https blocking buddypress features

Hi!

I'm using Domain Mapping to force https. Turns out, it's also blocking some of the buddypress functions, like adding friends and moving through the pages that list the site's users. I talked to Tyler and he told me the https seems to be affecting admin-ajax.php calls. I don't know if that can be related here, but I've also noticed that my search mechanism isn't working as well; for instance: there're no results for the word "test", and I have several accounts with term in it and there're many other occurrences of the word across the site, like a group named "test". By the way, the buddypress features (like adding friends) work without the https. Also, I've already tried the plugin SSL Insecure Content Fixer, but it didn't change anything. How do I solve this?

Right now, Domain Mapping is active (https is being forced) and the mu plugin admin-login-redirect is also there (it performs some redirects regarding wp admin login pages). Support access is active and I've sent my wp super-admin and FTP login credentials around 3 weeks ago with Vaughan's name at the subject field, in case you need to use it.

Thanks.

  • Wheel of Commerce
    • WordPress Warrior

    Oh, that's because I no longer have a custom slug for the admin login, now all logins can only get through /login. Also, the wp login pages (/wp-login.php and /wp-admin) are set to redirect to 404 pages. In other words: you can use /login to access the site through WPMU support access or use the super-admin credentials I've provided to log in there as well.

    Thanks again, man. And sorry for the confusion. :slight_smile:

  • Vinod Dalvi
    • WP Unicorn

    Hi Gabriel,

    Thank you for your replies.

    Unfortunately i can't access admin area of your site using support staff access from the URL /login so could you please again just send log in info through our secured contact form: https://premium.wpmudev.org/contact/
    - Choose "I have a different question"
    - Include my name in the subject "Vinod Dalvi"
    - Include the URL of this post in your message so that I may track this issue better
    - Include login information (Wordpress admin info username + password )
    - Include FTP Details

    I've just confirmed that the issue is in fact the https and not Domain Mapping, as I've applied a different method to force https on the front end which also blocked the same buddypress functions.

    Do you mean the issue is occurring even if you disable the Domain Mapping plugin and only use the https?

    I have also notified my colleague @Tyler Postle to get his reply here as you have said you have already talked with him about this.

    Regards,
    Vinod Dalvi

  • Wheel of Commerce
    • WordPress Warrior

    Update:

    Right now, I have Domain Mapping and WordPress Force HTTPS (https://wordpress.org/plugins/wp-force-https/) installed, both can be used to force https. The last one requires the following code to be inserted in wp-config.php:
    define('FORCE_SSL_ADMIN', true);

    I've noticed that while that code is inserted and the plugin is disabled, https is only forced at /register, /login and on all pages after the user has logged in. I've tested the buddypress functions that weren't working with the https and the result is the same. Something that might be worth mentioning: even with that line in wp-config, the bp issues stopped whenever I had the https removed from the URL bar. To be more specific, I was able to click on the Add Friend button at http://www.wheelofcommerce.com/members/, but not at https://www.wheelofcommerce.com/members/.

    Both plugins are installed, though disabled, as I'll move on to other things while this issue isn't solved. I've also removed that line from wp-config, so remember that if you want to use WordPress Force HTTPS, you'll have to add it again. Or you can just activate Domain Mapping, the result is the same.

    I've sent my wp and FTP credentials with your name at the subject line.

    Thanks again. :slight_smile:

  • Tyler Postle
    • CGO

    Hey Gabriel,

    I've investigated this further. The issue is your tt marketpress frontend plugin. When it's deactivated then the BuddyPress actions such as adding a friend work fine. I've made a quick screencast to illustrate this: http://screencast.com/t/l3Cdooy9SMRm

    In the screencast you see I first try to add a friend with tt marketpress frontend active, then you'll see I remove it from the "plugins" folder so it's no longer active and the button works.

    It would be tough to find the code causing this issue in their plugin without knowing it well, you're best bet would be to ask the developer.

    Hope that helps! If you have further questions just let us know.

    I've deactivated domain mapping and left tt marketpress frontend active for now as that's how it was when I logged in.

    Cheers,
    Tyler

  • Wheel of Commerce
    • WordPress Warrior

    Damn, this plugin is always causing issues... And the worst part is that there's nothing that can de used to replace it (I've searched for it exhaustively) and it's a main (probably THE main) part of my site, as it puts all of marketpress at the front end. The dev answers the questions in the forums as he pleases, so I have no guarantee he'll help -and yeah, it's a paid plugin, and it wasn't exactly cheap either, haha.

    Thank you very much for taking your time to look into this for me, man. I'll see what I can do about it. Worst case scenario, I guess I'll have to force https only on the pages that really need it, like registration, login, pages with info regarding product/servive purchase and such.

