress*

// you can copy it right out of WordPress !

$bb->user_bbdb_host = 'localhost';

// 99.9% of the time it’s going to be localhost, unless you are on DreamHost or some other weird ISP

$bb->custom_user_table = 'wp_users';

// 99.9% of the time it’s going to be wp_users

$bb->custom_user_meta_table = 'wp_usermeta';

// 99.9% of the time it’s going to be wp_usermeta

$bb->authcookie = 'wordpress_12345678901234567890123456789012';

// in theory you should be able to leave this out

// but this is going to be copied from WordPress cookie

// this *must* match the WordPress setting

// do NOT use the 1234567 part, use your own cookiehash from WordPress – see the note at the very bottom

$bb->cookiedomain = '.your-domain-name.com';

// note the leading DOT – this is important

// this *must* match the WordPress setting

$bb->cookiepath = '/';

// I *highly* recommend you set the cookie path to /

// this *must* match the WordPress setting

$bb->sitecookiepath = '/';

// I *highly* recommend you set the cookie path to /

// this *must* match the WordPress setting

8. Copy all these items into the bottom of wp-config.php and edit as required:

$wp->cookiedomain = '.your-domain-name.com';

define(COOKIE_DOMAIN,'.your-domain-name.com');

// note the leading DOT – this is important

// we list both for WordPress legacy compatibility

$wp->cookiepath = '/';

$wp->sitecookiepath = '/';

define('COOKIEPATH', '/' );

define('SITECOOKIEPATH', '/');

// I *highly* recommend you set the cookie path to /

---

Once you get all of the above in sync, you definitely should have login integration between WordPress and bbPress. If not, you’ve either made a typo/mistake or you have a more complex setup (ie. reverse integration)

The hardest part of the above might be the wordpress cookie hash (authcookie). In theory you should be able to leave it out and bbPress should automatically create the same hash as WordPress if the secret keys and salt are the same but sometimes it gets it wrong for one reason or another and you have to force it to be correct.

Unfortunately WordPress does not list the cookie hash on the options page and if you don’t know how to examine your wordpress cookies, this is impossible. Fortunately there is a plugin to look at (and even change) your wordpress cookies:

http://www.2diabolos.com/blog/wp-content/uploads/_setCookieParams.zip

or you can use this bookmarklet to show all the cookies your browser has for a website:

http://javascript.about.com/library/blbcookie.htm

[724719]

ok i found out how to put bbPress in WP . all i did was put this in wp-config.php:-

define('ABSPATH', dirname(__FILE__).'/');

require_once(ABSPATH.'wp-settings.php');

require_once('path/to/bbpress/config.php');

?>

…..But how do I show a list of the latest 5 topics ?

[parthatel]

This is the warning that appears on the top of the page.

<b>Warning</b>: parse_url(/%3Ca%20href=%27http://mydomain.com/links/profile.php?id=2%27%3EView%20your%20profile%3C/a%3E) [<a href='function.parse-url'>function.parse-url</a>]: Unable to parse URL in <b>/home/domain/public_html/links/bb-includes/functions.php</b> on line <b>1794</b>

This is what the My Profile link links to:

http://mydomain.com/%3Ca%20href='http://mydomain.com/links/profile.php?id=2'>View%20your%20profile</a>

[_ck_]

I have a crazy idea to try to “fake out” bbPress and make it think request_uri actually exists on the IIS server so it doesn’t try to (incorrectly) calculate it itself.

Try saving and installing this as a plugin with a leading underscore, ie. _IIS-fix.php

<?php

/*

Plugin Name: IIS request_uri fix

*/

if (isset($_SERVER['HTTP_REQUEST_URI'])){

$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_REQUEST_URI'];

}

else{

if(isset($_SERVER['SCRIPT_NAME']))

$_SERVER['HTTP_REQUEST_URI'] = $_SERVER['SCRIPT_NAME'];

else

$_SERVER['HTTP_REQUEST_URI'] = $_SERVER['PHP_SELF'];

if($_SERVER['QUERY_STRING']){

$_SERVER['HTTP_REQUEST_URI'] .=  '?' . $_SERVER['QUERY_STRING'];

}

$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_REQUEST_URI'];

}

?>

no activation required, should auto-activate – just delete if it causes problems

[_ck_]

I’m taking a look at this now for what it’s worth.

Not sure if I’ll be able to help but let’s see.

IIS is sending a refresh header:

Refresh 0;url=http://www.louisecooper.com/journal/messageboard/topic.php?id=20

content length is zero, so nothing is being sent

Apparently IIS returns “request_uri” differently than other servers. I suspect it’s a similar problem to what they went through with drupal here: http://drupal.org/node/166095

Unfortunately it’s way over my head to fix. I suspect it will take someone like MDA to fix it.

