Problem integrating SMF Login Check into Wordpress!!!!

wushdishmeen · June 23, 2010, 07:51:15 AM

I have been having issues with the way my site is setup ever since I moved to a new web host and added the WP Super Cache plugin to my blog.

I currently have an SMF Forum setup as the core of my entire site's user system. I have been adding the SMF Login Check by requiring the SSI.php in the header's of all of my other subdomains that are outside of my SMF Forum.

For instance, I have my SMF Forum in http://forum.mydomain.com and a Wordpress blog in http://blog.mydomain.com. In the header.php file of the Wordpress blog I have added the following:

Code Select

<?php
require_once('/home/xxxxxx/public_html/forum/SSI.php');
$ssi_ban = true;
is_not_banned();
ob_start();
is_not_guest('Access Denied');
?>

Before I moved hosts I had NO issues. This code would make sure that the visitor was logged into my SMF forum before allowing them to view the blog. If they weren't logged in it would redirect them to the SMF Login page. If they were logged in the blog would display normally.

NOW, after I moved and also installed WP Super Cache to save bandwidth I've been having issues and had to remove the code. Leaving my blog wide open to the public. What happens is that if a user is not logged in it will block the user from viewing the blog, BUT if they ARE logged in it still shows the SMF Login page and keeps showing it on a LOOP. Basically, everytime a logged in user goes to the blog they are logged out of SMF and forced to login. Once they do it just keep showing the login page.

I thought maybe it had something to do with pages being cached since it keeps serving the non-logged in file or something. But even turning off WP Super Cache or deleting the cache in between trying to login it still does the same thing. I tried removing WP Super Cache altogether and I'm still getting this issue.

Does ANYONE have any clue on what is happening here and how to fix it? Thanks in advance for any help.

WORDPRESS VERSION: 3.0
SMF FORUM VERSION: SMF 2.0 RC2

Kill Em All · July 07, 2010, 05:50:25 PM

I would probably suggest trying to reinstall/reconfigure the bridge that you are using. SMF can't support the third party bridge, you will probably get better support over at their support forums.

wushdishmeen · September 21, 2010, 04:11:40 AM

This is the SMF support forums, is it not? I'm also not using a bridge I am simply including the SSI.php with a require function and calling to the authentication functions in the header so that people who are not logged into my forum cannot use any subdomains on my site either.

It has worked with my other subdomains just fine but ever since I switched my Wordpress over to WP Super Cache plugin I am having issues. My guess is that maybe caching pages removes the ability for wordpress to determine your login session when switching pages or something? Since they are being served the same file over and over until it's updated it may interfere with the SSI.php function's ability to know whether the person is logged in or not.

BUT even when I removed the cache plugin it didn't work. But I didn't try removing the plugin code from my .htaccess so could that be it?

Kindred · September 21, 2010, 09:58:49 AM

yes, anything that messes with the .htaccess and caching can screw up sessions.

Make sure that you also have subdomain independent cookies turned ON in the SMF admin > server settings

wushdishmeen · December 22, 2010, 08:54:13 AM

I have the "use subdomain independant cookies" turned on but still have the issue.

Anyone else have any ideas on what's going on here?

OTHERWISE....is there a way to migrate all of the users from SMF to wordpress so I can have my users just login to my wordpress with their exact same forum login details? I would settle for it working manually by running a script or something. But if I can get it so that anytime an account is created on SMF it's also added to the wordpress automatically that would be awesome.

But I'm not picky... I'll settle for having to manually update the wordpress accounts every so often. ANY help at all is appreciated because this is a very big deal that I get this wordpress secured.

I've checked out some of the bridges and integrators but unfortunately they haven't worked.

I'm using SMF 2.0 RC2 and Wordpress 3.0.3

wushdishmeen · March 30, 2011, 02:38:54 PM

bump... can anyone help?

I've since upgraded to SMF 2.0 RC3 and WordPress 3.1 and still having the issue after all this time. I could REALLY use the help.

I'm using the following plugins:
WP Super Cache 0.9.9.9
WP Smush.it 1.3.4
WP Minify 1.0.4
Collapsing Archives 1.3.2

I suspect that WP Super Cache is the one that's messing with this but the weird part is I've been using that all along and this method worked at one point.

