vb.org Archive
Page 90 of 129 « First 40808889 90 9192100 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Add-On Releases - vBSSO - vBulletin Single Sign-On (https://vborg.vbsupport.ru/showthread.php?t=270517)

xeagle 01-13-2015 05:08 AM
Quote:
Originally Posted by Maxthon (Post 2531515)
Does the plugin works with vbulletin 5.1?

Unfortunately the plugin does not support vbulletin 5.
The latest version of vbulletin which is supported is 4.2.

xeagle 01-15-2015 07:15 AM
Keep up to date with the latest news on http://vbsso.com/

m7sen 01-18-2015 01:52 PM
we need update wp 4.1 ^_^

TiKu 01-18-2015 07:12 PM
We use vBSSO to connect vBulletin 4.2 with Wordpress 4.0 and Mediawiki 1.23. One of our users has the vBulletin user name "T?sti's Welle". I don't know whether Wordpress can deal with this user name, as the user is not in a user group that has access to our Wordpress dashboard. But Mediawiki has problems with this name - the user does not get logged in to Mediawiki. And worse: According to the vBSSO logs the system runs into a SQL error, that seems to occur due to missing escaping of the apostroph in the user name. This seems like a security hole to me, as it might allow SQL injection!
Here are the important lines from the log file (I've removed some parts to protect our forum):
Code:
Sun Jan 18 19:08:18 2015,584 [23526] DEBUG localFileLogger - Platform request JSON: {"email":"xyz@mydomain.com","username":"T\u00e4sti's Welle","usergroup":"2","e":6,"lid":"547a124e343fb2.23578572","d":"http:\/\/www.mydomain.com\/vbulletin\/admincp\/user.php?do=edit&u=98985"}
Sun Jan 18 19:08:18 2015,584 [23526] DEBUG localFileLogger - Platform request encrypted JSON: HHqgd6uMZZyW2mJIZ63QhGgJPoi//Gm4a1+Fp5a/49YTXbCsUhbeidQWpRqhfaQqfixmAr/iG1lKUJZfMLV85UKZdCgG94Wm5TuI9tqYzsMLBy2wqqVcSRd8ErbXB314PF4bhT11cXpNp3X9lrp8fSNHA++0SvzZZMfrhKwF+fwFVgXMOhcLohxTQ0tFzuLUazAIPVFU0dsRMlhRVr2YRfH8pOZcL24kDCFAyzU7pNc58c5AKoS7E1DCFm7Gah19kRXadS1yT4MoXhHOqKCE9Q==
Sun Jan 18 19:08:18 2015,584 [23526] DEBUG localFileLogger - Platform request urlencoded/encrypted JSON: HHqgd6uMZZyW2mJIZ63QhGgJPoi%2F%2FGm4a1%2BFp5a%2F49YTXbCsUhbeidQWpRqhfaQqfixmAr%2FiG1lKUJZfMLV85UKZdCgG94Wm5TuI9tqYzsMLBy2wqqVcSRd8ErbXB314PF4bhT11cXpNp3X9lrp8fSNHA%2B%2B0SvzZZMfrhKwF%2BfwFVgXMOhcLohxTQ0tFzuLUazAIPVFU0dsRMlhRVr2YRfH8pOZcL24kDCFAyzU7pNc58c5AKoS7E1DCFm7Gah19kRXadS1yT4MoXhHOqKCE9Q%3D%3D
Sun Jan 18 19:08:18 2015,642 [23526] DEBUG localFileLogger - Communication: Platform returned http status code: 200
Sun Jan 18 19:08:18 2015,642 [23526] DEBUG localFileLogger - Communication: Platform returned error:
Sun Jan 18 19:08:18 2015,642 [23526] DEBUG localFileLogger - Communication: Platform returned response: <!DOCTYPE HTML>
<html>
<head>
        <title>MediaWiki API</title>
</head>
<body>
<pre>
<span style="color:blue;">&lt;?xml version=&quot;1.0&quot;?&gt;</span>
<span style="color:blue;">&lt;api&gt;</span>
  <span style="color:blue;">&lt;error code=&quot;internal_api_error_DBQueryError&quot; info=&quot;Database query error&quot; xml:space=&quot;preserve&quot;&gt;</span>

