Giter VIP home page Giter VIP logo

Comments (16)

dellis23 avatar dellis23 commented on August 17, 2024

Thanks for the heads up. I haven't dealt with Wordpress in a while, so I'm not sure what official recommendation I should make for the project in that regard. Is the warning serious? Is it something we could talk with the maintainers of the project about fixing?

from django-wordpress-auth.

Schwankenson avatar Schwankenson commented on August 17, 2024

It is a notive about an undefined var:

Notice: Undefined variable: secure_logged_in_cookie in /srv/www/rg-eat-wp/current/web/app/plugins/root-cookie/root-cookie.php on line 92

Warning: Cannot modify header information - headers already sent by (output started at /srv/www/rg-eat-wp/current/web/app/plugins/root-cookie/root-cookie.php:92) in /srv/www/rg-eat-wp/current/web/app/plugins/root-cookie/root-cookie.php on line 92

Notice: Undefined variable: secure_logged_in_cookie in /srv/www/rg-eat-wp/current/web/app/plugins/root-cookie/root-cookie.php on line 94

Warning: Cannot modify header information - headers already sent by (output started at /srv/www/rg-eat-wp/current/web/app/plugins/root-cookie/root-cookie.php:92) in /srv/www/rg-eat-wp/current/web/app/plugins/root-cookie/root-cookie.php on line 94

Warning: Cannot modify header information - headers already sent by (output started at /srv/www/rg-eat-wp/current/web/app/plugins/root-cookie/root-cookie.php:92) in /srv/www/rg-eat-wp/current/web/wp/wp-includes/pluggable.php on line 1196

I could of course disable the notices on my dev machine, maybe it would work then. But I don`t like the idea of doing this.

Maybe you can link to my gist in your docs with the info, that this code can be used when the root plugin does not work or something like that...

It would be great to have a fully working root cookie plugin, but I don`t have the time to realise this at the moment...

from django-wordpress-auth.

rafaelcanovas avatar rafaelcanovas commented on August 17, 2024

Hi there @Schwankenson, does the Root Cookie plugin developer stopped maintaining it?

from django-wordpress-auth.

dellis23 avatar dellis23 commented on August 17, 2024

I'm not seeing a github page for the project. Here's the Wordpress project page: https://wordpress.org/plugins/root-cookie/ The "support" section appears abandoned. We could try contacting the devs directly, but I'm not sure if this would be appreciated.

from django-wordpress-auth.

rafaelcanovas avatar rafaelcanovas commented on August 17, 2024

So I'm citing here the two developers of root Cookie: @linickx @sc0ttkclark

Guys, our project kinda of depends on root Cookie, do you guys stopped maintaining it?
If yes, are there any alternatives we can use?

from django-wordpress-auth.

sc0ttkclark avatar sc0ttkclark commented on August 17, 2024

It really only consists of two functions which could probably use some updating. I haven't had any projects I needed it for since, so I haven't touched it or maintained it.

if ( !function_exists('wp_set_auth_cookie') ) :
/**
 * Sets the authentication cookies based User ID.
 *
 * The $remember parameter increases the time that the cookie will be kept. The
 * default the cookie is kept without remembering is two days. When $remember is
 * set, the cookies will be kept for 14 days or two weeks.
 *
 * @since 2.5
 *
 * @param int $user_id User ID
 * @param bool $remember Whether to remember the user
 */
    function wp_set_auth_cookie($user_id, $remember = false, $secure = '') {
        if ( $remember ) {
            $expiration = $expire = time() + apply_filters('auth_cookie_expiration', 1209600, $user_id, $remember);
        } else {
            $expiration = time() + apply_filters('auth_cookie_expiration', 172800, $user_id, $remember);
            $expire = 0;
        }

        if ( '' === $secure )
            $secure = is_ssl();     

    if ( $secure ) {
        $auth_cookie_name = SECURE_AUTH_COOKIE;
        $scheme = 'secure_auth';
    } else {
        $auth_cookie_name = AUTH_COOKIE;
        $scheme = 'auth';
    }