Code Select


<?php
require_once('/home/mydomain/public_html/forum/SSI.php');
$ssi_ban = true;
is_not_banned();
is_not_guest('Access Denied');
?>

That's the code that I put at the top of the header.php on my wordpress blog and basically it's like it's starting a new session separate from the real SMF session whenever you visit the blog. It shows the Login screen for my SMF forum and when you login it simply just takes you to my SMF Forum and if you go back to the wordpress blog it shows the login screen again. BUT you can tell it's an entirely separate session because if you go to the wordpress and it shows the SMF login page and then I load my SMF forum it shows me as already logged in on SMF.

So clearly Wordpress is starting a new login session that is stuck on a loop and it's not matching the actual genuine SMF login session. If this makes ANY sense to someone please help me figure this out because I need my Wordpress blog blocked off from people who are not members of my SMF forum.

wushdishmeen · April 13, 2011, 01:21:57 AM

bump...still looking for help. It's really important that I block people who are not a member to my SMF forum from viewing my wordpress blog. The PHP coding works for every other subdomain and script on my site except for wordpress. Just keep getting an SMF login loop that works of a completely different session then the genuine one that logs you into SMF.

wushdishmeen · June 22, 2011, 08:01:09 PM

STILL looking for help.... please???

wushdishmeen · June 25, 2011, 04:33:46 PM

It seems to be just the is_not_guest('Access Denied'); function that is causing the issue with the endless login loop. I can keep people who are banned in my SMF forum from viewing the wordpress blog using the is_not_banned function but when I use the is_not_guest function it screws up the wordpress blog and it never gets past the SMF login page.

Is there any chance that maybe wordpress has a is_not_guest function also and it's colliding with eachother? I would appreciate some help!!

I'd even offer some money for whoever can figure out why this specific function is causing a problem and how to fix it?

Kindred · June 26, 2011, 08:34:50 AM

There is indeed a possibility of overlap/conflicting names...
Luckily, you an try using a different function or variable from SMF, like is_logged

wushdishmeen · July 09, 2011, 02:03:30 PM

I'm aware of that function but how would I implement that into a wordpress blog so that the entire page doesn't show if you're not logged into my SMF forum?

I actually tried doing the is_logged function with an If statement but I couldn't figure out where in my wordpress theme to put any of the code. Anything I tried resulted in PHP errors.

If you could give me a general idea of what exactly I can do I would appreciate it. What's odd is that the is_not_guest function used to work perfectly by just slapping it at the top of my header.php file on my wordpress blog. It seems like it stopped working at some point maybe after an upgrade? I don't think they would rename a function in wordpress to is_not_guest though do you? Why rename it at all.

So many people have looked at this thread and I've had no answers. I really need the help as it is important I get the blog secured.

Andre N · July 13, 2011, 10:11:38 PM

Use the api and call the function that checks if a user is online. There won't be any function naming clashes because all the functions start with smfapi_

If you need further clarification let me know

wushdishmeen · July 14, 2011, 10:16:40 AM

I think my main concern is where in the wordpress do I place the coding so that the entire site doesn't show if they are not logged in and instead redirects them to my SMF login. It works on all other subdomains on my site by simply using the is_not_guest function but with the wordpress it just keeps resetting itself back to the login screen everytime you login. Almost like the login session is completely separate from the actual SMF login session and even after you login it just keeps looping back as if you never did.

Wordpress is made up of many different PHP files. What I used to do was place the is_not_guest along with the require function of SSI.php in the header.php at the very top. That blocked off the entire site automatically because the coding effects the rest of the page. But with the user is logged function it requires you to place the coding throughout the page in order to block the whole thing and it has to be in the right places otherwise it'll clash with wordpress.

Andre N · July 14, 2011, 11:42:12 AM

Put the require_once SSI.php and the is_not_guest function at the very top of the header file.
That's how it should be... does it clash with Wordpress?

You could try this:
Download the api (smf_2_api.php)

Put it on your server somewhere.

in the Wordpress header, instead of the SSI.php file, use require_once to include the api file

then do your check like this:

Code Select


if ($user_info['is_guest']) {
    //redirect to smf login
}

When you include the api file it will check the smf cookie and session to see if the user is logged into smf or not and generate the $user_info array.

wushdishmeen · July 14, 2011, 12:14:48 PM

Quote from: ike turner on July 14, 2011, 11:42:12 AM
Put the require_once SSI.php and the is_not_guest function at the very top of the header file.
That's how it should be... does it clash with Wordpress?