#0 /apache/dc/htdocs/wiki/includes/db/Database.php(1123): DatabaseBase-&gt;reportQueryError('Table './dcwiki...', 145, 'INSERT IGNORE I...', 'User::removeGro...', false)
#1 /apache/dc/htdocs/wiki/includes/db/Database.php(1920): DatabaseBase-&gt;query('INSERT IGNORE I...', 'User::removeGro...')
#2 /apache/dc/htdocs/wiki/includes/User.php(2968): DatabaseBase-&gt;insert('user_former_gro...', Array, 'User::removeGro...', Array)
#3 /apache/dc/htdocs/wiki/extensions/vbsso/includes/api.php(63): User-&gt;removeGroup('bot')
#4 [internal function]: vbsso_listener_register(Array)
#5 /apache/dc/htdocs/wiki/extensions/vbsso/includes/sharedapi.php(349): call_user_func('vbsso_listener_...', Array)
#6 /apache/dc/htdocs/wiki/extensions/vbsso/apivbsso.php(35): sharedapi_data_handler(9, '1.23.5', '1.0.1', '316050855963126...', Array)
#7 /apache/dc/htdocs/wiki/includes/api/ApiMain.php(913): vbsso-&gt;execute()
#8 /apache/dc/htdocs/wiki/includes/api/ApiMain.php(363): ApiMain-&gt;executeAction()
#9 /apache/dc/htdocs/wiki/includes/api/ApiMain.php(334): ApiMain-&gt;executeActionWithErrorHandling()
#10 /apache/dc/htdocs/wiki/api.php(85): ApiMain-&gt;execute()
#11 {main}

<span style="color:blue;">&lt;/error&gt;</span>
<span style="color:blue;">&lt;/api&gt;</span>
</pre>
</body>
</html>
<script>if(window.mw){
mw.config.set({"wgBackendResponseTime":54});
}</script>
Sun Jan 18 19:08:18 2015,642 [23526] ERROR localFileLogger - Communication: Unable to accept response:
Sun Jan 18 19:08:18 2015,642 [23526] ERROR localFileLogger - Wrong Shared Password
There is another user with the same problem, but another kind of apostroph in his name (? instead of ').

So if this is a vulnerability, can it please be fixed?
Is there a way that vBSSO converts user names on the fly so that Mediawiki will accept them? For instance any apostroph could be removed or replaced with a dash, followed by the apostroph's hex code.