    $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme);
    $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in');

    do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme);
    do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in');

    $subdomain = get_option('rootcookie_subdomain');
    $rootcookie_subdomain_manual = get_option('rootcookie_subdomain_manual');

    if($subdomain==1)
        {
            # Use Scotts implementation
            $info = get_bloginfo('url');
            $info = parse_url($info);
            $info = $info['host'];
            $exp = explode('.',$info);
            if(count($exp)==3){$domain = '.'.$exp[1].'.'.$exp[2];}
            elseif(count($exp)==2){$domain = '.'.$info;}
            elseif(3<count($exp)){$exp = array_reverse($exp); $domain = '.'.$exp[1].'.'.$exp[0];}
            else{$domain = COOKIE_DOMAIN;}
        }
    elseif (!is_null($rootcookie_subdomain_manual))
                {
            # Use manual domain name setting
                        $domain = $rootcookie_subdomain_manual;
                }
    else
        {
            # Default
            $domain = COOKIE_DOMAIN;
    }

    setcookie($auth_cookie_name, $auth_cookie, $expire, ROOT_COOKIE, $domain, $secure, true);
    /** Duplicate of above - Created by Find & Replace
    setcookie($auth_cookie_name, $auth_cookie, $expire, ROOT_COOKIE, $domain, $secure, true);
     **/
    setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, ROOT_COOKIE, $domain, $secure_logged_in_cookie, true);
    if ( COOKIEPATH != SITECOOKIEPATH )
        setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true);
}

endif;

if ( !function_exists('wp_clear_auth_cookie') ) :
/**
 * Removes all of the cookies associated with authentication.
 *
 * @since 2.5
 */
function wp_clear_auth_cookie() {
    do_action('clear_auth_cookie');

    $subdomain = get_option('rootcookie_subdomain');
    $rootcookie_subdomain_manual = get_option('rootcookie_subdomain_manual');

    # As ABOVE!
    if($subdomain==1)
        {
            $info = get_bloginfo('url');
            $info = parse_url($info);
            $info = $info['host'];
            $exp = explode('.',$info);
            if(count($exp)==3){$domain = '.'.$exp[1].'.'.$exp[2];}
            elseif(count($exp)==2){$domain = '.'.$info;}
            elseif(3<count($exp)){$exp = array_reverse($exp); $domain = '.'.$exp[1].'.'.$exp[0];}
            else{$domain = COOKIE_DOMAIN;}
        }
    elseif (!is_null($rootcookie_subdomain_manual)) 
        {
            $domain = $rootcookie_subdomain_manual;
        }
    else
        {
            $domain = COOKIE_DOMAIN;
    }

    /** Clear All possible cookies **/

    setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, COOKIE_DOMAIN);
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, $domain);
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, $domain);

    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN);
    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, COOKIE_DOMAIN);
    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, $domain);
    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, $domain);

    setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, $domain);

    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);
    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, $domain);

    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, COOKIE_DOMAIN);
    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, $domain);
    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, COOKIEPATH, $domain);

    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
    setcookie(LOGGED_IN_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, $domain);

    // Old cookies
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, COOKIE_DOMAIN);
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, $domain);
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, $domain);

    setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
    setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, $domain);

    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, COOKIE_DOMAIN);
    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, $domain);
    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, $domain);

    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
    setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, $domain);

    // Even older cookies
    setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
    setcookie(USER_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, COOKIE_DOMAIN);
    setcookie(USER_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, $domain);
    setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, $domain);

    setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
    setcookie(PASS_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, COOKIE_DOMAIN);
    setcookie(PASS_COOKIE, ' ', time() - 31536000, ROOT_COOKIE, $domain);
    setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, $domain);

    setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
    setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, $domain);

    setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
    setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, $domain);


}
endif;

Now a-days, I just set COOKIE_DOMAIN and COOKIEHASH in wp-config.php and I'm done with it:

define( 'COOKIE_DOMAIN', '.mysite.com' );
define( 'COOKIEHASH', '98b55b55a06b5d9d360adc59a4a5e38f' );

from django-wordpress-auth.

sc0ttkclark avatar sc0ttkclark commented on August 17, 2024

To clarify the above, when I use COOKIE_DOMAIN and COOKIEHASH, I don't have to worry about having a separate plugin active at all.

