The MU forums have moved to WordPress.org

More Privacy Options Plugin Issues (36 posts)

  1. Trent
    Member
    Posted 14 years ago #

    I was just wondering if anyone else is having some issues with this plugin not "always" working when the blog is using the default theme. I am in the process of seeing if this works correctly all the time with another theme, but I have personally found that it sometimes kicks private blogs public when using the default theme.

    So basically, if a blog puts the privacy options to "subscribers" or "adminstrators" only, it sets it and seems to work, but not all the time. Strange, but I can't seem to figure out why this would happen. Is there something with the default theme that trumps this at times? It only seems to "screw up" after someone creates a new blog that is also now using the default theme.

    Any help would be appreciated!

    Trent

  2. Trent
    Member
    Posted 14 years ago #

    OK. Confirmed this is happening for me even with using other themes. Does anyone have any ideas on what could be causing this plugin not to be loading? That or a way to get it to load first ;)

    Trent

  3. Trent
    Member
    Posted 14 years ago #

    I might have a it narrowed down to wp-cache, object cache or super-cache doing me a solid by serving up cached pages. Anyone got a clue how you could stop the caching of private blogs?

    Trent

  4. dsader
    Member
    Posted 14 years ago #

    You can change the order of an add_action:

    For example, find

    add_action('template_redirect', 'ds_users_authenticator');

    and change it to

    add_action('template_redirect', 'ds_users_authenticator', 1);

    or

    add_action('template_redirect', 'ds_users_authenticator', 200);

    I haven't changed the plugin as I haven't noticed it do what you describe in my install.

  5. dsader
    Member
    Posted 14 years ago #

    Again, I used the super-cache too, but users were usually annoyed when their pages/widgets/themes don't update ASAP. I recall no "my blog ain't private anymore" problems popping up. Curious.

  6. dsader
    Member
    Posted 14 years ago #

    A backend admin with a check box for each blog enabling or disabling caching would be kind of cool, again for the busiest blogs anyway. I'm not swift enough to know at which point an individual blog needs to be cached or not. There is no "load per blog" stats to help me out.

  7. Trent
    Member
    Posted 14 years ago #

    Thanks dsader for the reply and I have to say I just love this plugin and the my comments plugin as well :) I will adjust the add_action loading to 1 and see if that is something that can try and fix it. I also changed wp-cache to at least not cache the index pages of blog and see if that also helps.

    It would be nice to be able to turn off caching on a blog by blog basis, but the architecture seems more to stop certain URL's or paths from being cached, but nothing before the root URL.

    Not sure if anyone else really uses this in conjunction with your plugin, but I would be interested in what others have done to try and fix this issue.

    Strangest thing is that it seems to works for several days, but random checks with a browser reset shows that after time, it seems to begin to fail and it is a "cached" page that is shown.

    I am still a bit lost :)

    Trent

  8. Trent
    Member
    Posted 14 years ago #

    There is no doubt in my mind that the plugin works perfectly fine and even changing the loading priority will never fix this if you use wp-cache or wp-super-cache as the "cached" page will always load without even finding out if the blog is private or not :)

    The only solution is changing the cache plugins to not cache private blogs (extensive work) or just not run it globally, but on blogs that are active traffic generators in the normal plugins directory (which also requires work to not use the standard wp-content directory).

    I am still exploring other options to try and fix this, but have had to turn off the caching while I dream this up. Thanks for the help.

    Trent

  9. burekc
    Member
    Posted 14 years ago #

    Hi Trent,
    I'm experiencing the same thing, however, I don't have any caching plugin installed. From what I understand, the WP internal caching is turned off by default. I haven't changed that either. Since turning off your caching plugins, has the problem been resolved? Have you come up with any other solution?

  10. Trent
    Member
    Posted 14 years ago #

    It was actually not even wp-cache that was giving me the issue, but wp-super-cache that was screwing up the private blogs since it would cache a "logged in" user and serve up that page. Since we are talking a small amount of blogs that benefit at all from caching right now, I have an array in wp-config.php around the cache definition to only cache the blogs I put in the array. All private blogs are free from cache and working fine.

    One thing to note is to physically remove the caching files from wp-content/cache/ as until they are gone, the private blogs may show up with the previously cached files :) That might be your problem. Object cache shouldn't be the problem for you, but TRAC revision 1201 is the "fixed" cache file if you want to get that to be sure.

    I am thinking if you want sitewide caching, the best bet would be to query for "public blogs" being 1 and then fill the array that way to turn caching on only for blogs listed 100% public. I am not sure yet how to do this, but I am working on calling another file that defines that cache from wp-config.php querying the DB. Problem really is that is a "big" query on larger sites. It might be better to reverse it and query for "private blogs" and then exclude them.

    Thoughts?

    Trent

  11. burekc
    Member
    Posted 14 years ago #

    Hi Trent,
    I'm not using wp-super-cache. In fact, the installation of MU that I have is a test and only contains one blog, so I definitely don't need caching. I don't have a wp-content/cache folder. I'm starting to wonder if it has anything to do with caching or if it's some other problem I can't identify. I'll keep you posted.
    Thanks!

