Re: SMF RSS Feeds Invalid

logicvortex · February 17, 2010, 03:26:32 PM

My forum is currently set up to allow public access to a few sections, but the majority requires registration and login (let's call them private posts). Adding the rss feed for the forum to google reader will only show posts in the public posts. This makes sense, as google reader does not support authentication of any kind (to the best of my knowledge).

The only way I have found to have a reader populate the posts is using a browser based reader, currently using Brief (for FF). This takes advantage of the fact the i have already logged in using that browser, and therefore have a cookie stored.

My ultimate goal here is to get the posts into google reader. I expect i'll need to use a service like hxxp:freemyfeed.com [nonactive], but that doesn't appear to solve the problem (it may only do http authentication).

I see two options:
1) change smf authentication to http/ssl
2) find some way to get gReader to pass a cookie.

Any ideas?

Some notes:
Using smf 2.0 RC2

JimM · February 19, 2010, 07:59:02 PM

I moved you topic here as you had posted in a 1.x Support topic. Not exactly sure what you are looking for but there is a really good mod for 2.0 that works a treat.

http://custom.simplemachines.org/mods/index.php?mod=1590

logicvortex · February 22, 2010, 08:12:56 AM

Thank you for moving the topic.
The mod is the exact reverse of what I am trying to do. I want my forum to be accessible by RSS readers. No RSS readers that I have found support the cookie authentication that is used in SMF.

Arantor · February 22, 2010, 11:25:43 AM

Even an SSL based method would still require you to have a cookie and a session ID transmitted back so your options are basically either to make boards visible to guests (and thus to RSS feeds) or to somehow get gReader to send/receive cookies.

logicvortex · February 23, 2010, 09:19:01 AM

I'm not too familiar with authentication methods, but I don't believe that http authentication requires the use of a cookie. hxxp:en.wikipedia.org/wiki/Basic_access_authentication [nonactive]
Take a look at freemyfeed.com. This appears to handle the login for http (with or without ssl) feeds.

Arantor · February 23, 2010, 09:21:10 AM

HTTP Basic doesn't. But it transmits your password in almost plain text *every* *single* *pageload*.

It would be possible to rewrite the ENTIRE login system for SMF to use basic, but it would make the entire forum MASSIVELY INSECURE.

logicvortex · February 23, 2010, 10:12:31 AM

So, once you add SSL to the http auth, it requires the use of a cookie? As a side note, is that the cookie that is currently used sent plain text also? What do other forum software use for authentication that allows it to work with freemyfeed? Looks like twitter uses some form of authentication also?

Arantor · February 23, 2010, 10:52:03 AM

SSL on its own doesn't. But Basic over SSL is not particularly great since you're still sending the password every time.

Digest is better, but not by a lot. Especially since you still have to send the session id somehow and if you're not doing that by cookie, you're doing it in the URL meaning it's entirely possible to hijack your session.

Twitter does - OAuth.

logicvortex · February 23, 2010, 11:10:23 AM

So, in conclusion, there is NO way to get gReader working with private smf??
Would this be possible to implement with a mod, or would it end up being a core change?

Arantor · February 23, 2010, 11:30:41 AM

It would be possible to write a mod but it would be a mod that performs a core change. It's a HUGE amount of code to do and for the benefit of making your forum less secure, too.

Seriously, you want to push things to an external source, make the boards public.

zsamboki · July 28, 2010, 08:45:22 AM

if you are still interested. Install thunderbrowse addon to thunderbird, go to the forum, then login and check stay logged on. after that, you can add the rss feeds to thunderbird.

News:

Re: SMF RSS Feeds Invalid