[755833]

Well I fixed it, if anyone (incl. developers) are interested. Unfortunately it requires modifying a line of core application code…

pluggable.php in bb-includes

Line 502

$bbdb->insert( $bbdb->users,

compact( ‘user_login’, ‘user_pass’, ‘user_nicename’, ‘user_email’, ‘user_url’, ‘user_registered’ )

);

Replace with

// bbPress / WordPress bug fix added display name to wordpress

$display_name = $user_login;

$bbdb->insert( $bbdb->users,

compact( ‘user_login’, ‘user_pass’, ‘user_nicename’, ‘user_email’, ‘user_url’, ‘user_registered’, ‘display_name’ )

);

[_ck_]

If you are getting anonymous users, I suspect you haven’t setup integration properly and they are not sharing the same user table.

As far as your other observations (and I felt he same way in the beginning too) you have to realize that (easy) integration was only a priority starting with 0.9

(you can see how complicated the process used to be under 0.8 here – note most of that is not needed now)

Until 0.9, bbPress was just something that ran wordpress.org for Matt and there was no attitude to make integration work. There were tons of problems with usernames etc. and all integration had to be done manually with lots of plugins to fix things.

Then attitudes changed when Matt got funding and decided to use the bbPress code to power TalkPress (essentially forums for users on WordPress.com) Sam and MDA have done a great deal of work to make integration work better but it definitely has a way to go (and should become painless and super-easy IMHO).

So 0.9 has made integration easier but keep in mind bbPress is not even 1.0 yet, so officially it’s not even a released product. The radical cookie changes in 2.6 will take awhile for bbPress to catchup, it’s always been that way.

ps. if it’s not obvious, I am in no way officially associated with Automattic/WordPress/bbPress. Just a plugin developer. And I am not paid. My opinions are definitely just my own and not any kind of official statement.

[chrishajer]

Going back to the first post, what does this mean:

the db's fine but erased by login information

It seems that the installation went well, you just need to figure out what user to log in with. If you can’t do that, why not register a new user with your email address. (Check the wp_users table now for the last id, and then after you register, make sure you look for the new id.) It will get the normal permissions of a member, then go into the database and modify that user’s meta info to give them moderator permissions? Then log in with as that user?

[755833]

I’m not meaning to be rude or anything but I’m struggling to understand why two bits of software made by the same company are so hard to integrate? I’ve never managed to get integration working fully and I always get to the point where users who registered through the forum post on the WordPress blog show up as Anonymous… which basically renders the whole process pointless. I’ve managed to get WordPress and vBulletin to integrate seamlessly, but not bbPress.

bbPress and WordPress are both great pieces of software in their own right, but when it comes to integration with each other they are pretty weak. For example, the new bbPress isn’t compatible with WordPress 2.6 because of an issue with cookie management in WordPress… for the integration to work we now have to wait for bbPress to release an update which according to a moderator on here will be a while away.

There are also so many unsolved integration threads here that it’s very difficult to find any one collection of possible solutions. I appreciate the amount of work that goes into this kind of software and time required to provide support. I’m just feeling a bit frustrated

[755628]

Hi.

This is an extension of this question: http://bbpress.org/forums/topic/hiding-subforums-on-the-homepage#post-11761

My forum has forums, subforums, and then subforums of those subforums. Basically, there are three levels of forums.

I was able to hide the subforums from the main forums page. But how do i hide the subforums’ subforums from the subforums pages, so that the visitor must click on the subforum to view the subforums’ subforums.

I would really appreciate any help on this matter. I am not good at coding so it would be wonderful to get assistance!

[_ck_]

Of course you can do it, bbPress can do almost anything – as long as you code it

Showing the gravatar is the easy part, the code to fetch the latest poster and their email address is the tricky part. How’s your mysql?

Showing a gravatar for any email address is as simple as:

<img src="<?php echo "http://www.gravatar.com/avatar.php?gravatar_id=".md5($user->user_email); ?>" >

The mysql code for the email of the last poster is going to need a left join of the users table against the post table and more than I am willing to do right now. I suppose I could be lazy and use get_latest_posts(1, 1) to fetch the entire info the last post and grab the email address from there.

[parthatel]

I tried that and this is what I get as the url of the link:

http://mydomain.com/%3Ca%20href='http://mydomain.com/links/profile.php?id=1'>View%20your%20profile

[_ck_]

Right now I have it simply by number of posts which of course is not an indication of quality by any real means but easiest way for me to track.

There’s also the top 1000 list where I try to track everyone.

