Manual Integration on 2.0.17.* ???

This discussion is related to the Vanilla Proxyconnect addon.

Has anyone gotten Proxy Connect to work on 2.0.17.* via Manual Integration?

It seems to only work on 2.0.17 and below.

Please help. I need the nested categories of 2.0.17

Lakewood

need fix~ too.

swiftsam

What sort of problems are you having with it?

I am having a heck of a time trying to get it to work with 2.0.17.9 with manual configuration. No matter what I do, it seems to just create a user with ID=0

iam_dbo

@swiftsam That's exactly the problem that I had with 2.0.17.9.

After several hours of debugging I still didn't know what was the reason. All the data inside Vanilla were correct, Vanilla was able to read the correct data from my proxy-script, but they simply didn't end up in the database. Only that empty user was created.

Then I decided to downgrade to 2.0.16, configured ProxyConnect and the Manual Integration again, and it immediately worked.

Wazilla

Got it working on 2.0.16 on a local (XAMPP) server with my CodeIgniter app, but no luck beyond 2.0.16.
Moving to the production server breaks it. Login redirects to the proper CI controller, but the login action redirects to the forum index, Vanilla apparently still consider me as guest (not logged in - "Howdy stranger", and stuff).
My authenticate function returns the right values, I've eradicated repeatedly each and every cookie that might interfere, but no luck.

Very, very frustrating.

enmartinson

I have the exact same issue... need nesting categories and am in the process of migrating a simplepress install over. I set it up and use the admin user, everything works fine. Upload all of my content, works great. If I try to log in with any other user I get a page asking me to link the account or create a new one. If I try to link the account I get a "Sorry, permission denied" error.

If I log in as my admin I can see all the posts, the avatars show up correctly... everything works. Is there any hope we can get this fixed... or be given some clue as to what to modify to get this working?

Wazilla

@enmartinso consider yourself lucky: when I move to the production server, I can't even log in with the admin user. Although my own login method works flawlessly and redirects me to the forum index, the 'sync account' box never pops up (while it does, on my local server) and Vanilla still shows me as guest user.
Clicking sign in again just redirects me to the forum index -- simply because my CI login method first check if I'm already logged in, and redirects me straight to the forum if that is the case (proof that I'm actually logged in, even though Vanilla doesn't get the memo...)

FickleLife

Bummer, so SSO manual integration is broken in 2.0.17.*? I was hoping to attempt to get Vanilla talking to MODx this weekend....

smcilreavy

Yeah,

Im trying to get Vanilla / Modx going as well.

Failed at one attempt based on Susan Otwells previous instructions. Now I know it is possible because of this issue.

Wazilla

In my experience, nothing works beyond 2.0.16 - and even that one feels a bit... wobbly.
I'm giving up. Spent far too much time trying to get this thing working. The doc is lacking, and the dev seem to have other things to do ATM.

Will try to come up with a single-and-a-half sign on method of my own, as I need to embed the forum within a logged-in only area *and* pre-assign/port usernames & email addresses from my CI app to Vanilla.

Vanilla is apparently using the Portable PHP password hashing framework (http://www.openwall.com/phpass/), si I figure I might be able to have my CodeIgniter app create Vanilla accounts with just the basic information to let users log in the forum.

FickleLife

I may attempt to downgrade to 2.0.15 and install it on that, if .16 is shaky. Need to get it up and running asap...

ts

Spent a little bit too long tracking this down, but I ended up getting 2.0.17.9 and ProxyConnect 1.8.4 working together, again. What's interesting is the change to the core is only in the unstable branch, which happens to be the one zipped up and plastered all over the forum here. In any case, @Todd didn't leave a whole lot of details with the commit that (likely indirectly) broke Gdn_CookieIdentity::GetCookiePayload (which is what's causing the blank GDN_User inserts), so I'm not totally sure why the change was made. The re-factored method is much tighter, but it doesn't leave much room for plugins with cookie dependancies.

Basically, the method completely discards everything that ProxyConnect explicitly stores in the cookie before it redirects to /entry/handshake/proxy, paralyzing the half-authorized user in the database. Unfortunately, I didn't think to browse the repository until after I'd found and fixed the problem, so hopefully it'll help someone else.