That's exactly how I was doing it and it used to work but it does not work anymore. The $ssi_ban = true; and is_not_banned(); functions work as they should it's just the is_not_guest function that causes the login loop to happen.

I will try what you said as it seems like a good idea but what is the exact function to redirect to the smf login page? You only put "// redirect to smf login" and not the actual code. If you could let me know that would help.

Thanks

Andre N · July 14, 2011, 12:21:43 PM

The SSI.php file loads a LOT of functions, most of SMF it seems like. Maybe the variable names clash and are being overwritten of there is a function name collision somewhere.

Try what I said, it will work. As for the redirect, there is no function in the api that will redirect you to the smf login page, but you could use the php header function

Code Select


header('Location: http://www.yourdomain.com/path/to/smf/index.php?action=login');

wushdishmeen · July 14, 2011, 12:31:04 PM

Yea but what's odd is with calling the SSI.php the is_not_banned and $ssi_ban functions work perfectly. It's only when I try to use the is_not_guest function like I do everywhere else on my site. That single function seems to clash somehow and cause some weird login loop separate from the actual SMF login session.

I did what you said though.

Code Select

<?php
require_once('/home/xxxxxx/public_html/forum/smf_api.php');
if ($user_info['is_guest']) {
header('Location: http://forum.mydomain.com/index.php?action=login');
}
?>

I put it at the top of my header.php and it redirects to the login whether im logged in or not.

I also tried redirectexit function in place of the "header" function and it redirected me to the SMF login whether I was logged in or not. Same thing.

So clearly something is missing because the ($user_info['is_guest']) function is not recognizing whether I'm logged in or not.

Andre N · July 14, 2011, 12:40:49 PM

Could your smf cookie settings be set for your smf path only?

SlammedDime · July 14, 2011, 12:45:20 PM

The WP Super Cache plugin will not help you save bandwidth, so if that's the only reason you installed it, might as well uninstall it. You should probably re-read the plugin's page on Wordpress' site to understand it's purpose. What you are wanting to accomplish while using the WP Super Cache plugin is not easily done by any stretch of the imagination.

Andre N · July 14, 2011, 12:46:34 PM

Just read above, and you said you have them set correctly. Can you include the api, and dump out $user_info and see what you are getting?

wushdishmeen · July 14, 2011, 12:49:09 PM

I use the is_not_guest function on every other subdomain on my server and it works perfectly. Not to mention I use the function on several scripts that are all within their own folders in my root folder separate from SMF. It's only wordpress that is having an issue with it. But it DID work with wordpress a long time ago. It wasn't until about 7-8 months ago that it stopped working and I could never get it to work again. I started this thread so long ago and I still haven't figured it out.

As for my cookie settings they should be fine:

Enable local storage of cookies: OFF
Use subdomain independent cookies: ON
Use database driven sessions: ON
Allow browsers to go back to cached pages: ON
Seconds before an unused session timeout: 3600

I have to also mention that the results are different whether I am using FireFox or Internet Explorer as my browser. With Firefox it redirects to the login page no matter what and with Internet explorer the page loads normally no matter what. So it's even more confusion now.

Quote from: SlammedDime on July 14, 2011, 12:45:20 PM
The WP Super Cache plugin will not help you save bandwidth, so if that's the only reason you installed it, might as well uninstall it. You should probably re-read the plugin's page on Wordpress' site to understand it's purpose. What you are wanting to accomplish while using the WP Super Cache plugin is not easily done by any stretch of the imagination.

I don't use WP Super Cache anymore. I switched to W3 Total Cache and the reason I use it is because I am on a shared server so it is necessary due to the high volume of traffic my site gets. That's totally off tangent to the actual issue though.

Andre N · July 14, 2011, 12:57:48 PM

SO what ARE you getting in the $user_info array? It has to be set if either the api or SSI file successfully loaded...
Can you post the contents of the header file?

wushdishmeen · July 14, 2011, 01:04:06 PM

You want the entire header.php file code? Here it is with the coding added.