  12. Trent
    Member
    Posted 14 years ago #

    Did you check the WPMU site admin editing of the blog to make sure it is "-2" or "-3" in the public portion for that blog? Making sure the plugin is actually changing the public status of the blog?

    Trent

  13. burekc
    Member
    Posted 14 years ago #

    I checked the database table and the privacy setting for that blog is actually -2. It's interesting, I'm not actually seeing any checking for privacy status in the wpmu code anywhere, though I haven't gotten through everything yet....

  14. burekc
    Member
    Posted 14 years ago #

    I think I've fixed things. I added ds_users_authenticator(); to the top of my theme index file and now it consistently redirects me to the login page. I'll keep an eye on it for the next week and if it goes back to public again, I'll let you know.
    Thanks!

  15. Trent
    Member
    Posted 14 years ago #

    It must have been the fact that your theme didn't have the footer call in it? That can be a problem as well.

    Trent

  16. n3x
    Member
    Posted 14 years ago #

    I'm having the same problem as you guys but i have a new install of WP and only the more privacy options plugin active. I just started using wordpress so most of you post seems a bit techy for me. Now where should i add the ds_users_authenticator(); line and what should it say. values and so on.... sorry for being a n00b :)

  17. dsader
    Member
    Posted 14 years ago #

    1.5.1 must not do user_cookies the same, I don't know how/why. Easy fix. No more cookie checks. Using core global vars instead.

    Download the plugin again.http://wpmudevorg.wordpress.com/project/More-Privacy-Options

    FYI, I've replaced:
    if ( (!empty($_COOKIE[USER_COOKIE]) && !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) || (empty($_COOKIE[USER_COOKIE])) ) {

    with
    global $user_level; if ( !isset($user_level) ) {

    My test sites seem to be working. Give it another try.

  18. Trent
    Member
    Posted 14 years ago #

    Your plugin as is works fine with WPMU 1.5.1 and latest TRAC, so I am not sure what to say. As long as your theme files footer.php have the following, it should work without adding that call:

    <?php wp_footer(); ?>

    Trent

  19. dsader
    Member
    Posted 14 years ago #

    Trent, try the "community only" setting. My install(with cookie check) explodes into a zillion redirects.

  20. Trent
    Member
    Posted 14 years ago #

    Ah, the option myself nor my users have used yet :) I will have to change that! Thanks!y

  21. rcain
    Member
    Posted 13 years ago #

    Hi, I'm having a bit of a problem with this plugin, wonder if anyone can cast a light.

    my objectives:
    1) allow (read-only) access to blog_2 to subscribers of blog_2 only via login
    2) disallow any access to any back-end functions (including even user options, reset password, etc) by any user other than admin of blog_2 and site.

    first problem first::
    ---------------------

    a) logged in as site admin
    b) plugin installs ok and seems to execute ok in admin.
    c) i set site_admin, options, site_privacy = 'Default: privacy managed per blog'
    d) i add user testuser (subscriber) to site_admin, blogs, edit (blog_2).
    e) i set site_admin, blogs, edit (blog_2), more privacy options = 'blog members only'

    f) i log out of admin.
    g) i can access main site (blog_1) without login - as expected
    h) however, i can still access blog_2 without login - this is not what is expected; i expected to be forced to login.

    i have traced the ds_private_blog plugin code and $blog[ 'public' ] == -2 and ds_members_authenticator() is called as expected. (although i don't understand why the code is conditional on !current_user_can('read') in all cases, meaning that for this 'subscriber' user, no code is actually executed - seems counter-intuitive).

    if i set site_admin, options, site_privacy = 'Site can be viewed by registered users of this community only.' - then i am forced to login to both main site and blog_2 - as expected, but this is not what i want.

    has anyone else got the 'blog members only' (meaning blog subscribers?) option working?

    maybe just my understanding of how this plugin is supposed to work/confusion over 'subscriber' Vs 'member'.

    any help most appreciated.

    The config I am using is::
    wpmu 2.6.2,
    ds_private_blog_2_7 ('more privacy options'),
    also:
    role manager 2.2.2,
    role scoper 0.9.27,
    (i do not believe these last two plugins are conflicting in any way).

  22. dsader
    Member
    Posted 13 years ago #

    rcain, I do your step e), and f) always asks for a login with "The _____ can be viewed by members of this blog only" message. I can't reproduce your result.

    Member of Blog = Subscriber, Contributor, Author, Editor, Administrator
    Member of Site = Any Logged in User
    In MU a logged in user is not a member of any other blog but their own by default. While viewing other blogs, their status as logged in is still detected by the host blog.

    The subscriber capability, current_user_can('read') , is part of each "superior" role(contributor,author,editor, admin) as well by default. But in MU there is also a logged in user with no role or caps which is made inferior to Subscriber as it has no current_user_can('read'), but is still a $current_user. So being logged in to the site, but not able to read is a necessary condition to exclude logged in site members from a particular blog but allow logged in blog members to view it.

    I do not use role manager 2.2.2, role scoper 0.9.27, and did not during plugin develpment.