File: library/core/class.cookieidentity.php
Relevant commits: b537305 & 17f991a

public static function GetCookiePayload($CookieName, $CookieHashMethod = NULL, $CookieSalt = NULL)
{
      if (!self::CheckCookie($CookieName)) return FALSE;
      $Payload = explode('|', $_COOKIE[$CookieName]);

+	array_shift($Payload);
+	array_shift($Payload);
+	array_shift($Payload);
-      $Key = explode('-', $Payload[0]);
-      $Expiration = array_pop($Key);
-      $UserID = implode('-', $Key);
-      
-      $Payload = array($UserID, $Expiration);

      return $Payload;
}

Seemed to clear up the issue for me, though, it's a little past 4, so don't hold me to it at least until the sun comes up…

chuzek

I actually found a way to log into Vanilla Forums 2.0.17.9 completely without the use of Proxy Connect!

Basically what you need to do is create two cookies (one called 'Vanilla' and the other called 'Vanilla-Volatile' in whatever manner you want with a payload in the structure once you have determined the user_id of the person:

$cookie="$KeyData|$Hash|$cookie_creation_time|$UserID|$Expiration";

Below is a synopsis of the code that I'm using (no warranties or guarantees here).

One thing I could not figure out is whether $CookieSalt is truly a constant or a variable. So that setting may or may not work for you. Let me know.


function log_into_forum($forum_user_id){

$UserID = $forum_user_id;
// Note: 172800 is 60*60*24*2 or 2 days
$cookie_creation_time = time();
$Expiration = $cookie_creation_time + 172800;
$KeyData = $UserID.'-'.$Expiration;

$CookieHashMethod = NULL;
$CookieSalt = NULL;
if (!$CookieHashMethod)
$CookieHashMethod = 'md5';

if (!$CookieSalt)
$CookieSalt = 'HSL3KRNWNQ';

$Key = _Hash($KeyData, 'md5', $CookieSalt);
$Hash = _HashHMAC( 'md5', $KeyData, $Key);

$cookie="$KeyData|$Hash|$cookie_creation_time|$UserID|$Expiration";

setcookie("Vanilla", $cookie, $Expiration, "/", ".domain.com");
setcookie("Vanilla-Volatile", $cookie, $Expiration, "/", ".domain.com");



$_COOKIE['Vanilla']=$cookie;
$_COOKIE['Vanilla-Volatile']=$cookie;

setcookie("Vanilla", $cookie, time()+(60 * 60 * 24 * 30 * 2), "/", ".domain.com");
setcookie("Vanilla-Volatile", $cookie, time()+(60 * 60 * 24 * 30 * 2), "/", ".domain.com");


sleep(2);


return $cookie;



}//END log_into_forum


/**
* Returns $this->_HashHMAC with the provided data, the default hashing method
* (md5), and the server's COOKIE.SALT string as the key.
*
* @param string $Data The data to place in the hash.
*/
function _Hash($Data, $CookieHashMethod, $CookieSalt) {


return _HashHMAC( $CookieHashMethod, $Data, $CookieSalt);
}



/**
* Returns the provided data hashed with the specified method using the
* specified key.
*
* @param string $HashMethod The hashing method to use on $Data. Options are MD5 or SHA1.
* @param string $Data The data to place in the hash.
* @param string $Key The key to use when hashing the data.
*/
function _HashHMAC($HashMethod='md5', $Data, $Key ) {
$PackFormats = array('md5' => 'H32', 'sha1' => 'H40');

if (!isset($PackFormats[$HashMethod]))
return false;

$PackFormat = $PackFormats[$HashMethod];
// this is the equivalent of "strlen($Key) > 64":
if (isset($Key[63]))
$Key = pack($PackFormat, $HashMethod($Key));
else
$Key = str_pad($Key, 64, chr(0));

$InnerPad = (substr($Key, 0, 64) ^ str_repeat(chr(0x36), 64));
$OuterPad = (substr($Key, 0, 64) ^ str_repeat(chr(0x5C), 64));

return $HashMethod($OuterPad . pack($PackFormat, $HashMethod($InnerPad . $Data)));
}

Todd

Sorry about this guys. Tim and I thought we tested things with ProxyConnect, but I guess we missed something here.

Unfortunately, @chuzek's rollback was a fix to plug a massive security hole so we need the code to be similar to our fix. We'll get a fix in asap today.

ts

I figured it was totally benign, @Todd, I'm just bummed I don't have the time to run through a patch. On the plus side, I got my crash course in Gdn, which was long, long overdue.

scythah

@Todd Has this been fixed correctly yet? I can't find an update anywhere.