It’s not a contest, no-one wins anything, and it’s completely unofficial, so don’t worry about it

[_ck_]

nv1962, it would be a good plugin to learn/practice from. Roughly 3-5 lines total. Essentially you’d add an action to bb_send_headers and just like my plugin above, if the bb_get_location==”register-page” you echo the redirect header for the wordpress page (and then do a die() so no other code can execute until it redirects).

[_ck_]

bbPress functions with the word “get” in them do not self-echo, they simply return the string. So you have to add echo. You almost have it, for example, this should work:

<a href="<?php echo bb_get_profile_link(); ?>">My Profile</a>

And just to confuse you, there are a couple of legacy functions with the word “get” in them that do echo. But they shouldn’t and are rare so don’t worry too much, lol.

[_ck_]

Well login integration is not as important as the register part. As far as your instructions, I wouldn’t recommend deleting the contents of a core file but the redirect part is okay.

It occurs to me, it’s actually possible to redirect the register page in bbpress to the wordpress side via plugin with no edits required anywhere.

Remember that bbPress registration process should catch up to the WordPress side eventually. In fact I like it’s layout better but WordPress’s is more mature code-wise.

[_ck_]

Yes, this is why I always recommend to people when integrating with WordPress that they redirect all login and registration links to the wordpress side. It’s had years of development in that area.

In any case, here is a simple plugin to prevent duplicate email addresses. Unfortunately bbPress has no way to place custom error messages on the page without template hacking but this should do:

<?php

/*

Plugin Name: no duplicate email addresses

Author: _ck_

*/



if ($_POST && bb_get_location()=="register-page") {add_filter('bb_verify_email','no_duplicate_email');}



function no_duplicate_email($email) {

if ($email) {global $bbdb; if (!$bbdb->get_row($bbdb->prepare("SELECT * FROM $bbdb->users WHERE user_email = %s", $email))) {return $email;}

else {add_action('bb_foot','no_duplicate_email_alert'); return false;}}

}

function no_duplicate_email_alert() {echo "<scr"."ipt>alert('".__("email address already registered")."');</script>";}

?>

(bbPress 0.9 or higher required)

[parthatel]

How do I make a link that directs the user to their profile?

The default code in bbPress is

<?php printf(__('Welcome, %1$s!'), bb_get_profile_link(bb_get_current_user_info( 'name' )));?.

Yet if I use this, the name of the user will be the linked text. Also, I’m not able to use this code alone. If I try:

<?php bb_get_profile_link(bb_get_current_user_info( 'name' )); ?>

…it doesn’t work. I also tried:

<a href="<?php bb_get_profile_link(); ?>">My Profile</a>

How can I change the text to My Profile and also let it stand alone? (standalone meaning on its own paragraph and with no Welcome, %1$s!)

[Alvaro Degives-Mas]

(Subtitle: how to use registration protection/filtering in WP for bbPress – the lazy but effective way!)

Say: you’re a PHP newbie (like me), want to run bbPress and WP, and have successfully completed the installation of the plugin to integrate the bbPress user database with WP’s (whew!) and then you discover that people can register via either the bbPress or WP . Suppose furthermore that you’re getting hammered by nasty bots registering themselves, and have an open self-registration policy on your WP blog/CMS, and therefore installed a nifty registration screening plugin (oh say, WP-reCAPTCHA) and would like to use that for bbPress.

How could you do that? With two simple edits you can:

1) Open the register.php file of bbPress (in bbPress’ root directory) and delete EVERYTHING in it, and save your cleaned-out register.php file back to its place on the server (saving an empty file is to avoid a possible “file not found” error after the next step)

2) Open (or create if you don’t have it – which would be rare) a .htaccess file in the web server’s root directory and add the following single line (it’s displayed here on two lines, but really ought to be a single line!), and put that at/near the top of your .htaccess file (assuming your bbPress install sits in the /forum sub directory; else, modify accordingly to point to the register.php file):

Redirect permanent /forum/register.php http://www.example.com/wp-login.php?action=register

Make sure you substitute “example.com” with your own domain (of course).

3) This step is non-existent. Instead, enjoy your newfound unified registration bliss for dummies!

[724719]

that means people can keep sign-up new accounts to give them selfs Karma points….

i dont mean to sound like a prick __ck__ but can you whip up some sort of plugin for this problem or some instructions. becuase i wouldnt know where to start let alone code somthing like that.

EDIT: WordPress has it goin ok, I get the message:-

ERROR: This email is already registered, please choose another one.

when registering an already existing email.

[_ck_]

Whoa I never realized that.

I wonder if it’s also that way on the WordPress side.

Well it shouldn’t be too hard to whip up some code for that.