External Authentication

Post by **mattsches** » Fri Feb 23, 2007 10:44 am

Nope, didn't help. Maybe I should search some Firefox forums for this issue ...

Update: Well, not a Firefox forum, but the PHP doc comments. The following code seems to work for me:

Code: Select all

function serendipity_setCookie($name,$value, $securebyprot=TRUE) {
    global $serendipity;

    if ($securebyprot) {
        $secure = (strtolower($_SERVER['HTTPS']) == 'on') ? true : false;
    } else {
        $secure = FALSE;
    }
    $domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
    setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath'], $domain, $secure);
    $_COOKIE[$name] = $value;
    $serendipity['COOKIE'][$name] = $value;
}

Post by **garvinhicking** » Fri Feb 23, 2007 11:38 am

Hi!

Which IP did you use for 'localhost'? 127.0.0.1, or a real IP address? The former might not work, but a real IP address like 192.168.0.42 should really work...?!?

But adding that patch to the s9y code shouldn't be too hard. Maybe once rrichards can comment on your other problem -- or did I wrongly understand it, and with the patch you last posted his patches work fine already?

Then all that's missing to commit his code is the First-Time-Language Perma-Cookie, right?

Regards,
Garvin

rrichards_ · Post by **rrichards_** » Fri Feb 23, 2007 1:55 pm

I believe that all the problems were one in the same. Please let me know if I am incorrect there.

I have updated my patch to include the new language cookie: http://www.cdatazone.org/files/serendip ... .patch.txt
Old patch is still there just named with patch-old.txt in case someone wants it for reference. From my testing it seems to work pretty well and I hope I didn't miss anything. After logout, the next time you navigate to the site, it remembers your user defined language even though you haven't yet logged in and will use that as the fallback rather than the system defined default.

I did make one change to the code, not sure if it is necessary, but hopefully to prevent any further issues. I check for ! empty() rather than isset() just in case the session or cookie lang get set with NULL or an empty value. Logically I dont see how this could happen, but would have at least prevented the problem mattsches had when absolutely no language got detected.

Rob

Post by **garvinhicking** » Fri Feb 23, 2007 2:58 pm

Hi Rob!

First tests seemed to make it work flawlessly here, so I just committed it to SVN.

I'll wait this weekend for first tests by snapshot users, and on Monday will announce to the forums and the official blog to ask people that are using multilingual facilities and HTTPS logins to check out the changes and see if they all work for everyone.

Many thanks for all that. I see OpenID-light at the end of the tunnel?

Best regards,
Garvin

Post by **mattsches** » Fri Feb 23, 2007 8:15 pm

In fact, everything works fine now for me, both patches applied. I use 127.0.0.1 for localhost, so the problem shouldn't occur anywhere else, i.e. "real-life" installations. Sorry for all the trouble

But now we're back on the right track again ... OpenID here we come

- Mattsches

Post by **garvinhicking** » Tue Feb 27, 2007 11:05 am

(Posted announcement to this thread on the announcement-section and on blog.s9y.org)

judebert · Post by **judebert** » Fri Mar 02, 2007 4:45 am

Step 2: Turn every Serendipity blog into an OpenID server (besides allowing OpenID authentication as a client).

Step 3: Profit!!! (Sorry, couldn't resist.)

tchirou · Post by **tchirou** » Thu Mar 08, 2007 2:33 pm

Hi,

I am not really sure if I should post here but...

I installed yesterday the Http authentication plugin. But i found this morning that I couldn't log out. I click on "log out" of the Userlogin plugin and it doesn't work (it didn't work before, but I try not being too greedy

). And when I go to the administration panel and I click on log out and I return to the weblog, I am still loggued in. I tried with IE and Firefox.

Weird, don't you think ?

Anyone experienced this before ?

Post by **garvinhicking** » Thu Mar 08, 2007 2:35 pm

Hi!

HTTP authentication cannot be cleared with login functionality easily - you will need to close your browser to delete HTTP authentication facilities.

There are complicated workarounds to fake a wrong authentication on a site to clear the working one, but that is quite nasty.

Regards,
Garvin

tchirou · Post by **tchirou** » Thu Mar 08, 2007 2:55 pm

Ok then.

It is not a serious issue anyway

Thanks for the quick answer

Post by **garvinhicking** » Sun Mar 11, 2007 1:30 pm

Hi!

stm9x9 from the forums reported a problem about the language system:

When he uses external plugins (like the livesearch plugin) (those are called using the 'external_plugin' hook) they seem to emit only the language constants, not their values - which suggests that no lang file is loaded at that point.

