Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Manual Integration on 2.0.17.* ???

edited March 2011 in Vanilla 2.0 - 2.8
Has anyone gotten Proxy Connect to work on 2.0.17.* via Manual Integration?

It seems to only work on 2.0.17 and below.

Please help. I need the nested categories of 2.0.17
«13

Comments

  • need fix~ too.
  • What sort of problems are you having with it?

    I am having a heck of a time trying to get it to work with 2.0.17.9 with manual configuration. No matter what I do, it seems to just create a user with ID=0
  • @swiftsam That's exactly the problem that I had with 2.0.17.9.

    After several hours of debugging I still didn't know what was the reason. All the data inside Vanilla were correct, Vanilla was able to read the correct data from my proxy-script, but they simply didn't end up in the database. Only that empty user was created.

    Then I decided to downgrade to 2.0.16, configured ProxyConnect and the Manual Integration again, and it immediately worked.

  • Got it working on 2.0.16 on a local (XAMPP) server with my CodeIgniter app, but no luck beyond 2.0.16.
    Moving to the production server breaks it. Login redirects to the proper CI controller, but the login action redirects to the forum index, Vanilla apparently still consider me as guest (not logged in - "Howdy stranger", and stuff).
    My authenticate function returns the right values, I've eradicated repeatedly each and every cookie that might interfere, but no luck.

    Very, very frustrating.
  • I have the exact same issue... need nesting categories and am in the process of migrating a simplepress install over. I set it up and use the admin user, everything works fine. Upload all of my content, works great. If I try to log in with any other user I get a page asking me to link the account or create a new one. If I try to link the account I get a "Sorry, permission denied" error.

    If I log in as my admin I can see all the posts, the avatars show up correctly... everything works. Is there any hope we can get this fixed... or be given some clue as to what to modify to get this working?
  • edited April 2011
    @enmartinso consider yourself lucky: when I move to the production server, I can't even log in with the admin user. Although my own login method works flawlessly and redirects me to the forum index, the 'sync account' box never pops up (while it does, on my local server) and Vanilla still shows me as guest user.
    Clicking sign in again just redirects me to the forum index -- simply because my CI login method first check if I'm already logged in, and redirects me straight to the forum if that is the case (proof that I'm actually logged in, even though Vanilla doesn't get the memo...)
  • Bummer, so SSO manual integration is broken in 2.0.17.*? I was hoping to attempt to get Vanilla talking to MODx this weekend....
  • Yeah,

    Im trying to get Vanilla / Modx going as well.

    Failed at one attempt based on Susan Otwells previous instructions. Now I know it is possible because of this issue.
  • In my experience, nothing works beyond 2.0.16 - and even that one feels a bit... wobbly.
    I'm giving up. Spent far too much time trying to get this thing working. The doc is lacking, and the dev seem to have other things to do ATM.

    Will try to come up with a single-and-a-half sign on method of my own, as I need to embed the forum within a logged-in only area *and* pre-assign/port usernames & email addresses from my CI app to Vanilla.

    Vanilla is apparently using the Portable PHP password hashing framework (http://www.openwall.com/phpass/), si I figure I might be able to have my CodeIgniter app create Vanilla accounts with just the basic information to let users log in the forum.
  • I may attempt to downgrade to 2.0.15 and install it on that, if .16 is shaky. Need to get it up and running asap...
  • tsts
    edited April 2011
    Spent a little bit too long tracking this down, but I ended up getting 2.0.17.9 and ProxyConnect 1.8.4 working together, again. What's interesting is the change to the core is only in the unstable branch, which happens to be the one zipped up and plastered all over the forum here. In any case, @Todd didn't leave a whole lot of details with the commit that (likely indirectly) broke Gdn_CookieIdentity::GetCookiePayload (which is what's causing the blank GDN_User inserts), so I'm not totally sure why the change was made. The re-factored method is much tighter, but it doesn't leave much room for plugins with cookie dependancies.

    Basically, the method completely discards everything that ProxyConnect explicitly stores in the cookie before it redirects to /entry/handshake/proxy, paralyzing the half-authorized user in the database. Unfortunately, I didn't think to browse the repository until after I'd found and fixed the problem, so hopefully it'll help someone else.

    File: library/core/class.cookieidentity.php
    Relevant commits: b537305 & 17f991a
    public static function GetCookiePayload($CookieName, $CookieHashMethod = NULL, $CookieSalt = NULL)
    {
    if (!self::CheckCookie($CookieName)) return FALSE;
    $Payload = explode('|', $_COOKIE[$CookieName]);

    + array_shift($Payload);
    + array_shift($Payload);
    + array_shift($Payload);
    - $Key = explode('-', $Payload[0]);
    - $Expiration = array_pop($Key);
    - $UserID = implode('-', $Key);
    -
    - $Payload = array($UserID, $Expiration);

    return $Payload;
    }
    Seemed to clear up the issue for me, though, it's a little past 4, so don't hold me to it at least until the sun comes up…
  • edited April 2011
    I actually found a way to log into Vanilla Forums 2.0.17.9 completely without the use of Proxy Connect!

    Basically what you need to do is create two cookies (one called 'Vanilla' and the other called 'Vanilla-Volatile' in whatever manner you want with a payload in the structure once you have determined the user_id of the person:

    $cookie="$KeyData|$Hash|$cookie_creation_time|$UserID|$Expiration";

    Below is a synopsis of the code that I'm using (no warranties or guarantees here).

