Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

[Solved] Vanilla admin account updated by jsConnect login

edited December 2011 in Vanilla 2.0 - 2.8

Vanilla is updating the admin account with the information of the user logging in through jsConnect. What am I missing?

Best Answer

  • ToddTodd Chief Product Officer Vanilla Staff
    Answer ✓

    Hmm, that might be a bug. Just delete the row in phpMyAdmin or something. The table is GDN_UserAuthenticationProvider.

Answers

  • ToddTodd Chief Product Officer Vanilla Staff

    Are you saying all users are updating the admin account? Are you passing the UniqueID back properly? Make sure there is a different UniqueID for every user.

  • edited December 2011

    I'm using the PHP jsConnect client library, with WordPress.
    I modified the index.php to capture the current user info from Wordpress, which works perfectly, but when I did the test it game me the error: "The client_id parameter is missing." So I added the line: $_GET['client_id'] = $clientID;.
    Now it works and the test shows the logged in user in Wordpress, but the admin account gets updated.

  • Right now my code looks like this:

    <?php /** Make sure that the WordPress bootstrap has run before continuing. */ require( dirname(__FILE__) . '/wp-load.php' ); require_once dirname(__FILE__).'/functions.jsconnect.php'; // 1. Get your client ID and secret here. These must match those in your jsConnect settings. $clientID = "value"; $secret = "value"; // 2. Verify WP user's login status. if ( is_user_logged_in() ) { // 3. Get WP current user's info. global $current_user; get_currentuserinfo(); // 4. Fill in the user information in a way that Vanilla can understand. $user = array(); $user['uniqueid'] = $current_user->ID; $user['name'] = $current_user->display_name; $user['email'] = $current_user->user_email; $user['photourl'] = ''; // 4. Generate the jsConnect string. $_GET['client_id'] = $clientID; $secure = true; // this should be true unless you are testing. WriteJsConnect($user, $_GET, $clientID, $secret, $secure); } else { echo 'callback({"name": "", "photourl": ""});'; } ?>

  • ToddTodd Chief Product Officer Vanilla Staff

    Oh boy, $_GET['client_id'] = $clientID; is wrong and not what's in my documented file at all. That client ID is for security and you are just by-passing it altogether.

    Furthermore, can you please explain what 'the admin account gets updated' means?

  • ok, well I added $_GET['client_id'] = $clientID; because of the "The client_id parameter is missing." error, which means that I wasn't receiving the client_id from jsConnect in the first place. I have in Vanilla only an account whose username is admin, and has Administrator rights. When I login with any Wordpress account using jsConnect, the user gets logged-in, but in reality it updated that admin account instead of creating a new record. When I check Vanilla there is only one account, the same one, but with the username updated with the username of the Wordpress account that logged in.

  • ToddTodd Chief Product Officer Vanilla Staff
    via Email
    jsConnect supplies the client ID in the url to Wordpress. If it's not there then something's wrong. There is a test link when you set up the connection and you need to make sure that's working.
  • I followed all the steps. What could be wrong?
    I added the connection with the client id, secret, the auth url, everything.
    I downloaded the php client library. Placed it in my root. Modified the index.php in it, and am successfully getting the user info from Wordpress.
    The php required files are getting loaded. You have my code.
    What am I missing?

  • My code is:

    <?php /** Make sure that the WordPress bootstrap has run before continuing. */ require( dirname(__FILE__) . '/wp-load.php' ); require_once dirname(__FILE__).'/functions.jsconnect.php'; // 1. Get your client ID and secret here. These must match those in your jsConnect settings. $clientID = "number from vanilla jsConnect connection settings"; $secret = "string from vanilla jsConnect connection settings"; // 2. Verify WP user's login status. if ( is_user_logged_in() ) { // 3. Get WP current user's info. global $current_user; get_currentuserinfo(); // 4. Fill in the user information in a way that Vanilla can understand. $user = array(); $user['uniqueid'] = $current_user->ID; $user['name'] = $current_user->display_name; $user['email'] = $current_user->user_email; $user['photourl'] = ''; // 4. Generate the jsConnect string. $secure = true; // this should be true unless you are testing. WriteJsConnect($user, $_GET, $clientID, $secret, $secure); } else { echo 'callback({"name": "", "photourl": ""});'; } ?>

    It follows the same structure in the original index.php in the library.
    Any suggestions on how to fix my situation.

  • ToddTodd Chief Product Officer Vanilla Staff

    I have your code, but I don't know Wordpress. That's your job.

    Have you:

    1. Clicked the "Test Url" button in Vanilla to see if the user information is coming back like I asked?
    2. In the above test url look at your address bar to see if the client ID is there.
    3. If the client id is in the url, but Wordpress isn't recognizing it then perhaps their $_GET is getting wiped through some Wordpress voodoo.
    4. The library uses javascript. Make sure you don't have your own javascript errors in your theme.
  • I get the missing client_id error. The client id is in the address bar. And I have no Javascript errors. the code for the wp user info is correct. Must be the GET. Any suggestions?

  • ToddTodd Chief Product Officer Vanilla Staff

    I don't right now. I co-worker is developing a wordpress plugin that supports jsConnect. I'll see what he's doing.

  • I just ran the website using http fox on firefox and when I click the sign in, when the request from jsConnect gets fired, it gets through to my authentication file perfectly, but the Result is aborted, and I get an NS_BINDING_ABORTED message.
    Usually when that happens, it's because of conflicting requests to the same process.

  • ToddTodd Chief Product Officer Vanilla Staff

    Sounds like something screwy on your server dude.

  • Couldn't it be that one of the requests from jsConnect is aborting another request by jsConnect itself? Because the conflict is with javascript which is client-side not server-side.

  • ToddTodd Chief Product Officer Vanilla Staff

    We don't specifically abort any js requests.

  • I created a new connection, updated the authenticator file with that connection's info and it worked like a charm. But now I can't delete the previous connection in Vanilla.

  • ToddTodd Chief Product Officer Vanilla Staff
    Answer ✓

    Hmm, that might be a bug. Just delete the row in phpMyAdmin or something. The table is GDN_UserAuthenticationProvider.

  • I checked the class and it was missing the delete function. I added to it a delete function and it worked perfectly. If you'd like I can share it ;)
    Thank you very much for all your help!

  • ToddTodd Chief Product Officer Vanilla Staff

    Hey, thanks for working through the problem too. Share away!

Sign In or Register to comment.