He also reports that trackback notifications (where comment.php is called from users that have no HTTP cookie, as trackbacks are sent without an actual user specifying any HTTP-Headers) also only contain constant names.

I can confirm at least the first problem: When I install the livesearch event plugin and the quicksearch sidebar plugin, then go to my blog and enter a word that is not found anywhere, I get the output "PLUGIN_EVENT_LIVESEARCH_NOTFOUND" instead of the localized content like "Word not found". This does not happen with the versions prior to the language patch.

Any ideas?

Best regards,
Garvin

rrichards_ · Post by **rrichards_** » Sun Mar 11, 2007 2:24 pm

Hi Garvin,

Currently can't find any issues other than my observations noted in the following. I might need more clarification on the comments issue.
I am also using the latest source code from SVN (as of about 1 hour prior to this post).

garvinhicking wrote:He also reports that trackback notifications (where comment.php is called from users that have no HTTP cookie, as trackbacks are sent without an actual user specifying any HTTP-Headers) also only contain constant names.

I will need exact steps and where the problem happens. I tried to replicate this here, but can't so might be doing something wrong. I did the following:
- set default blog language to French
- telnet into blog at port 80 (insures I have no headers/cookies/etc..)
- set a trackback GET /comment.php?type=trackback&....
- response is XMl snippet indicating success (saw correct output too when failed)
- they are set to moderate so I received email (in French) telling me I need to approve it

If the problem manifests itself using different steps I please provide them.

garvinhicking wrote:I can confirm at least the first problem: When I install the livesearch event plugin and the quicksearch sidebar plugin, then go to my blog and enter a word that is not found anywhere, I get the output "PLUGIN_EVENT_LIVESEARCH_NOTFOUND" instead of the localized content like "Word not found". This does not happen with the versions prior to the language patch.

Are you absolutely sure it worked before? I grep'd the source and PLUGIN_EVENT_LIVESEARCH_NOTFOUND is not defined anywhere (so PHP outputs the constant name). The language must be working here because PLUGIN_EVENT_LIVESEARCH_WAIT is replaced with the correct content (and those 2 are resolved at the same time).

Rob

Post by **garvinhicking** » Sun Mar 11, 2007 2:35 pm

Hi Rob!

Oh, dang. The livesearch thing was my fault. I was testing previously where I had the new constant, but it was not committed to SVN. When I now checked the thing I used a fresh install, where of course the not committed file was not supplied.

So this works now, I just committed the missing constant.

About the trackback issue, I hope stm9x9 will report here with the steps or the example mail that held constants?

Many thanks for responding so quickly.

Best regards,
Garvin

stm999999999 · Post by **stm999999999** » Sun Mar 11, 2007 8:59 pm

in the moment - unfortunality (or fortunately?!) - I get normal trackback notifications. But I have a sample of the malformed:

Code: Select all

Date: Fri,  2 Mar 2007 13:49:39 +0100 (CET)
Subject: [] [REQUIRES_REVIEW] NEW_TRACKBACK_TO Palmsonntag 2006

A_NEW_TRACKBACK_BLAHBLAH

REQUIRES_REVIEW: YES (Auto-moderation after X days)
LINK_TO_ENTRY: index.php?/archives/xxx.html
Weblog NAME: Protonix.
LINK_TO_REMOTE_ENTRY: http://protonix.canceab.info

EXCERPT:
Protonix.

----
YOU_HAVE_THESE_OPTIONS
  THIS_TRACKBACK_NEEDS_REVIEW
   VIEW_ENTRY      -- index.php?/archives/xxx.html
   DELETE_TRACKBACK -- index.php?/delete/trackback/xxx.html
   APPROVE_TRACKBACK -- index.php?/approve/trackback/xxx.html
SIGNATURE

rrichards_ · Post by **rrichards_** » Mon Mar 12, 2007 11:35 am

stm999999999 wrote:in the moment - unfortunality (or fortunately?!) - I get normal trackback notifications. But I have a sample of the malformed:
Code: Select all
Date: Fri,  2 Mar 2007 13:49:39 +0100 (CET)
Subject: [] [REQUIRES_REVIEW] NEW_TRACKBACK_TO Palmsonntag 2006

I've gone through the code and still can't see how that could have happened (without something outside of the changes causing this).

- Has the problem happened since March 2?
- Did you have any installation problems that might have caused an issue?
- Have you made any changes since it last happened?
change file permissions?
change file ownership?
any changes at all to the site or server?
- Whats the datestamp of the serendipity snapshot you used when this problem last occurred?

The answers might help narrow down how/why this happened and possibly whether or not it is still an issue.

Rob