WordPress Plugin FAQ

Discussion in 'WordPress' started by xfrocks, Mar 1, 2014.

Thread Status:
Not open for further replies.
  1. Have feature suggestions for the WordPress plugin? Post or vote here.
  1. xfrocks

    xfrocks XenForo rocks!
    Staff Member

    How to make login more seamlessly

    1. Go to XenForo AdminCP > Tools > [bd] API > Clients, click the Client for WordPress
    2. Check the "Automatically authorize" boxes as needed

    2a. If you want to skip the authorize form completely, check 3 boxes: READ, POST and CONVERSATE
    2b. If you want to use sync logged-in cookie to work even for users who haven't connected, check 1 box: READ

    Screen Shot 2014-03-11 at 11.20.03 AM.png

    It's not recommended to automatically authorize ADMINCP for security reason.
     
  2. xfrocks

    xfrocks XenForo rocks!
    Staff Member

    XenForo API behind a Password Protected Directory

    If you put the `api` directory behind password (for testing purpose), you will need to perform some edit for it to work. OAuth2 library is not designed to work in such situation so after finish your testing, please revert the file back.

    File: library/bdApi/Lib/oauth2-php/OAuth2.inc

    Find #1:
    PHP:
    private function getAuthorizationHeader() {
        if (
    array_key_exists("HTTP_AUTHORIZATION"$_SERVER))
          return 
    $_SERVER["HTTP_AUTHORIZATION"];

        if (
    function_exists("apache_request_headers")) {
          
    $headers apache_request_headers();

          if (
    array_key_exists("Authorization"$headers))
            return 
    $headers["Authorization"];
        }

        return 
    FALSE;
      }
    Replace with #1:
    PHP:
    private function getAuthorizationHeader() {
        return 
    FALSE;
      }
    Find #2:

    PHP:
    protected function getClientCredentials() {
        if (isset(
    $_SERVER["PHP_AUTH_USER"]) && $_POST && isset($_POST["client_id"]))
          
    $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUESTOAUTH2_ERROR_INVALID_CLIENT);

        
    // Try basic auth
        
    if (isset($_SERVER["PHP_AUTH_USER"]))
          return array(
    $_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]);

        
    // Try POST
        
    if ($_POST && isset($_POST["client_id"])) {
          if (isset(
    $_POST["client_secret"]))
            return array(
    $_POST["client_id"], $_POST["client_secret"]);

          return array(
    $_POST["client_id"], NULL);
        }

        
    // No credentials were specified
        
    $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUESTOAUTH2_ERROR_INVALID_CLIENT);
      }
    Replace with #2:

    PHP:
    protected function getClientCredentials() {
        
    // Try POST
        
    if ($_POST && isset($_POST["client_id"])) {
          if (isset(
    $_POST["client_secret"]))
            return array(
    $_POST["client_id"], $_POST["client_secret"]);

          return array(
    $_POST["client_id"], NULL);
        }

        
    // No credentials were specified
        
    $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUESTOAUTH2_ERROR_INVALID_CLIENT);
      }
     
    CountRock likes this.
Loading...