Regards
TiKu

xeagle 01-19-2015 07:07 AM
Quote:
Originally Posted by TiKu (Post 2533212)
We use vBSSO to connect vBulletin 4.2 with Wordpress 4.0 and Mediawiki 1.23. One of our users has the vBulletin user name "T?sti's Welle". I don't know whether Wordpress can deal with this user name, as the user is not in a user group that has access to our Wordpress dashboard. But Mediawiki has problems with this name - the user does not get logged in to Mediawiki. And worse: According to the vBSSO logs the system runs into a SQL error, that seems to occur due to missing escaping of the apostroph in the user name. This seems like a security hole to me, as it might allow SQL injection!
Here are the important lines from the log file (I've removed some parts to protect our forum):
Code:
Sun Jan 18 19:08:18 2015,584 [23526] DEBUG localFileLogger - Platform request JSON: {"email":"xyz@mydomain.com","username":"T\u00e4sti's Welle","usergroup":"2","e":6,"lid":"547a124e343fb2.23578572","d":"http:\/\/www.mydomain.com\/vbulletin\/admincp\/user.php?do=edit&u=98985"}
Sun Jan 18 19:08:18 2015,584 [23526] DEBUG localFileLogger - Platform request encrypted JSON: HHqgd6uMZZyW2mJIZ63QhGgJPoi//Gm4a1+Fp5a/49YTXbCsUhbeidQWpRqhfaQqfixmAr/iG1lKUJZfMLV85UKZdCgG94Wm5TuI9tqYzsMLBy2wqqVcSRd8ErbXB314PF4bhT11cXpNp3X9lrp8fSNHA++0SvzZZMfrhKwF+fwFVgXMOhcLohxTQ0tFzuLUazAIPVFU0dsRMlhRVr2YRfH8pOZcL24kDCFAyzU7pNc58c5AKoS7E1DCFm7Gah19kRXadS1yT4MoXhHOqKCE9Q==
Sun Jan 18 19:08:18 2015,584 [23526] DEBUG localFileLogger - Platform request urlencoded/encrypted JSON: HHqgd6uMZZyW2mJIZ63QhGgJPoi%2F%2FGm4a1%2BFp5a%2F49YTXbCsUhbeidQWpRqhfaQqfixmAr%2FiG1lKUJZfMLV85UKZdCgG94Wm5TuI9tqYzsMLBy2wqqVcSRd8ErbXB314PF4bhT11cXpNp3X9lrp8fSNHA%2B%2B0SvzZZMfrhKwF%2BfwFVgXMOhcLohxTQ0tFzuLUazAIPVFU0dsRMlhRVr2YRfH8pOZcL24kDCFAyzU7pNc58c5AKoS7E1DCFm7Gah19kRXadS1yT4MoXhHOqKCE9Q%3D%3D
Sun Jan 18 19:08:18 2015,642 [23526] DEBUG localFileLogger - Communication: Platform returned http status code: 200
Sun Jan 18 19:08:18 2015,642 [23526] DEBUG localFileLogger - Communication: Platform returned error:
Sun Jan 18 19:08:18 2015,642 [23526] DEBUG localFileLogger - Communication: Platform returned response: <!DOCTYPE HTML>
<html>
<head>
        <title>MediaWiki API</title>
</head>
<body>
<pre>
<span style="color:blue;">&lt;?xml version=&quot;1.0&quot;?&gt;</span>
<span style="color:blue;">&lt;api&gt;</span>
  <span style="color:blue;">&lt;error code=&quot;internal_api_error_DBQueryError&quot; info=&quot;Database query error&quot; xml:space=&quot;preserve&quot;&gt;</span>

#0 /apache/dc/htdocs/wiki/includes/db/Database.php(1123): DatabaseBase-&gt;reportQueryError('Table './dcwiki...', 145, 'INSERT IGNORE I...', 'User::removeGro...', false)
#1 /apache/dc/htdocs/wiki/includes/db/Database.php(1920): DatabaseBase-&gt;query('INSERT IGNORE I...', 'User::removeGro...')
#2 /apache/dc/htdocs/wiki/includes/User.php(2968): DatabaseBase-&gt;insert('user_former_gro...', Array, 'User::removeGro...', Array)
#3 /apache/dc/htdocs/wiki/extensions/vbsso/includes/api.php(63): User-&gt;removeGroup('bot')
#4 [internal function]: vbsso_listener_register(Array)
#5 /apache/dc/htdocs/wiki/extensions/vbsso/includes/sharedapi.php(349): call_user_func('vbsso_listener_...', Array)
#6 /apache/dc/htdocs/wiki/extensions/vbsso/apivbsso.php(35): sharedapi_data_handler(9, '1.23.5', '1.0.1', '316050855963126...', Array)
#7 /apache/dc/htdocs/wiki/includes/api/ApiMain.php(913): vbsso-&gt;execute()
#8 /apache/dc/htdocs/wiki/includes/api/ApiMain.php(363): ApiMain-&gt;executeAction()
#9 /apache/dc/htdocs/wiki/includes/api/ApiMain.php(334): ApiMain-&gt;executeActionWithErrorHandling()
#10 /apache/dc/htdocs/wiki/api.php(85): ApiMain-&gt;execute()
#11 {main}

<span style="color:blue;">&lt;/error&gt;</span>
<span style="color:blue;">&lt;/api&gt;</span>
</pre>
</body>
</html>
<script>if(window.mw){
mw.config.set({"wgBackendResponseTime":54});
}</script>
Sun Jan 18 19:08:18 2015,642 [23526] ERROR localFileLogger - Communication: Unable to accept response:
Sun Jan 18 19:08:18 2015,642 [23526] ERROR localFileLogger - Wrong Shared Password
There is another user with the same problem, but another kind of apostroph in his name (? instead of ').

