by axew3 » Tue Dec 22, 2020 2:44 pm
UPDATING FROM 2.3.9
NOTE - iframed page-forum and the WP user ID1 and phpBB user ID2 default install admins:
WP UID1 and phpBB UID2 are not linked anymore. So if you are logged with the default install admin, remember that you should also update the page-forum.php, rebuilding or substituting it manually with the latest (that fix also another secondary bug), or when visiting the WP page forum, this user will fall into a page reload loop. Nothing dramatic, anyway you are warned that with the user ID1 (ID2 in phpBB) and old page-forum this will happen.
To setup things as required on 2.4.0, this step is required: allow users to update their email only in one CMS. Choosing WordPress, so it is required to disable user's email update in phpBB profiles
DISABLE EMAIL UPDATE IN PHPBB USER'S PROFILES
ACP -> TAB System -> User Control Panel -> click into Profile then for the Edit account settings module, click into Disable to disable the user's account settings module. So the Edit account settings tab, where it is possible to update user's email and password in phpBB ucp, will not be anymore accessible, while all the rest of phpBB profile options will be still available to phpBB users.
It will be your task to avoid user's email update in WordPress if you choose to let users update emails in phpBB.
Remember that if usernames/email pairs are mismatching between phpBB and WP users, then it is required that you avoid email update and registrations for users into phpBB.
WordPress to phpBB integration way
An example updating:
the scenario here, where i'm updating from 2.3.9 is where username/email pairs are all the same (but remember that the integration works by email now, so can be used also with mismatching usernames/email pairs: in this case the configuration require to allow users to register, login and update email ONLY into the same CMS). Here, phpBB do not contains usernames with forbidden chars in WP, so usernames are the same on both WP and phpBB, and if an user register in phpBB, since i setup phpBB ACP option to allow usernames characters as "Only Letters, Numbers and spacers" , the user will be ever added the same in wordpress. It will be the same letting register users in WordPress, they will be added in phpBB the same, without changing any setting in WP. But i do not like this configuration in this case. This is my case/requirement here. You'll see why following to read
If a phpBB username contain forbidden chars in WordPress, as code is at moment, it will be purged, read this to know how it work: viewtopic.php?p=4944#p4944
the verify_credentials function, contain this comment, may useful to read for anyone:
[code] // !!! NOTE IMPORTANT !!!!
// loop if email changed in phpBB and username do not match on both phpBB and WP
// running integration with mismatching usernames/pairs, it is required to allow registration/email update ONLY in WP OR phpBB
// if email changed in phpBB, with mismatching usernames, it will cause a re-login on-fly for the user by the way
// Cases: if also username mismatch, a logout. If phpBB username contain forbidden chars, and do not exist in WP, added as new user, if no email and nor username found in wp.
// May redirection to what it is needed should be added, or wp home will be the redirect to (as code is more below, where user re-logged)
[/code]
Since 2.3.9 it was required that usernames/email pairs were always the same in phpBB and WP. So updating and leaving settings as they are, there is no worry to check for nothing. All is ok as is except ...
Now, i go into ACP, and i disable the possibility for users to update their email in phpBB profile.
To do so, and disable users email update on phpBB, just do this:
DISABLE EMAIL UPDATE IN PHPBB USER'S PROFILES
ACP -> TAB System -> User Control Panel -> click into Profile then for the Edit account settings module, click into Disable to disable the user's account settings module. So the Edit account settings tab, where it is possible to update user's email and password in phpBB ucp, will not be anymore accessible, while all the rest of phpBB profile options will be still available to phpBB users.
Now since there are no duplicated emails and usernames, and the scenario here is the above explained with unique usernames/email pairs existent on both phpBB and WP, i can also allow registration in phpBB, and disable in WP or leave both (the iframe mode will allow to add users at same time on wp when registration done in phpBB, that's another consideration, explained into the iframe help steps guide, where can be argued the meaning of this assertion). Why i need this in this particular case? Because the user's spam check is harder to be broken into the default phpBB. I'm annoyed by spammers, and i do not want to add re-captcha plugins on WP login or registration. I do not disabled the registration in WordPress, i activated the plugin option Swap WordPress default Register and Lost Password links to point to phpBB related pages so when any registration link clicked into WordPress, users will be forced/redirected to the phpBB registration page instead.
That's all. I've check users with 0 posts in phpBB, and related with 0 posts in wordpress through List users with 0 posts in phpBB: delete in WordPress and deactivate in phpBB option, that let me know also if those users, have or not posts in wordpress.
I deleted them in wordpress. Then also removed thousand of deactivated 4 years old users (remember that a deleted user in WordPress, is deactivated in phpBB, NOT deleted, and you can use this as anti spam method, leaving these users deactivated in phpBB, and as explained elsewhere) in one click via phpBB ACP.
From now on, i will have to change the phpBB Q&A question, just in case, as soon i'll see some spam user.
[size=200][b][color=#BF0040]UPDATING FROM 2.3.9[/color][/b][/size]
[strike][b]
NOTE - iframed page-forum and the WP user ID1 and phpBB user ID2 default install admins[/b]:
[b][color=#BF0040]WP UID1 and phpBB UID2 are not linked anymore[/color].[/b] So if you are logged with the default install admin, remember that you should also update the page-forum.php, rebuilding or substituting it manually with the latest (that fix also another secondary bug), or when visiting the [i]WP page forum[/i], this user will fall into a page reload loop. Nothing dramatic, anyway you are warned that with the user ID1 (ID2 in phpBB) and old page-forum this will happen.
[b][size=130][color=#BF0040]To setup things as required on 2.4.0, this step is required[/color]:[/size][/b] [b]allow users to update their email only in one CMS. Choosing WordPress, so it is required to disable user's email update in phpBB profiles[/b]
[size=200][b][color=#BF0040]DISABLE EMAIL UPDATE IN PHPBB USER'S PROFILES[/color][/b][/size]
[b]ACP -> TAB System -> User Control Panel[/b] -> click into [b]Profile[/b] then for the Edit account settings module, click into [b]Disable[/b] to disable the user's account settings module. So the [i]Edit account settings[/i] tab, where it is possible to update user's email and password in phpBB ucp, will not be anymore accessible, while all the rest of phpBB profile options will be still available to phpBB users.
[color=#FF0000][b]It will be your task to avoid user's email update in WordPress if you choose to let users update emails in phpBB.[/b][/color]
[size=120][b]Remember that if usernames/email pairs are mismatching between phpBB and WP users, then it is required that you avoid email update and registrations for users into phpBB.[/b][/size]
[size=150][url=https://www.axew3.com/w3/wp-w3all-wordpress-to-phpbb-install-and-how-to/]WordPress to phpBB integration way[/url][/size]
[b]
An example updating:[/b]
the scenario here, where i'm updating from 2.3.9 is where username/email pairs are all the same (but remember that the integration works by email now, so can be used also with mismatching usernames/email pairs: in this case the configuration require to allow users to register, login and update email ONLY into the same CMS). Here, phpBB do not contains usernames with forbidden chars in WP, so usernames are the same on both WP and phpBB, and if an user register in phpBB, since i setup phpBB ACP option to allow usernames characters as "Only Letters, Numbers and spacers" , the user will be ever added the same in wordpress. It will be the same letting register users in WordPress, they will be added in phpBB the same, without changing any setting in WP. But i do not like this configuration in this case. This is my case/requirement here. You'll see why following to read
If a phpBB username contain forbidden chars in WordPress, as code is at moment, it will be purged, read this to know how it work: [url]https://www.axew3.com/w3/forums/viewtopic.php?p=4944#p4944[/url]
the [i]verify_credentials[/i] function, contain this comment, may useful to read for anyone:
[code] // !!! NOTE IMPORTANT !!!!
// loop if email changed in phpBB and username do not match on both phpBB and WP
// running integration with mismatching usernames/pairs, it is required to allow registration/email update ONLY in WP OR phpBB
// if email changed in phpBB, with mismatching usernames, it will cause a re-login on-fly for the user by the way
// Cases: if also username mismatch, a logout. If phpBB username contain forbidden chars, and do not exist in WP, added as new user, if no email and nor username found in wp.
// May redirection to what it is needed should be added, or wp home will be the redirect to (as code is more below, where user re-logged)
[/code]
[size=120]
Since 2.3.9 it was required that usernames/email pairs were always the same in phpBB and WP. So updating and leaving settings as they are, there is no worry to check for nothing. All is ok as is except ...
[/size]
[size=120][b][color=#BF0040]Now, i go into ACP, and i disable the possibility for users to update their email in phpBB profile.
To do so, and disable users email update on phpBB, just do this:[/color][/b] [/size]
[size=200][b][color=#BF0040]DISABLE EMAIL UPDATE IN PHPBB USER'S PROFILES[/color][/b][/size]
[b]ACP -> TAB System -> User Control Panel[/b] -> click into [b]Profile[/b] then for the Edit account settings module, click into [b]Disable[/b] to disable the user's account settings module. So the [i]Edit account settings[/i] tab, where it is possible to update user's email and password in phpBB ucp, will not be anymore accessible, while all the rest of phpBB profile options will be still available to phpBB users.
Now since there are no duplicated emails and usernames, and the scenario here is the above explained with unique usernames/email pairs existent on both phpBB and WP, i can also allow registration in phpBB, and disable in WP or leave both (the iframe mode will allow to add users at same time on wp when registration done in phpBB, that's another consideration, explained into the iframe help steps guide, where can be argued the meaning of this assertion). Why i need this in this particular case? Because the user's spam check is harder to be broken into the default phpBB. I'm annoyed by spammers, and i do not want to add re-captcha plugins on WP login or registration. I do not disabled the registration in WordPress, i activated the plugin option [i][b]Swap WordPress default Register and Lost Password links to point to phpBB related pages[/b][/i] so when any registration link clicked into WordPress, users will be forced/redirected to the phpBB registration page instead.
That's all. I've check users with 0 posts in phpBB, and related with 0 posts in wordpress through [b]List users with 0 posts in phpBB: delete in WordPress and deactivate in phpBB[/b] option, that let me know also if those users, have or not posts in wordpress.
I deleted them in wordpress. Then also removed thousand of deactivated 4 years old users (remember that a deleted user in WordPress, is deactivated in phpBB, NOT deleted, and you can use this as anti spam method, leaving these users deactivated in phpBB, and as explained elsewhere) in one click via phpBB ACP.
From now on, i will have to change the phpBB Q&A question, just in case, as soon i'll see some spam user.[/strike]