SSL causes failure

  • Resolved TruthMerchant

    (@truthmerchant)


    9 years ago

    If either “SSL_LOGIN” or “SSL_ADMIN” are defined true in wp_config then the votes of logged in users are not saved into the database and the display of hearts remains sensitive.

    //define(‘FORCE_SSL_ADMIN’, true);
    define(‘FORCE_SSL_LOGIN’, true);

    What happens is that $_COOKIE shows empty when spr_rate is entered. $current_user is also null.

    I’ve been debugging this for several days, but I know nothing about the browser stuff. I used firebug to see the cookies in the browser but these never make it to the $_COOKIE array.

    If I comment out both “SSL” defines in wp_conig then the plugin works. I now have “define(‘FORCE_SSL_LOGIN’, true); in wp_config.

    PLease login to occupytacoma.org as “demo” with password “demo” and rate an “Article” (Articles are displayed as opposed to “posts” on the front page). There seems to be something amiss in the browser code that causes the cookies to not be presented by the AJAX request.

    It seems to me that I had this problem a year ago and I was able to get around it by setting LOGIN and not setting ADMIN. But now either one seems to break the plugin.

    https://www.ads-software.com/plugins/simple-rating/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Igor Yavych

    (@flyerua)

    This happens when you vote from https:// instead of https://. If you vote from https://, it will work just fine.
    $current_user is internal WP stuff, this plugin has nothing to do with populating this variable with data.
    I’m have no experience with WP+SSL, but I assume that it isn’t set up properly in your particular case. I might be wrong though.
    Workaround would be to force all traffic to go through https.

    Thread Starter TruthMerchant

    (@truthmerchant)

    Forcing all traffic to ssl is not (for me) a good “workaround”. But after a few more days of rummaging around in WordPress core and such I found that the protocol on the request back to the server (used to facilitate AJAX) is defined wrongly by the “admin_url” function.

    On further investigation I found that the problem came about in WordPress 4.0 when “FORCE_SSL_LOGIN” was deprecated. As of 4.0 it is both “ADMIN” and “LOGIN” or neither because the function “force_ssl_admin” returns “true” if either of the aforesaid globals are defined “true”. That means that the “default” protocol returned by “admin_url” will always be ‘https’. And that causes the browser to see the AJAX request as “cross domain” and to NOT send the “COOKIES”.

    SOLUTION:

    Update “rating.php” in the “simple_rating” directory as follows:

    Using your favorite text editor, insert immediately ahead of
    if (is_user_logged_in()==1) at line 210, a new line of code as
    $scheme = is_ssl() ? 'https': 'http';

    Then use the search and replace function of your editor to replace all instances of =>admin_url('admin-ajax.php' with
    =>admin_url(‘admin-ajax.php’,$scheme`

    This should make the plugin function properly REGARDLESS of what you do with SSL. All ssl, no ssl, login ssl admin ssl, or per page ssl or whatever.

    Plugin Author Igor Yavych

    (@flyerua)

    I can do that, of course. But still, don’t you think it’s good idea to stop using deprecated features?

    Thread Starter TruthMerchant

    (@truthmerchant)

    My updates are an appropriate address of the actual problem in that they “get around” THE actual bug in WordPress core and nothing more or less. I always wanted to use “FORCE_SSL_ADMIN” since I started using a “real” ssl cert as opposed to “self signed”. This “admin only” functionality has not been deprecated. It was simply breaking “Simple Rating” and other rating plugins. That is why I used “FORCE_SSL_LOGIN”.

    I will assume that any further releases of “Simple Rating” will address this core bug with my suggested changes or in some other way. And I would ask that you mark this issue resolved.

    Plugin Author Igor Yavych

    (@flyerua)

    Already added it in 1.5

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘SSL causes failure’ is closed to new replies.