    Does the Privacy Plugin behave as expected on a blog that has never had the Role Scoper or Role Manager active?

    I suspect plugins(Role Scoper and/or Role Manager) are indeed reassigning the subcriber cap to a non-logged in users. Even when the plugin is inactive!

    Install Note: "Please use this plugin with care, because all changes you make, are persistent. This means that if you deactivate the "Role Manager Plugin" your changes stay active!"

  23. rcain
    Member
    Posted 13 years ago #

    Hi dsader,
    Thanks very much for your response. Your explanation certainly seems to make sense - I hadn't realized that WP and WPMU differed in the way you describe re user capability and logged-in status. Thanks for that.

    I will try out the ds_private_blog plugin without role_manager and without role_scoper as you suggest. (I do now suspect it will work under those circumstances, from what you say - and i heed your note on irreversibility).

    i am using WPMU for several different customers, each of whom require separate multiple 'lock-down' areas for each of their customers in turn. this is becoming quite a common requirements pattern, so to come up with a good, fine-granularity' security solution is worth some extra effort on my part.

    I'll post any further useful info that emerges on this thread.

    thanks again. will keep you posted.

  24. rcain
    Member
    Posted 13 years ago #

    Hi again dsader,
    Heres the latest - i have achieved moderate success (and moving forwards):

    firstly: role_manager plugin ( http://www.im-web-gefunden.de/wordpress-plugins/role-manager/ ) isnt yet formally supported on mu, though i read that the author is working on it. i am pretty sure the same is true of role_scoper plugin ( http://agapetry.net/news/introducing-role-scoper/ ).

    so, i think your hunch was right - conflicts and incompatibilities were happening.

    however, i now seem to have pretty much got it all going together (at least the functionality i require at this stage - blog-member-only access). i changed your code to the following:

    function ds_members_authenticator () {
    
    global $user_level, $current_user;
    global $current_blog;
    
    if (!is_user_logged_in() || !is_user_member_of_blog($current_user->ID, $current_blog->blog_id)) {
    
    		nocache_headers();
    		header("HTTP/1.1 302 Moved Temporarily");
    		header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
              	header("Status: 302 Moved Temporarily");
    	exit();
    	}
    	}

    (hope this is readable).
    in other words:
    a) i have rewritten your original logic to detect access and permissions using is_user_logged_in() and is_user_member_of_blog() functions
    b) i have removed the call to delayed login screen and just redirected to intended page via login/redirect, as per your original code.

    now all seems to work as expected (with wp mu + role_manager + role_scoper + ds_private_blog config), so far as ive tested, though by no means tested fully yet.

    i am sure your original code was perfect for what you intended it to do; my requirements are 'slightly different' perhaps but similar. in particular, i couldnt see any (personal) need for the delayed-login logic path - but perhaps i am missing something critical in your original thinking?

    can you see any problems looming with the way i've gone about this?

    very best regards
    and thanks again

  25. dsader
    Member
    Posted 13 years ago #

    The delay was to provide users a clue as to why they were redirected away from a private blog is all. The redirect is so quick it may appear the locked blog doesn't exist at all, creating confusion.

  26. apaulfx
    Member
    Posted 13 years ago #

    im using this same plug in integrated with buddy press. I was wondering if anyone knows how I can correct the image permissions. I noticed that as soon as I installed the plug in that my avatars displayed a 404 not found. I'm guessing it set a permissions to displaying images. Any ideas?

  27. mscheib13
    Member
    Posted 13 years ago #

    I have this plug-in added to a mu install in order to keep student blogs as safe as possible. I created 20 student blogs and set them all so only "site registered users" could see the blogs. Each blog is set up so the student and the teacher are administrators of the blog. The plug-in works exactly as expected in Firefox, but we are running into issues when attempting to view the blogs in IE.

    When students go to their blog in IE they are asked to log in as expected. The student logs in, but the log in never seems to register, the student is asked to log in again and again without ever actually being able to view their blog. I too (as site administrator) am unable to view or log in to the student blogs via IE because the log in never seems to take. Is there a setting that I am missing?

  28. josswinn
    Member
    Posted 13 years ago #

    I"m testing this plugin on a WPMU 2.7 and BuddyPress (both from SVN) installation. It can turn BuddyPress into a private social network quite simply by making the main/first blog private. However, there's one issue I can see:

    the ../activity/feed RSS feed is private when the 'main' blog is private.

    But, member's activity feeds i.e. ../members/josswinn/activity/feed remains public.

    Any way to fix this? I appreciate that the plugin wasn't written to support BuddyPress, but it's so close to working well on BuddyPress that it would be good to look at this and provide a way to create truely close BuddyPress networks.

    Thanks!

  29. josswinn
    Member
    Posted 13 years ago #

    I've since found that this is happening to me on a site installed in a sub-dir but not on an install using wildcard DNS/sub-domain. Can anyone verify this?

  30. gasonline
    Member
    Posted 13 years ago #

    The same happens to me, when install using subdomains work fine. Someone found a solution to sites installed in subdirs?

About this Topic