It looks like for me, I had to adjust https://github.com/vanillaforums/Garden/commit/575afb214052f62d39c74806832e545bbe554f60 to array_slice 5 rather than 4. No idea what the impact of this on the rest of the forums is.

Tim

I made some changes and have pushed up a new version. See if this works for you guys.

Amber

Using WP3 and latest version of Vanilla (2.0.17.9). Still not working. While the login/logout does work for existing wordpress users it will not allow account syncing to an already created vanilla user (ie. the admin account), no box appears, it's just a login/logout of wordpress loop.

Also, with the new version once you apply it you are unable to access your admin dashboard even by going to www.yourdomain/vanilla/entry/password

De-activating the wordpress plugin, and deleting the Vanilla proxy connect via FTP to get into the vanilla admin again results in bonk errors. Had to reinstall vanilla, not an issue in my case since I am testing with just a plain install but could be problematic for others.

EDIT: I forgot to put that in all the attempts with this plugin, I tried the automatic WordPress way as well as tried to manually integrate instead, setting all the info that it showed from the WP plugin side into the vanilla side. Still no luck.

scythah

A FYI as well, I'm not using the WP side of it, I'm using the manual integration with Symfony as the backend.

Amber

Any further insight Tim?

dudieboy

Same problem as Amber in a WordPress proxyconnect, embed forum, exact symptoms. I cannot access the forums at all anymore, even after deleting both the wordpress and vanilla sides of the plugin. Guess I'll try reinstalling.

EDIT: Nearly lost the entire forum! Luckily I backed up the database a few days ago, because when I tried to backup from the current version (with whatever ProxyConnect threw in there) it wouldn't accept the backup.

Amber

Wow I'm glad you at least got your forum back, even if it was an older version of the backup.

Seems like this version of the Proxy Connect is a bit dangerous to try to implement, it would be nice to see a response from the developers on it. I tried it again, just for kicks and thinking maybe I might have missed something but nope.

dudieboy said:

Same problem as Amber in a WordPress proxyconnect, embed forum, exact symptoms. I cannot access the forums at all anymore, even after deleting both the wordpress and vanilla sides of the plugin. Guess I'll try reinstalling.

EDIT: Nearly lost the entire forum! Luckily I backed up the database a few days ago, because when I tried to backup from the current version (with whatever ProxyConnect threw in there) it wouldn't accept the backup.

dudieboy

@Amber Thanks! I guess if anyone else experiences the same, and has a backup from BEFORE installing ProxyConnect, here's what to do:

* Delete the /vanilla/ directory or whatever you renamed it from your server. Backup any avatars, uploads or custom styles first.
* Delete the forum database from your server.
* Create a new, empty database for Vanilla.
* Upload a fresh install of Vanilla.
* Install by the usual method.
* Delete the forum database from your server again.
* Create a new, empty database for Vanilla.
* In PHPMySQL, import your backup.

The forum should now be restored from your backup. The trick is to convince Vanilla that it's installed properly, then switch out the new database for the old.

binhdo

Latest version (1.92) dos not change anything to the better, appears to me as if cookies are not properly cleared or invalidated upon logout. I noticed that I can sign in again without providing any credentials after logging out.
Furthermore, the WordPress nonce issue seems to persist.

FickleLife

I have the same problem, latest vanilla 2.0.17.9 and 1.9.2 proxy connect. Don't think the cookie is deleted on logout, but sometimes it is... It's not working consistently. Is there a way I can test this at all? I have it manually integrated with modx revo 2.0.8 using this tutorial http://www.sottwell.com/article-vanilla.html

Tim

New version uploaded. I fixed a minor issue in the WakeUp which solves a redirect problem.

Amber

I posted a response to this here: http://www.vanillaforums.org/discussion/comment/138829#Comment_138829

Still not working.

Tim said:

New version uploaded. I fixed a minor issue in the WakeUp which solves a redirect problem.

Amber

Any other news on how to get this project functioning correctly?

Amber

It's been several days and I haven't seen a response to this in any of the topics. Tim would it help if you were provided a live testing environment? (if you don't have one already)

gukov

Can confirm that manual integration still doesn't work even with the unstable version (2.0.18a).

mrpaul

Add me to the list of people who can't get this to work. When users go to the forum for the first time, the handshake url comes up as a "Bonk!" error page. When I reload the page it comes up, but won't let me link accounts. Checking in the admin section, the account was created perfectly (username and e-mail is correct), but it just won't link them or allow anyone to login to them.