So if this is a vulnerability, can it please be fixed?
Is there a way that vBSSO converts user names on the fly so that Mediawiki will accept them? For instance any apostroph could be removed or replaced with a dash, followed by the apostroph's hex code.

Regards
TiKu
Could you please contact support team http://vbsso.com/report-an-issue/ describing the steps you use to reproduce your case on your website.

Thank you,

xeagle 01-19-2015 11:00 PM
The updated version of vBSSO vBulletin 1.4.15 is released!

We strongly recommend you to upgrade vBSSO to the latest version (1.4.15)

m7sen 01-25-2015 01:08 PM
i have problem now when i update to 1.4.15

there is new user i want to log in wprdpress but i cannt
its take me to vbulletin and give me error
vbsso/vbsso.php?a=act&do=error

what can i do :(

and if i log out
its give me same error !!

all user group have Access to login wordpress


I hope you can provide me the correct default feature for all fields

and what the setting for vBSSO URLS !!


if i log out wordpress its take me to vbulletin and give me error
Invalid Redirect URL wp-admin/options-general.php?page=vbsso_options

another problem
i cannt log out in wordpress
if i log out its take me to vbulletin and went me back to wp admin !!!!!

what can i do

help me please

TiKu 01-26-2015 04:17 AM
Quote:
Originally Posted by TiKu (Post 2533212)
We use vBSSO to connect vBulletin 4.2 with Wordpress 4.0 and Mediawiki 1.23. One of our users has the vBulletin user name "T?sti's Welle". I don't know whether Wordpress can deal with this user name, as the user is not in a user group that has access to our Wordpress dashboard. But Mediawiki has problems with this name - the user does not get logged in to Mediawiki.
For your interest: We've been able to solve this problem. It has been a misconfiguration (user rights) and converting our Mediawiki database to UTF-8 probably also did help.

xeagle 01-26-2015 06:49 AM
Quote:
Originally Posted by m7sen (Post 2534469)
i have problem now when i update to 1.4.15

there is new user i want to log in wprdpress but i cannt
its take me to vbulletin and give me error
vbsso/vbsso.php?a=act&do=error

what can i do :(

and if i log out
its give me same error !!

all user group have Access to login wordpress


I hope you can provide me the correct default feature for all fields

and what the setting for vBSSO URLS !!


if i log out wordpress its take me to vbulletin and give me error
Invalid Redirect URL wp-admin/options-general.php?page=vbsso_options

another problem
i cannt log out in wordpress
if i log out its take me to vbulletin and went me back to wp admin !!!!!

what can i do

help me please
Could you please contact support team http://vbsso.com/report-an-issue/ describing the steps you use to reproduce your case on your website.

Thank you,

m7sen 01-26-2015 04:49 PM
Quote:
Originally Posted by xeagle (Post 2534636)
Could you please contact support team http://vbsso.com/report-an-issue/ describing the steps you use to reproduce your case on your website.

Thank you,
i do it

now i cannt Contact vbulletin with wordpress !!


Unable to verify platform [http://******.com/wp-content/plugins/vbsso/vbsso.php] Please analyze log files located at `/home/******/public_html/vb/vbsso/logs/` to detect the cause of the issue.

Error message:

what is problem :(


All times are GMT. The time now is 11:38 PM.
Page 90 of 129 « First 40808889 90 9192100 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01958 seconds
  • Memory Usage 1,796KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete