[deleted]

Well I figured it out... it wasn't a plugin, but rather my theme that was hijacking login redirection requests. I'm not sure what to do about it, but my next step is to figure out how I can modify the theme I'm using to re-enable that functionality.

add_filter('login_redirect', 'login_redirect_function', 10, 3); is how the plugin performs the redirect. This filter was completely unresponsive with my theme active. With the stock 2020 theme active, it works as expected.

    HOORAY! After many days of fumbling this plugin is now working correctly. I searched my theme files to find where it is calling the same login_redirect filter and was able to overwrite it with my child theme's functions.php file. I am using the "buddyboss" theme which has a login_redirect filter that calls a function buddyboss_redirect_previous_page. The code below removes the filter after page initialization (necessary or else the theme re-adds the filter before the page loads) and then adds the filter again at a lower priority, allowing it to continue functioning but to be overridden by the flarum integration plugin as required.

    // when the init hook fires
add_action( 'init', 'remove_bb_login_filter' );

function remove_bb_login_filter() {
    // remove the filter
	remove_filter( 'login_redirect', 'buddyboss_redirect_previous_page', 10, 3 );
	// re-add the filter at a lower priority of 9
	add_filter( 'login_redirect', 'buddyboss_redirect_previous_page', 9, 3 );
}

      benjaminschultz would you be able to share with me the source code of those login_redirect hooks? (you can contact me on Discord or via email) I'm curious what that theme tries doing that isn't compatible with what I do. Or maybe I just need to change my hook priority to run before/after that.

      [deleted] if you've got any idea which plugin/theme might be adding a login_redirect hook, I'm also happy to take a look into it. I remember we fixed it in the social login plugin in January, so I guess you've got another plugin causing it now 😅

      The difficulty with those issues is that I've been unsuccessful at reproducing them with free plugins so far, and then it's sometimes tricky to identify which paid plugin/theme is responsible and get a copy of it running on my local setup to reproduce.

            clarkwinkelmann - I don't think it's that they're doing something incompatible, I think it's just that 10 is the highest priority and only one login_redirect can run. I could not get ANY login_redirect to work while that theme was active. Here is the source for what they're doing in their theme's "login.php", though:

            add_filter( 'login_redirect', 'buddyboss_redirect_previous_page', 10, 3 );
function buddyboss_redirect_previous_page( $redirect_to, $request, $user ) {
	if ( buddyboss_theme()->buddypress_helper()->is_active() ) {

		$bp_pages = false;

		// Check if Platform plugin is active.
		if( function_exists('bp_get_option') ){
			$bp_pages = bp_get_option( 'bp-pages' );
		}

		$activate_page_id = !empty( $bp_pages ) && isset( $bp_pages[ 'activate' ] ) ? $bp_pages[ 'activate' ] : null;

		if ( (int) $activate_page_id <= 0 ) {
			return $redirect_to;
		}

		$activate_page = get_post( $activate_page_id );

		if ( empty( $activate_page ) || empty( $activate_page->post_name ) ) {
			return $redirect_to;
		}

		$activate_page_slug = $activate_page->post_name;

		if ( strpos( $request, '/' . $activate_page_slug ) !== false ) {
			$redirect_to = home_url();
		}
	}

	$request = wp_get_referer();

	if ( ! $request ) {
		return $redirect_to;
	}

	// redirect for native mobile app
	if ( ! is_user_logged_in() && wp_is_mobile() ) {
		$path = wp_parse_url( $request );

		if ( isset( $path['query'] ) && ! empty( $path['query'] ) ) {
			parse_str( $path['query'], $output );

			$redirect_to = ( isset( $output ) && isset( $output['redirect_to'] ) && '' !== $output['redirect_to'] ) ? $output['redirect_to'] : $redirect_to;
			return $redirect_to;
		}
	}

	$req_parts	      = explode( '/', $request );
	$req_part	      = array_pop( $req_parts );
    $url_arr          = [];
	$url_query_string = [];
	if ( substr( $req_part, 0, 3 ) == 'wp-' ) {
	    $url_query_string = wp_parse_url( $request );

	    if ( isset( $url_query_string['query'] ) && ! empty( $url_query_string['query'] ) ) {
		    parse_str( $url_query_string['query'], $url_arr );
		    $redirect_to = ( isset( $url_arr ) && isset( $url_arr['redirect_to'] ) && '' !== $url_arr['redirect_to'] ) ? $url_arr['redirect_to'] : $redirect_to;

		    return $redirect_to;
	    } else {
		    return $redirect_to;
        }
	}

	$request = str_replace( array( '?loggedout=true', '&loggedout=true' ), '', $request );

	return $request;
}
              5 days later

              New updates! Also check out the updated compatibility list https://kilowhat.net/flarum/extensions/wordpress#compatibility . WP-Members is now mostly compatible. Ultimate Member is confirmed incompatible.

              It's incredible how many plugins add their own login forms to Wordpress. It's hard to make them all compatible. Hopefully the changes in those releases should help a tiny bit.

              The best global login experience is only experienced when using Wordpress native login ("wp-login.php"). WP-Member's custom login forms should now mostly work, but there are some situations where you might end up having to disconnect from Wordpress before being able to attempt global login again. Also the logout experience works but you end up on the homepage instead of the logout confirmation page.

              Flarum changelog

              Version 1.6.0 - August 3, 2020

              • Better error handling in case a Wordpress plugin interferes with the login redirect
              • Add Flarum modal login compatibility with WP-Members Wordpress plugin

              You can update the Flarum extension via Composer.
              Requires version 1.4 or greater of the Wordpress plugin.

              Wordpress changelog

              Version 1.4.0 - August 3, 2020

              • Enables the fixes released in the Flarum extension version 1.6.0
              • Fixes the post update date being updated each time the comment count changes

              The plugin must be manually updated.
              The new version can be downloaded via this link.
              Works with any version of the Flarum extension.

                5 days later

                • [deleted]

                • Post #257

                @clarkwinkelmann one thing I have noticed is that the login session time between flarum and WordPress seems to be completely different. For example, I'm still logged in via WordPress, but flarum is logged out. To log back in to flarum, I have to logout of WordPress then back in again.

                Doesn't it make more sense for flarum's session time to be governed by WordPress when using this extension ?

                Thanks

                  [deleted] yes I'm aware of that. The problem is that the session time is currently not easily customized in Flarum, so I want to wait until the session refactor I'm working on in Flarum to implement the feature better in the Wordpress integration.

                  I might be able to implement a customizable session duration that's customizable in the extension settings though, and you could manually match that with Wordpress. But all of this will break with the planned changes in core so I will really try to get those changes in beta 14 first, then adapt the Wordpress extension.

                  [deleted] To log back in to flarum, I have to logout of WordPress then back in again

                  That's actually one of the few integration issues with WP-Members I couldn't fix. When using wp-login.php, if you're logged in Wordpress but logged out of Flarum, clicking login will open a modal that will immediately close and connect you with the current Wordpress account. Unfortunately I found no way of making that work with WP-Members so you end up in this situation where logging out is required in order to show the login form again.

                        • [deleted]

                        • Post #259

                        clarkwinkelmann thanks. Any ideas what the session lifetime is in flarum currently ? I could fairly easily make WordPress match that as a workaround

                            [deleted] I'll need to do some research to find the actual values, but I know the issue is complex because there are multiple lifetimes:

                            • There is the access token lifetime which currently only has an impact on remember_me sessions. The lifetime is 5 years. The Wordpress extension uses 5 year remember_me access tokens as well for the cross-site login
                            • There's the remember_me cookie lifetime, which should automatically match the access token's lifetime
                            • There's the flarum_session cookie lifetime for the active session, I'm not sure where it's configured
                            • There's the PHP/Symfony's session lifetime, which has a value configured somewhere in the Laravel app's config array. I think it can be customized from config.php or extend.php but I can't find the thread where this was discussed. I think the cookie session also matches with that value

                            I think there's a consistency issue when logging in from Flarum to Wordpress vs Wordpress to Flarum because the remember_me cookie is not actually set when connecting from Flarum.

                            I'll try to get the behavior consistent and ideally, customizable.

                            I will try to get away from using the remember_me cookie and instead use my own cookie, that way I can avoid all Flarum sessions becoming remember_me sessions when connecting from Wordpress.

                                • [deleted]

                                • Post #261
                                • Edited

                                clarkwinkelmann thanks very much. Sounds promising. Not an immediate slow stopper but my forum is staying to gain serious traction with tens of new signups in the past few days alone, so I know it won't be long before someone mentions this 🤔

                                  a month later

                                  After installing the plugin cannot post anything and shows POST api/discussions 500 error. 🙁

                                    7 days later

                                    Does anyone else have bad results with posting times on Wordpress synced discussions?

                                    On regular Flarum discussions posting time is instant, but on WP synced discussions posting times wait are anywhere from 3-10 seconds.

                                      hrvoje_hr there is an extra behind the scene request to WordPress on each new post as well as post hide/restore (to update comment count)

                                      Those requests are made in queueable jobs. If you install the redis queue extension, those should start running on their own without slowing Flarum requests. This is still a bit experimental and not covered by the documentation because I've not had an opportunity to test that on a production forum myself yet.

                                          14 days later

                                          clarkwinkelmann I might be an idiot for even suggesting it,
                                          But maybe the comment sync should happen from the wordpress end? With the possibility to turn it on/off, and maybe tie into https://developer.wordpress.org/plugins/cron/scheduling-wp-cron-events/ with a configurable timer for those that want it to not happen on every post visit.

                                          If the comment sync have a API endpoint at the forum side, it would make it fairly easy for the end user to create a wp plugin to override sync?

                                          This might also make it easier if you ever decide to implement support for several wordpress sites. (I would use this plugin if that ever happens).

                                              andreherberth thanks for the suggestions!

                                              I have made the choice to delegate most of the logic on the Flarum side because it's the stack I'm most comfortable with and I have access to all the libraries from Packagist there to make the code easier to maintain.

                                              The plan regarding comment count synchronization is to make the queued sync an official feature (as described above, it already works but isn't documented). If some high traffic website requires it, I could also move this to a CRON job to reduce the number of API requests to Wordpress. But I would most likely make the CRON on Flarum side.

                                              Do you have an example of something the owner might want to change during the comment count synchronization?

                                              I also plan to make some changes to the API between Wordpress and Flarum, because the current solution has the side effect of editing the Wordpress post update time whenever the comment count change. This will go in a larger rewrite where I lock down the API between the two to prevent a compromised key to be able to perform other actions via the API.

                                              Regarding supporting multiple Wordpress websites, I haven't ruled that feature out. But I'm not sure there's enough demand at this time to justify adding the feature.

                                                8 days later

                                                Hey,

                                                I had a little problem if I want to use reCaptcha in wordpress when I want to login. This message appear :

                                                {"success":false,"data":[{"code":"http_request_failed","message":"Too many redirects"}]}

                                                Wordpress plugin in use to do this : Advanced noCaptcha & invisible Captcha
                                                And another to customize the login page : GS Custom Login Lite

                                                Maybe it can help. But without the Advanced noCaptch all work fine.

                                                sorry for my bad english :S