    One thing I could not figure out is whether $CookieSalt is truly a constant or a variable. So that setting may or may not work for you. Let me know.


    function log_into_forum($forum_user_id){

    $UserID = $forum_user_id;
    // Note: 172800 is 60*60*24*2 or 2 days
    $cookie_creation_time = time();
    $Expiration = $cookie_creation_time + 172800;
    $KeyData = $UserID.'-'.$Expiration;

    $CookieHashMethod = NULL;
    $CookieSalt = NULL;
    if (!$CookieHashMethod)
    $CookieHashMethod = 'md5';

    if (!$CookieSalt)
    $CookieSalt = 'HSL3KRNWNQ';

    $Key = _Hash($KeyData, 'md5', $CookieSalt);
    $Hash = _HashHMAC( 'md5', $KeyData, $Key);

    $cookie="$KeyData|$Hash|$cookie_creation_time|$UserID|$Expiration";

    setcookie("Vanilla", $cookie, $Expiration, "/", ".domain.com");
    setcookie("Vanilla-Volatile", $cookie, $Expiration, "/", ".domain.com");



    $_COOKIE['Vanilla']=$cookie;
    $_COOKIE['Vanilla-Volatile']=$cookie;

    setcookie("Vanilla", $cookie, time()+(60 * 60 * 24 * 30 * 2), "/", ".domain.com");
    setcookie("Vanilla-Volatile", $cookie, time()+(60 * 60 * 24 * 30 * 2), "/", ".domain.com");


    sleep(2);


    return $cookie;



    }//END log_into_forum


    /**
    * Returns $this->_HashHMAC with the provided data, the default hashing method
    * (md5), and the server's COOKIE.SALT string as the key.
    *
    * @param string $Data The data to place in the hash.
    */
    function _Hash($Data, $CookieHashMethod, $CookieSalt) {


    return _HashHMAC( $CookieHashMethod, $Data, $CookieSalt);
    }



    /**
    * Returns the provided data hashed with the specified method using the
    * specified key.
    *
    * @param string $HashMethod The hashing method to use on $Data. Options are MD5 or SHA1.
    * @param string $Data The data to place in the hash.
    * @param string $Key The key to use when hashing the data.
    */
    function _HashHMAC($HashMethod='md5', $Data, $Key ) {
    $PackFormats = array('md5' => 'H32', 'sha1' => 'H40');

    if (!isset($PackFormats[$HashMethod]))
    return false;

    $PackFormat = $PackFormats[$HashMethod];
    // this is the equivalent of "strlen($Key) > 64":
    if (isset($Key[63]))
    $Key = pack($PackFormat, $HashMethod($Key));
    else
    $Key = str_pad($Key, 64, chr(0));

    $InnerPad = (substr($Key, 0, 64) ^ str_repeat(chr(0x36), 64));
    $OuterPad = (substr($Key, 0, 64) ^ str_repeat(chr(0x5C), 64));

    return $HashMethod($OuterPad . pack($PackFormat, $HashMethod($InnerPad . $Data)));
    }
  • ToddTodd Chief Product Officer Vanilla Staff
    Sorry about this guys. Tim and I thought we tested things with ProxyConnect, but I guess we missed something here.

    Unfortunately, @chuzek's rollback was a fix to plug a massive security hole so we need the code to be similar to our fix. We'll get a fix in asap today.
  • I figured it was totally benign, @Todd, I'm just bummed I don't have the time to run through a patch. On the plus side, I got my crash course in Gdn, which was long, long overdue.
  • edited April 2011
    @Todd Has this been fixed correctly yet? I can't find an update anywhere.

    It looks like for me, I had to adjust https://github.com/vanillaforums/Garden/commit/575afb214052f62d39c74806832e545bbe554f60 to array_slice 5 rather than 4. No idea what the impact of this on the rest of the forums is.
  • TimTim Operations Vanilla Staff
    I made some changes and have pushed up a new version. See if this works for you guys.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • edited April 2011
    Using WP3 and latest version of Vanilla (2.0.17.9). Still not working. While the login/logout does work for existing wordpress users it will not allow account syncing to an already created vanilla user (ie. the admin account), no box appears, it's just a login/logout of wordpress loop.

    Also, with the new version once you apply it you are unable to access your admin dashboard even by going to www.yourdomain/vanilla/entry/password

    De-activating the wordpress plugin, and deleting the Vanilla proxy connect via FTP to get into the vanilla admin again results in bonk errors. Had to reinstall vanilla, not an issue in my case since I am testing with just a plain install but could be problematic for others.

    EDIT: I forgot to put that in all the attempts with this plugin, I tried the automatic WordPress way as well as tried to manually integrate instead, setting all the info that it showed from the WP plugin side into the vanilla side. Still no luck.
  • A FYI as well, I'm not using the WP side of it, I'm using the manual integration with Symfony as the backend.
  • Any further insight Tim?
  • dudieboydudieboy New
    edited April 2011
    Same problem as Amber in a WordPress proxyconnect, embed forum, exact symptoms. I cannot access the forums at all anymore, even after deleting both the wordpress and vanilla sides of the plugin. Guess I'll try reinstalling.

    EDIT: Nearly lost the entire forum! Luckily I backed up the database a few days ago, because when I tried to backup from the current version (with whatever ProxyConnect threw in there) it wouldn't accept the backup.
Sign In or Register to comment.