  • Michael Bissett
    • Recruit

    Hey @Gabriel,

    Continuing our discussion here from the live chat today. :slight_smile:

    Okay, after digging into this further, this can be accomplished by altering line 353 of:

    /tt-marketpress-frontend/marketpress_frontend_admin.php

    From this:

    ajaxurl = '".addslashes(get_option('siteurl'))."/wp-admin/admin-ajax.php',

    To this:

    ajaxurl = '".site_url( '/wp-admin/admin-ajax.php', 'relative' )."',

    Could you confirm that it's working as it should on your end please? This is really something that the developer is going to have to address, as the only way that I was able to get this to work properly was to modify the plugin directly.

    Kind Regards,
    Michael

    P.S. I was able to resolve the other mixed content errors by enabling the SSL Insecure Content Fixer, it's only this particular part that I had to do a manual edit for.

  • Wheel of Commerce
    • WordPress Warrior

    Man, THANK YOU VERY, VERY MUCH for this! I honestly wasn't hoping to get it figured out, as the plugin dev himself probably isn't even going to bother answering me -as he didn't so far.

    I'm not sure if you left it this way on purpose, but I've noticed on Domain Mapping settings that https was disabled on the front end. I've enabled it, so now I have https forced everywhere, tested those buddypress functions that weren't working before and everything is working now, so I'm guessing it's okay to have https forced on both the back and front ends, right?

    Also, there's a new mu plugin there, sss-plugin.php (that has absolutely nothing inside it); do I leave it there? By the way, I've added again the mu plugin Jose created for me, admin-login-redirect.php, that blocks access to /wp-admin and /wp-login.php.

    Thanks again. :slight_smile:

  • Michael Bissett
    • Recruit

    Hey @Gabriel,

    I'm not sure if you left it this way on purpose, but I've noticed on Domain Mapping settings that https was disabled on the front end. I've enabled it, so now I have https forced everywhere, tested those buddypress functions that weren't working before and everything is working now, so I'm guessing it's okay to have https forced on both the back and front ends, right?

    Correct. :slight_smile:

    Also, there's a new mu plugin there, sss-plugin.php (that has absolutely nothing inside it); do I leave it there?

    Nope, you'd want to delete it, that was left there by mistake.

    Glad to hear that the fix I provided worked for you, and thanks for letting me know! :slight_smile:

    Kind Regards,
    Michael

  • Wheel of Commerce
    • WordPress Warrior

    Forgot to ask: should I keep SSL Insecure Content Fixer activated? I'm asking because I don't know if it's preventing the issues you mentioned from affecting the site again, or if it corrects those issues definitely just by being activated, and then it can be turned off.

    Thanks.

  • Wheel of Commerce
    • WordPress Warrior

    @Michael Bissett That issue with the bp functions being blocked is back again, but this time I've managed to spot the culprit: an mu plugin Jose wrote for me, admin-login-redirect.php. The odd thing is: it wasn't causing this issue before. I've tried undoing absolutely all changes I had made since the last time I had checked and the bp functions were working (plugins installed, codes added, everything), returning the site to the state it was back then, but the issue only stopped after deleting admin-login-redirect.php from the mu-plugins folder. The code of the plugin wasn't changed either, which makes this whole thing even weirder.

    Here's admin-login-redirect.php:

    <?php
    /*
    Plugin Name: Admin Redirect
    Description: Code to force non admin users to redirect out of wp-admin
    Author: WPMU DEV
    */
    
    //add_action( 'wp', 'force_404', 1 );
    add_action( 'init', 'force_404', 1 );
    
    function force_404() {
        $requested_uri = $_SERVER["REQUEST_URI"];
        do_action('debugger_var_dump', $requested_uri, '$requested_uri', 0, 0);
        do_action('debugger_var_dump', strpos( $requested_uri, '/wp-login.php'), 'FOUND?', 0, 0);
    
        if (  strpos( $requested_uri, '/wp-login.php') !== false ) {
    
            do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
            // The redirect codebase
            status_header( 404 );
            nocache_headers();
            include( get_query_template( '404' ) );
            die();
        }
    
        if (  strpos( $requested_uri, '/wp-login.php') !== false || strpos( $requested_uri, '/wp-register.php') !== false ) {
    
            do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
            // The redirect codebase
            status_header( 404 );
            nocache_headers();
            include( get_query_template( '404' ) );
            die();
        }
    
        if (  strpos( $requested_uri, '/wp-admin') !== false && !is_super_admin() ) {
    
            do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
            // The redirect codebase
            status_header( 404 );
            nocache_headers();
            include( get_query_template( '404' ) );
            die();
        }
    }

    I've also tried using another plugin to block the wp admin login pages, but it didn't work; I tried Lockdown WP Admin, but my guess is that it doesn't work with https or something. All I want is for the wp admin login pages to be blocked, either by redirecting to a 404 page or to the home page, it really doesn't matter.

    *Patrick told me to ping you on this, as you were the one who managed to solve the issue for me the first time it appeared. Maybe Jose can fix admin-login-redirect.php, but as long as I achieve what I want here, if it's with this plugin or by other means, it doesn't matter.