Code Select

<?php
require_once('/home/xxxxxx/public_html/forum/smf_2_api.php');
if ($user_info['is_guest']) {
header('Location: http://forum.xxxxxx.com/index.php?action=login');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> 

<head>
	<meta http-equiv="Content-Type" content="<?php bloginfo('html_type') ?>; charset=<?php bloginfo('charset') ?>" />

	<title><?php 

	bloginfo('name'); 

	$blog_description = get_bloginfo('description');

	if (is_home () && !empty($blog_description) ) {

		echo ' - '; echo $blog_description;

	} elseif (is_category() ) {

		echo ' - '; single_cat_title();

	} elseif (is_single() || is_page() ) { 

		echo ' - '; single_post_title();

	} elseif (is_search() ) { 

		echo __(' search results: ','easel'); echo esc_html($s);

	} else { 

		echo ' - '; wp_title('',true);

	}

  ?></title>

	<link rel="stylesheet" href="<?php echo get_stylesheet_uri(); ?>" type="text/css" media="screen" />

<?php if (!easel_themeinfo('disable_default_design') && !is_child_theme() && (easel_themeinfo('scheme') !== 'greymatter')) { ?>

	<link rel="stylesheet" href="<?php echo get_template_directory_uri(); ?>/style-default.css" type="text/css" media="screen" />

<?php } ?>

	<link rel="pingback" href="<?php bloginfo('pingback_url') ?>" />

	<meta name="Easel" content="<?php echo easel_themeinfo('version'); ?>" />

	<?php if ( is_singular() && get_option( 'thread_comments' ) && !easel_themeinfo('disable_comment_javascript')) wp_enqueue_script( 'comment-reply' ); ?>

<?php wp_head(); ?>


</head>



<body <?php body_class(); ?>>



<div id="page-head"><?php do_action('easel-page-head'); ?></div>

<div id="page-wrap">

	<div id="page">

		<?php easel_get_sidebar('above-header'); ?>

		<div id="header">

			<?php easel_get_sidebar('header'); ?>

			<div class="clear"></div>

		</div>



<?php

if (!easel_themeinfo('disable_default_menubar') && function_exists('easel_menubar')) easel_menubar();

if (easel_themeinfo('enable_breadcrumbs')) easel_breadcrumbs();

easel_get_sidebar('menubar');

get_template_part('layout', 'head');

?>

I also swapped out the smf_api I was using with the one you posted on this forum in a different thread. So I'm using your version and it still gives the same issues.

SlammedDime · July 14, 2011, 01:08:47 PM

Quote
I don't use WP Super Cache anymore. I switched to W3 Total Cache and the reason I use it is because I am on a shared server so it is necessary due to the high volume of traffic my site gets. That's totally off tangent to the actual issue though.

It's actually not totally off tangent, exactly the opposite actually, and W3 appears to do some similar things to Super Cache. They're caching entire pages of output or sections of output to serve back to users as static content, instead of serving them through PHP, which totally bypasses your attempts at validating a user, because PHP is never run, OR, the PHP code from header.php isn't being run because that aspect is already cached.

header.php is also a poor choice to place this code, as header.php is not one of the first files called by Wordpress, it is near in the middle or one of the last, as that is a theme file, not a core file. You *should* be placing this code in your main Wordpress index.php file, as that is the bootstrap file of Wordpress and EVERY request for anything in Wordpress flows through that file.

wushdishmeen · July 14, 2011, 01:33:12 PM

If you read above to one of my first posts I had already contemplated the possibility of the caching plugin being the issue. I said the exact same thing as you did already. It wasn't the issue so the caching thing has now become moot as far as progressing in this issue. Back then it would of been a good guess but right now it's already been looked at. You should read the whole thread because you might be missing other stuff I've tried.

Like I said I used this code and it worked even with Super Cache installed back then and I didn't change anything except updating wordpress and plugins along the way. So clearly an update caused something to happen.

I tried totally removing the caching plugin to see if that would make it work again and it didn't change a thing. As for where to place the code I had it in the header.php file back then and it worked fine.

Using the index.php file I get the same issues as with the header.php. Just keeps redirecting to the SMF login whether I'm logged in or not.

Andre N · July 14, 2011, 01:40:05 PM

Put the code in the top of the index.php file and dump out the $user_info array and make sure the loadUserData function is being called

wushdishmeen · July 14, 2011, 01:44:25 PM

What do you mean by "dump out" the $user_info array? Also how do you call the loadUserData function? I've never used the API file before so if you could please write out the code you want me to try in your responses that would help a lot.

You sure it's not smfapi_loadUserSettings();

It says that function loads the user an their cookie, as well as their settings. There is no loadUserData function as far as I see

By the way, I created a new PHP file called test.php and placed it in my wordpress folder. I placed the coding at the top of the page and simply typed "TESTING" underneath the PHP and it works fine. So it's not the coding it's wordpress that's clashing with it. It shows the page with "TESTING" when I'm logged in and it redirects to the SMF login if I'm logged out.

Andre N · July 14, 2011, 01:48:00 PM

var_dump($user_info)
or print_r($user_info)

see what you get and post it pls

wushdishmeen · July 14, 2011, 02:02:18 PM

Your responses are very vague but I'm trying to piece it together.

I had to remove the header redirect function otherwise I couldn't even read the output results... So here is what I changed it to. There is no loadUserData function though so I used the loadUserSettings function instead.

Like this

Code Select

<?php
require_once('/home/xxxxxx/public_html/forum/smf_2_api.php');
smfapi_loadUserSettings();
if ($user_info['is_guest']) {
}
var_dump($user_info);
?>

and I got this as the output

Code Select

array(27) { ["groups"]=> array(1) { [0]=> int(-1) } ["possibly_robot"]=> bool(false) ["id"]=> int(0) ["username"]=> string(0) "" ["name"]=> string(0) "" ["email"]=> string(0) "" ["passwd"]=> string(0) "" ["language"]=> string(7) "english" ["is_guest"]=> bool(true) ["is_admin"]=> bool(false) ["theme"]=> int(0) ["last_login"]=> int(0) ["ip"]=> string(12) "26.192.14.63" ["ip2"]=> NULL ["posts"]=> int(0) ["time_format"]=> string(22) "%B %d, %Y, %I:%M:%S %p" ["time_offset"]=> int(0) ["avatar"]=> array(4) { ["url"]=> string(0) "" ["filename"]=> string(0) "" ["custom_dir"]=> bool(false) ["id_attach"]=> int(0) } ["smiley_set"]=> string(0) "" ["messages"]=> int(0) ["unread_messages"]=> int(0) ["total_time_logged_in"]=> int(0) ["buddies"]=> array(0) { } ["ignoreboards"]=> array(0) { } ["ignoreusers"]=> array(0) { } ["warning"]=> int(0) ["permissions"]=> array(0) { } }

That's with me logged in by the way and you can see that it's somehow pulling false info. It says the ["is_guest"]=> bool(true) and it also isn't recognizing that I'm an admin.

Andre N · July 14, 2011, 02:18:34 PM

the loadUserSettings() function is called automatically by the api, you don't need to call it again but it won't hurt. So the function isn't getting the session information inside wordpress, but it works outside...
it's not 'false info' per say, it just isn't finding your cookie or session info.

And it does this on Firefox only, and works on IE?

You have this code in your wordpress index.php file at the very top, right?

wushdishmeen · July 14, 2011, 02:43:59 PM

yes I have it at the top of the index.php file now.

and no it doesn't work on either Firefox or IE. It just gives different results. With Firefox it keeps redirecting you to the login page whether you're logged in or not. With IE it just loads the page normally without redirecting whether you're logged in or not.

Both don't recognize the login session. So yea... it's not grabbing the info.

Andre N · July 14, 2011, 02:50:07 PM

What does the $user_info array hold when you use IE?

check that and also, after you include the api put this:

Code Select

echo $_COOKIE[$cookiename];

Andre N · July 14, 2011, 04:01:15 PM

Your cookie is being found, and it's set correctly. I was able to unserialize it just fine. It looks like in the smfapi_loadUserSettings() function, this part:

Code Select


if ($id_member != 0) {
		// is the member data cached?
		if (empty($modSettings['cache_enable']) || $modSettings['cache_enable'] < 2
            || ($user_settings = smfapi_cacheGetData('user_settings-' . $id_member, 60)) == null) {
			    $request = $smcFunc['db_query']('', '
				    SELECT mem.*, IFNULL(a.id_attach, 0) AS id_attach, a.filename, a.attachment_type
				    FROM {db_prefix}members AS mem
					    LEFT JOIN {db_prefix}attachments AS a ON (a.id_member = {int:id_member})
				    WHERE mem.id_member = {int:id_member}
				    LIMIT 1',
				    array(
					    'id_member' => $id_member,
				    )
			    );

