WordPress.org

Ready to get started?Download WordPress

Forums

cross domain Login, need help with little plugin editing. (13 posts)

  1. roxor
    Member
    Posted 1 year ago #

    hello everyone!!
    MY SITUATION-
    I am using WP 3.5.1 I have 2 networks from one wordpress installation using network for wordpress plugin, and i allow to register subdomain blogs on these networks.
    main network- autoblog.in
    secondary network- ospage.in
    example registered blog- test.ospage.in {username- test99 password- 12345}

    I want to have a common login across all the network for different domains, for this i installed a short unofficial plugin.
    here the link to description page and plugin code.

    WHAT IS THIS PLUGIN DOING
    Plugin does the job of synchronizing the login cookie, that means if i sign into any one blog on any particular network, then it would automatically sign me into all other networks. But the problem is- signed-in blogger is be unable to access its own wp-admin area. Here is what exactly happens-
    1- when a blogger tries to login into his blog.

    http://test.ospage.in/wp-login.php

    2- he will redirected and asked to login twice, (this happens only if he logs in from his blog and not the main site), this time into (master domain, autopage.in)

    http://autopage.in/wp-login.php?redirect_to=http%3A%2F%2Fautopage.in%2Fwp-admin%2Fuser%2F&reauth=1

    3- He is presented with wp-admin of autopage.in (main network or master domain), but only as a user.

    http://autopage.in/wp-admin/user/

    4- Now when the blogger tries to access it own blog's wp-admin, he gets following warning.

    You attempted to access the "test99" dashboard, but you do not currently have privileges on this site. If you believe you should be able to access the "test99" dashboard, please contact your network administrator.

    WHAT DO IT WANT
    i want bloggers to be able to sign in once into any network and must have the ability to
    1- acess the wp-admin area of their own blog.
    2- ability to comment on blogs of other networks without signing in everytime.

    Dear readers, i need some help to fix this. Unfortunately plugin author won't respond anymore.

  2. Did you know that many of us actually spend HOURS every day making sure you can't do that? Because cross-domain cookies are a bad idea. I get that you're doing it for an understandable reason, but it's a terrible idea, it's easy to manipulate, and it means if someone gets a hold of a cookie, they can wreak havoc on your entire network.

    If you're not using SSL for logins, put down and walk away. THIS IS A BAD IDEA.

    If you are? Try this: http://wordpress.org/extend/plugins/sso-cross-cookie-for-multisite/

    Otherwise it's way more danger than it's worth.

    So what if they have to sign in to other sites on the network? It's the same username and password. They'll live, especially if you tell them it's for their own security.

  3. roxor
    Member
    Posted 1 year ago #

    Hey Ipstenu,
    just like all other times, thanks for the assistance.
    So i went ahead and installed SSL certificates, SSO cross cookie and SSL subdomain plugins.
    Since there are two different networks autopage.in (main) and ospage.in (secondary) The login link breaks/changes while logging into any blog via https.
    an example here-
    everytime i try to login at a random blog test.ospage.in
    it redirects me to

    https://test.autopage.in/wp-login.php

    which doesn't exsist, because "test" is a blog on network "ospage.in"
    Any ideas ?

  4. https://test.autopage.in/wp-login.php redirects to http://autopage.in/register/

    Which is what it's supposed to do :)

  5. roxor
    Member
    Posted 1 year ago #

    https://test.autopage.in/wp-login.php redirects to http://autopage.in/register/

    this is fine.. it does so because there is no such blog as test on network autopage.in.
    But what about the blogs on other networks..

    PROBLEM 1
    test is a blog that exists on other network ospage.in
    When a blogger tries to login directaly to his blog (which is on some other network and not on main network), then he gets redirected to the main network with the following URL

    https://test.autopage.in/wp-login.php

    which instead should be

    https://autopage.in/wp-login.php

    PROBLEM 2
    OK i agree.. one can also login from main site (autopage.in) or by typing https://autopage.in/wp-login.php
    But even after sucessful login on the main site,
    There is NO synchronization of Login cookie between both the networks.
    autopage.in and test.ospage.in

    Thus either way the blog owner still remains logged out from his own blog.

    And when blog owner tries to Login directly to his own blog(which is on other network) he faces problem 1.

  6. The login link on http://test.ospage.in/ is wrong... I mean, THAT is where it's going to autopage.

    http://test.ospage.in/wp-login.php seems to work okay

    If these are separate networks, why is ospage pointing to autopage at all?

  7. roxor
    Member
    Posted 1 year ago #

    hi Ipstenu,
    As you pointed there might be something wrong with the blog.
    So i did an entirely new setup.. and noted every step which could cause the redirect problem.
    I am using WP3.5.1 with Network for wordpress, Multidomains, SSL subdomain and SSO cross cookie plugins.
    Lets forget about old setup for a while, the new Setup looks like this-
    main network http://softpage.in
    secondary network http://adspage.in
    an example blog http://test.adspage.in
    This time the secondary network is NOT pointing to the main network, that means all the networks are independent.
    THE PROBLEM
    1-
    When i try to login at blog http://test.ADSpage.in/
    it redirects me to
    https://test.SOFTpage.in/wp-login.php
    and then asks if i want to create a blog, because no such blog named "test" exists on this network.
    http://softpage.in/wp-signup.php?new=test
    Instead of all this it should send me to https://test.ADSpage.in/wp-login.php
    Before installing SSL subdomain and SSO cookie plugins the logins were working fine via http. There must be something that we can do with these plugins.
    2-
    Does it really synchronize the cookie between subdomain blogs of two different networks? To find this out i need to solve the above problem first.
    Thanks, Rohit

  8. When i try to login at blog http://test.ADSpage.in/
    it redirects me to
    https://test.SOFTpage.in/wp-login.php

    Questions for you.

    1. Is adspage.in a subsite on the softpage network, or is it a 100% separate install? (There are multiple ways to set those things up and they matter)

    2. If adspage is a totally separate install, is it in an ADD ON domain?

  9. roxor
    Member
    Posted 1 year ago #

    1- yes adspage.in is a subsite (ie. added network) on softpage.in network. It was made by using network for wordpress plugin.
    The plugin had following options checked in advanced settings while adding the other networks.
    SCREENSHOT
    http://www.flickr.com/photos/76068561@N08/sets/72157633264487447/detail/
    2- No adspage.in is not a separate wp install, it is an addon domain added via control panel which is pointing to the directory of main domain (softpage.in).

  10. Which multinetwork plugin are you using?

  11. roxor
    Member
    Posted 1 year ago #

  12. Of course it's not the one I use... Well my GUESS is that you're somehow not correctly defining the master 'network' of the ... network. But I don't know how to do it :/

  13. roxor
    Member
    Posted 1 year ago #

    Thanks for the update Ipstenu
    I understand when you told me that it could be a serious security threat without SSL logins. But my setup is temporary.
    Although there are very few lines of code, but i can't figure it out myself. It would be great if you could suggest some edits in central login plugin's code.
    I have requested both the plugin authors to help me out with this.
    And it would be great if you could give us some points too. I have started the new topic here-
    http://wordpress.org/support/topic/nework-for-wordpress-and-cross-domain-cookie-sharing?replies=1#post-4107072

Topic Closed

This topic has been closed to new replies.

About this Topic