    Thanks again, man! :slight_smile:

  • Michael Bissett
    • Recruit

    Hey @Gabriel, thanks for your patience here! :slight_smile:

    After looking into this, I see that this is presently affecting those that don't have super admin privileges, this revised code takes care of that:

    <?php
    /*
    Plugin Name: Admin Redirect
    Description: Code to force non admin users to redirect out of wp-admin
    Author: WPMU DEV
    */
    
    //add_action( 'wp', 'force_404', 1 );
    add_action( 'init', 'force_404', 1 );
    
    function force_404() {
        $requested_uri = $_SERVER["REQUEST_URI"];
        do_action('debugger_var_dump', $requested_uri, '$requested_uri', 0, 0);
        do_action('debugger_var_dump', strpos( $requested_uri, '/wp-login.php'), 'FOUND?', 0, 0);
    
        if (  strpos( $requested_uri, '/wp-login.php') !== false ) {
    
            do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
            // The redirect codebase
            status_header( 404 );
            nocache_headers();
            include( get_query_template( '404' ) );
            die();
        }
    
        if (  strpos( $requested_uri, '/wp-login.php') !== false || strpos( $requested_uri, '/wp-register.php') !== false ) {
    
            do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
            // The redirect codebase
            status_header( 404 );
            nocache_headers();
            include( get_query_template( '404' ) );
            die();
        }
    
        if ( strpos( $requested_uri, '/wp-admin') !== false && !is_user_logged_in() ) {
    
            do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
            // The redirect codebase
            status_header( 404 );
            nocache_headers();
            include( get_query_template( '404' ) );
            die();
        }
    }

    Could you confirm that it's working properly on your end please? :slight_smile:

    Please advise,
    Michael

  • Ash
    • WordPress Hacker

    Hello @Gabriel

    Please try the following css:

    #wp-admin-bar-bp-login, #wp-admin-bar-bp-register{
      float: right !important;
    }
    
    #wp-admin-bar-top-secondary{
      position: absolute;
      right: 0;
    }
    
    #wp-admin-bar-bp-login{
      margin-right: 30px;
    }

    Hope it helps :slight_smile: Please feel free to ask more question if you have any.

    Cheers
    Ash

  • Wheel of Commerce
    • WordPress Warrior

    Hi, man! Thanks for answering so fast. :slight_smile:

    That didn't work. I'm pasting below one of my posts from another thread that helps explaining this issue:
    "The dev of Pro3, which is the same guy who developed Marketpress Mojo and Revolution Slider (he used to work at WPMU), always help me through email, I've contacted him on this, and he told me the following:
    'The reasons you're not seeing those widgets on those pages generated by the frontend plugin is because the plugin use its own template, and it doesn't align with any activated theme.'
    The widgets seem to be displayed normally at pages like /login and /register though, which are two of the pages at which they shouldn't be getting shown, haha. Can this be solved in the page builder of Pro3 or something (the page builder is here: https://www.wheelofcommerce.com/wp-admin/themes.php?page=aq-page-builder)?"

    That being said, is there a way to fix the root of this problem? Because using a different code to fix all the little issues caused by it isn't really practical.

    Thanks again, man.

  • Michael Bissett
    • Recruit

    Hey @Gabriel,

    ...elements from the wp toolbar being misplaced at the pages generated by TT Marketpress Frontend Admin. This time it's the Login and Register buttons, that should be at the right corner of the bar, you can see it here:

    https://www.wheelofcommerce.com/testaccount12/store/products/chair-2/

    I saw that this CSS code was inserted into Simple Custom CSS:

    li#wp-admin-bar-bp-login {
    float: right;
    }
    
    li#wp-admin-bar-bp-register {
    float: right;
    }

    Moving that over to the "Admin Bar CSS Styles" section inside of the Custom Admin Bar module for Ultimate Branding got that taken care of. :slight_smile:

    As to the point made in your latest post, I'm not quite sure how that ties into the Login & Register links being displayed on the left side (instead of the right side), or to the earlier HTTPS issues?

    Forgive me if I'm missing something, but it sounds like a different issue's being referred to here, we should probably address it in a different thread, as we've already worked out the original issue mentioned in this thread. :slight_smile:

    Thanks for your understanding, hope you're doing well today!

    Kind Regards,
    Michael

  • Wheel of Commerce
    • WordPress Warrior

    Thanks for answering, man.

    I've mentioned that here because all these issues are happening at the pages generated by TT Marketpress Frontend. The elements at the wp bar get misplaced at those pages, which includes the Login and Register buttons. About the https part, it also was related to that plugin, and one thing ended up leading to the other. Anyway, I have a thread open that addresses this more specifically, as I think now only the widgets (sidebar and footer ones) aren't being shown at those pages:
    https://premium.wpmudev.org/forums/topic/sidebar-widgets-not-being-displayed

    Thanks. :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.