			    $user_settings = $smcFunc['db_fetch_assoc']($request);
			    $smcFunc['db_free_result']($request);

			    if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2) {
				    smfapi_cachePutData('user_settings-' . $id_member, $user_settings, 60);
                }
		}
	}

is failing to get the user info out of the cache...
give me a minute and I'll tell you what to replace that with

Andre N · July 14, 2011, 04:04:49 PM

replace this:

Code Select

if ($id_member != 0) {
		// is the member data cached?
		if (empty($modSettings['cache_enable']) || $modSettings['cache_enable'] < 2
            || ($user_settings = smfapi_cacheGetData('user_settings-' . $id_member, 60)) == null) {
			    $request = $smcFunc['db_query']('', '
				    SELECT mem.*, IFNULL(a.id_attach, 0) AS id_attach, a.filename, a.attachment_type
				    FROM {db_prefix}members AS mem
					    LEFT JOIN {db_prefix}attachments AS a ON (a.id_member = {int:id_member})
				    WHERE mem.id_member = {int:id_member}
				    LIMIT 1',
				    array(
					    'id_member' => $id_member,
				    )
			    );

			    $user_settings = $smcFunc['db_fetch_assoc']($request);
			    $smcFunc['db_free_result']($request);

			    if (!empty($modSettings['cache_enable']) && $modSettings['cache_enable'] >= 2) {
				    smfapi_cachePutData('user_settings-' . $id_member, $user_settings, 60);
                }
		}
	}

with this:

Code Select


if ($id_member != 0) {
		// is the member data cached?
			    $request = $smcFunc['db_query']('', '
				    SELECT mem.*, IFNULL(a.id_attach, 0) AS id_attach, a.filename, a.attachment_type
				    FROM {db_prefix}members AS mem
					    LEFT JOIN {db_prefix}attachments AS a ON (a.id_member = {int:id_member})
				    WHERE mem.id_member = {int:id_member}
				    LIMIT 1',
				    array(
					    'id_member' => $id_member,
				    )
			    );

			    $user_settings = $smcFunc['db_fetch_assoc']($request);
			    $smcFunc['db_free_result']($request);
	}

and see if that works for you

wushdishmeen · July 14, 2011, 04:25:20 PM

I see you updated the code and now it works properly. However, it didn't change anything as I am still getting redirected to the SMF login whether I'm logged in or not.

Here is the dump of $user_info again. Same as before

Code Select

array(27) { ["groups"]=> array(1) { [0]=> int(-1) } ["possibly_robot"]=> bool(false) ["id"]=> int(0) ["username"]=> string(0) "" ["name"]=> string(0) "" ["email"]=> string(0) "" ["passwd"]=> string(0) "" ["language"]=> string(7) "english" ["is_guest"]=> bool(true) ["is_admin"]=> bool(false) ["theme"]=> int(0) ["last_login"]=> int(0) ["ip"]=> string(12) "123.45.67.89" ["ip2"]=> NULL ["posts"]=> int(0) ["time_format"]=> string(22) "%B %d, %Y, %I:%M:%S %p" ["time_offset"]=> int(0) ["avatar"]=> array(4) { ["url"]=> string(0) "" ["filename"]=> string(0) "" ["custom_dir"]=> bool(false) ["id_attach"]=> int(0) } ["smiley_set"]=> string(0) "" ["messages"]=> int(0) ["unread_messages"]=> int(0) ["total_time_logged_in"]=> int(0) ["buddies"]=> array(0) { } ["ignoreboards"]=> array(0) { } ["ignoreusers"]=> array(0) { } ["warning"]=> int(0) ["permissions"]=> array(0) { } }

This is possibly the most annoying problem ever!!!

Andre N · July 14, 2011, 04:32:51 PM

I edited my above post, try it now.

I don't know if exposing your password hash is a security issue, but I would delete your post above with the cookie value :p

wushdishmeen · July 14, 2011, 04:51:10 PM

You still never told me what the loadUserData function was? There is no function with that name in the smf_2_api.php file and you told me I didn't need to include the loadUserSettings function so what exactly should I be putting after the call to the API?

Also, that function that I just replaced seems to deal with the user data being cached within SMF and not wordpress. What exactly were you attempting with the code you replaced and what is your ideas on what may be wrong?