There are additional constants you can use too:

  • COOKIEPATH
  • SITECOOKIEPATH
  • ADMIN_COOKIE_PATH
  • COOKIE_DOMAIN
  • COOKIEHASH

The important thing is to set COOKIEHASH if you intend of sharing the same cookie across multiple sites / domains / paths. It's what ties together all of the user / auth cookies. By default, it's built from the site URL:

/**
     * Used to guarantee unique hash cookies
     *
     * @since 1.5.0
     */
    if ( !defined( 'COOKIEHASH' ) ) {
        $siteurl = get_site_option( 'siteurl' );
        if ( $siteurl )
            define( 'COOKIEHASH', md5( $siteurl ) );
        else
            define( 'COOKIEHASH', '' );
    }

from django-wordpress-auth.

rafaelcanovas avatar rafaelcanovas commented on August 17, 2024

@sc0ttkclark so you're saying we can dig root Cookie and instruct the user to set COOKIE_DOMAIN and COOKIEHASH and WordPress will handle itself?

from django-wordpress-auth.

sc0ttkclark avatar sc0ttkclark commented on August 17, 2024

Yeah, you should be able to safely ditch Root Cookie and start using COOKIE_DOMAIN / COOKIEHASH moving forward.

from django-wordpress-auth.

linickx avatar linickx commented on August 17, 2024

Hi, I've been in the same position as @sc0ttkclark ... no recent requirements, so the plugin has not been maintained.

@dellis23 @mstrcnvs - Pls let me know how you get on with the ^above^ suggestion.

Historically each update/fix has been in response to someone else needing it, so I'll wait an see how you get on 😉

from django-wordpress-auth.

dellis23 avatar dellis23 commented on August 17, 2024

Thanks @sc0ttkclark and @linickx. I'm fine with removing root cookie as a requirement and recommending setting those values. @Schwankenson or @mstrcnvs, would one of you be willing to test out this recommendation to make sure it still enables django-wordpress-auth to work? I'm no longer maintaining a project that uses it, so I have no good way to verify.

from django-wordpress-auth.

rafaelcanovas avatar rafaelcanovas commented on August 17, 2024

I'm no longer maintaning the project that I was using django-wordpress-auth, I'm afraid I can't help right now.

My concern with ditching root Cookie at all is maintaining backwards compatibility with older WordPress versions.

from django-wordpress-auth.

sc0ttkclark avatar sc0ttkclark commented on August 17, 2024

What's the minimum version of WordPress you're trying to support? COOKIE_DOMAIN and COOKIEHASH have been in WordPress for a while now.

from django-wordpress-auth.

rafaelcanovas avatar rafaelcanovas commented on August 17, 2024

I'm not in the WordPress ecosystem for a while now. Which version would you recommend us to support? Do you think that supporting 3.x.x could be bad? We shouldn't encorage users to use obsolete/insecure WordPress versions.

from django-wordpress-auth.

sc0ttkclark avatar sc0ttkclark commented on August 17, 2024

I wholeheartedly recommend you support at minimum, WP 4.0+, but there are people supporting WP 3.5+ still.

from django-wordpress-auth.

dellis23 avatar dellis23 commented on August 17, 2024

Thank you for the input everyone. I've decided to link to this issue thread so that folks who are dealing with the problem can choose from the solutions posted here.

from django-wordpress-auth.

Related Issues (8)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.