Andre N · July 14, 2011, 04:57:53 PM

<?php
require_once( api file);
if ($user_info['is_guest']) {
//redirect to smf login
}
?>

That's all you need. Make the change to the api file I put in the thread above and see if that works for you.
The function I meant was smfapi_loadUserSettings. When you require_once the api it will call the function for you.

Yes, we are bypassing the smf cache and geting the user info directly out of the db, so let's see if it works

wushdishmeen · July 14, 2011, 05:11:51 PM

The code you said to replace is the same as it was a few seconds ago. I already replaced it with the updated code and I placed the code in the index.php already and that's what I was saying was causing the same issue. It redirects to the login page whether I'm logged in or not.

Nothing has changed. I also for now replaced the header redirect with just an echo function that says "GUEST" at the top of the page if it recognizes me as a guest. It still says Guest... so whenever that disappears from the page it will mean that it's finally recognizing me as logged in.

Looks like we're still stuck at square one. I hope you aren't tapped out. If you can get this to work I would be willing to compensate you if that motivates you. This is extremely important that it works.

Andre N · July 14, 2011, 05:18:55 PM

I'm not tapped. And I think we're getting closer.
Could you pm me your ftp login details? It would be a lot faster that way...

wushdishmeen · July 14, 2011, 05:33:21 PM

That I can't do unfortunately. I wish I could but the site is pretty big and security issues are the biggest concern which is exactly why fixing this issue is so important. It keeps non-members out of a portion of my site that has been accessible to outsiders due to the coding clashing somewhere. I spent 8 months trying to figure out what was clashing and I couldn't. The way my site is setup is that it's a network of websites with multiple scripts installed such as SMF, wordpress, clipbuckets, etc; and I use the SMF forum as the login session for the entire site. So if a user is not a member of my SMF forum and not logged into it they cannot access any of the other subdomains on my site since I have the SMF login check integrated into all of them with the is_not_guest function from SSI.php. It works perfectly everywhere else and used to work in wordpress until an update happened.

Also the area of my site I'm working on is visited by 1000 unique visitors a day so when something goes wrong I have to immediately change it back as to not disturb user access. If it was just some crappy site nobody cared about I wouldn't mind giving limited FTP access.

Plus I rather not just let someone do it and not see the process and learn nothing. I would like to see how it's being fixed. You're not missing anything by not having access other than a few seconds of time for me to respond and tell you what's happening. It would be the same through trial and error as I can assure you I'm doing exactly what you're saying to do. My word press files are practically stock PHP and I haven't ever touched the SSI.php nor the smf_2_api.php files other than what you told me to change. So you have access to the same files I'm using.

The only alternative to this problem is to find a user bridge that actually works. Something that will import all of my current SMF users into wordpress user database and then will upkeep any new SMF members and add them to wordpress either automatically or by a manual update. None of the bridge plugins I've found have worked so far.

SlammedDime · July 14, 2011, 05:50:17 PM

Have you tried this: http://custom.simplemachines.org/mods/index.php?mod=3008

wushdishmeen · July 14, 2011, 05:55:39 PM

Is that your plugin? I actually responded to your thread on here because I have SMF 2.0 RC3 and the plugin wont work. I tried using the emulation mode to emulate RC5 and it gave me errors. If you could get that to work with SMF 2.0 RC3 that would be extremely helpful.

The reason I can't upgrade to SMF 2.0 RC5 yet is because some really important addons that I use aren't compatible with any version above RC3 at the moment.

Here is a link to my post and the error I had http://www.simplemachines.org/community/index.php?topic=434738.msg3088232#msg3088232

SlammedDime · July 14, 2011, 05:58:53 PM

Ah yes, I remember... there is no way to make it rc3- compatible... but SMF 2.0 Final is out now... I would strongly suggest looking into the addons you're having compatibility issues with to see if they've either been updated, or you can emulate a lower SMF version to make them work on final.

wushdishmeen · July 14, 2011, 06:06:09 PM

That's a good idea. But does your plugin work with SMF 2.0 or just RC5? I did actually check to see if newer versions were out and they weren't at the time but I see that some of them have been updated in the past few days so I'll have to definitely check that out.

Does the plugin integrate existing users from SMF into wordpress? I can't start from scratch as I have over 11,000 registered users already. Also, my SMF forum is in a totally different folder than my wordpress blog. SMF is in public_html/forum and the wordpress is in public_html/blog

Any issues with that? I know a lot of the previous plugins did.

SlammedDime · July 14, 2011, 06:13:00 PM

If a user exists in either SMF or Wordpress, but not the other, they will be created in the other automatically upon login. (and yes, it should work with SMF 2.0 final, as it makes no code changes to SMF, and the integration hooks did not change between those releases.

wushdishmeen · July 14, 2011, 06:14:42 PM

Does your plugin work with 3.2.1? I am currently using Wordpress 3.1.3 and haven't updated yet.

Kindred · July 14, 2011, 06:43:21 PM

you really need to upgrade both your smf and wordpress installations, especially ifsecurity is as big a concern as you say....

wushdishmeen · July 14, 2011, 07:06:01 PM

I'm updating my SMF to 2.0 at the moment and I upgraded my WP to 3.2.1

wushdishmeen · July 14, 2011, 08:17:04 PM

Your bridge plugin doesn't seem to work. I upgraded to SMF 2.0 and WP 3.2.1 and then installed your plugin by emulating RC5 and when I logged out of my wordpress it said something like "your login session is missing the SALT codes" and made me go to some site that reads out a bunch of codes and tells me to add it to my wp-config.php file. So I copied them and replaced the existing codes in my wp-config.php and visiting my blog creates the same exact issue I had with the other crap.

It just keeps redirecting me to the SMF login and whether I'm logged into SMF or not.

One thing that does seem to work is that when people login to SMF it seems to create the account on the wordpress. Which is a GOOD START. However, I have to de-activate the "redirect wp-login.php to SMF" option otherwise I get the infamous endless login loop. So I can at least have the users be transferred and then use my "Members only" plugin on my wordpress to keep out people who aren't an SMF member.

The only issue I notice is that when I log out of the SMF forum I am not logged out of wordpress.

SlammedDime · July 15, 2011, 10:49:30 AM

Are you using subdomains between SMF and/or Wordpress? If so, that could be why it might not be working quite right, as there is an issue with subdomains at the moment.

wushdishmeen · July 15, 2011, 06:21:18 PM

Yea I am. Like I said that seems to always be the issue with these plugins. Not many people keep SMF and Wordpress in the same folder so if you could get that to work that would be great.

Also, I am noticing that it takes awhile for the wordpress to create the account after the user logs in to SMF. They've been having to clear their cookies just for it to start working and sometimes it takes multiple SMF logins for it to transfer.

But all in all it is a good temporary fix for my issue and is keeping non-members out. Only issue is that actual members are having trouble getting in every so often. But they eventually get in after a few tries.

Thanks

SlammedDime · July 15, 2011, 06:37:37 PM

The account creation is instant into the Wordpress database, it's a direct database insert from SMF (however if they don't exist in one of the systems, they will get a prompt that password security has been upgraded and they need to log in again so that the plaintext password is sent to SMF, instead of SMF's hashed version).

wushdishmeen · July 15, 2011, 10:43:50 PM

Yea I saw that. Currently I am not allowing registration in either wordpress or SMF. So I am only using this to transfer my existing SMF users over to the wordpress. So I'm telling all of my members to log out of SMF and log back in so an account gets created on the wordpress. It's been working for most of my members but some of them are having trouble getting an account to appear on the wordpress blog after logging into SMF.

Most of the users having trouble seem to be using Internet Explorer instead of FireFox. Could browser choice be involved in the issues?

When you log into SMF does your password get transferred to the wordpress account as well or is it only the username and email and you have to reset your pw on the wordpress just to get in?

SlammedDime · July 15, 2011, 10:55:58 PM

When they log into SMF, and they don't yet exist in WP, SMF will ask them to log in again, so that a plaintext password is sent back to SMF. The mod then takes that password and creates a WP styled password and inserts it into the WP database so they can log into WP using that password.

wushdishmeen · July 15, 2011, 10:59:29 PM

Some people are having trouble though. They logged out of my SMF forum, got the prompt about security, then typed their username and password and logged back into SMF. Then they went to my wordpress and their username existed but the SMF password was not working. SO then they had to use the "password reset" on my wordpress just to get their password to work.

It seems it's not transfering the password correctly for some people. But 1000 people got in successfully with no issue... it's only about 20-30 people who seem to have to reset their password.

1-2 people it didn't even create a wordpress account for them at all until after 10-15 attempts.

News:

Problem integrating SMF Login Check into Wordpress!!!!