Hi. Just found this plugin mentioned in an article about WordPress security and couldn’t believe I hadn’t seen it before.
If I may, let me make 4 suggestions:
1. Add something like “easy and secure logins” to the plugin name, to increase visibility in search results.
2. Add those words to the short description and main description, too, and if possible also add “security” (same reason as above). Including some of the info at https://lloyd.io/how-browserid-works/ would be great.
3. Add something like “(creator of Firefox)” close to “Mozilla”, to include a more widely known brand name that helps validate the supporters of the project.
4. Add a nice header with the Mozilla logo somewhere (eye-catching and another validation mark).
Those were my 4 cents ??
Cheers.
]]>I haven’t found any information about the logo size.
I try to pickup a picture in my gallery but after disconnection, impossible to reconnect.
I’ve an error message in the popup windows due to a large picture…
but impossible to reconnect to access to admin and change it.
My last solution to access again to my site :
– remove hardly the plugin files and the and the parameters in the data base.
– re-install plugin (without a logo…)
I’m using WP 3.8 and when I logout, I have to click twice on disconnect after a first click in the disconnect button in the dashboard. Instead I’m redirect continuously to a comment error page with a go back link but impossible to do nothing else than clicking twice on disconnect link.
Thanks for answers
]]>Updating this morning went straight to success page, with disabled maintenance mode. From there any and every admin page returned a header and favicon and pure white space on the completed page.
The blog was fine. The only thing to do was to disable the plugin through ftp, after which everything was normal.
The plugins page announced it was disabled, and announced a security plugin being disabled ( can’t remember wording, but I believe it to be part of this plugin, rather than any other ).
]]>function Option_sitename needs to escape $options[‘browserid_sitename’] with htmlspecialcharacters.
The new function should look like this:
// Site name option
function Option_sitename() {
$options = get_option('browserid_options');
if (empty($options['browserid_sitename']))
$options['browserid_sitename'] = null;
echo "<input id='browserid_sitename' name='browserid_options[browserid_sitename]' type='text' size='100' value='" . htmlspecialcharacters( $options['browserid_sitename'] ) . "' />";
echo '' . __('Default the WordPress site name', c_bid_text_domain);
}[Please post code & markup between backticks or use the code button. Your posted code may now have been permanently damaged by the forum’s parser.]
]]>Will not even pop-up the login window anymore. Poor performance.
]]>P3 Plugin Performance Profiler shows that Persona accounts for 50% of the runtime, even when I restrict the test session to non wp-admin pages!
To verify this result, I had WebPagetest average 10 tests with the Persona plugin enabled and again with the Persona plugin disabled (note that the “first load” test was only run once/is invalid as a measure). Turning Persona off shaved ~1.5 seconds from the time-to-first-byte, roughly matching the stats reported by P3.
What’s up?
]]>Warning: Missing argument 2 for MozillaBrowserID::Handle_error(), called in /home/oduinn/public_html/blog/wp-content/plugins/browserid/browserid.php on line 423 and defined in /home/oduinn/public_html/blog/wp-content/plugins/browserid/browserid.php on line 389
Warning: Missing argument 3 for MozillaBrowserID::Handle_error(), called in /home/oduinn/public_html/blog/wp-content/plugins/browserid/browserid.php on line 423 and defined in /home/oduinn/public_html/blog/wp-content/plugins/browserid/browserid.php on line 389
Warning: Cannot modify header information – headers already sent by (output started at /home/oduinn/public_html/blog/wp-content/plugins/browserid/browserid.php:389) in /home/oduinn/public_html/blog/wp-includes/pluggable.php on line 876
]]>For support, please go here.
Read here why.
]]>When I have upgraded to 0.29, I get this on login (BrowserID used to work fine with the previous version of the plugin):
`
Verification failed
audience=luther.ceplovi.cz
vserver=browserid.org
time=1342473729
Array
(
[status] => okay
[email] => [email protected]
[audience] => luther.ceplovi.cz
[expires] => 1342473845938
[issuer] => login.persona.org
)
`
Any ideas, where does plugin get that browserid.org idea?
]]>Love the plug-in, I just upgraded to 3.4 but it no longer works.
When I click the Browser ID logon button for the dashboard (https://example.com/wp-login.php?redirect_to=http%3A%2F%2Fexample.com%2Fwp-admin%2F&reauth=1) the Browser ID dialog comes up, I log in, the BrowserID dialog goes away, the url in the parent page doesnt change.
If I refresh I get the login page again, wash rinse repeat same result.
Regular login works.
Ryan
]]>Hi Marcel,
I think I found a bug in the way the plugin redirects. When I go to domain.com/wp-admin/
I get redirected to https://domain.com/wp-login.php?redirect_to=http%3A%2F%2Fdomain.com%2Fwp-admin%2F&reauth=1
Now after I signed I with BrowserID I would get redirected to https://domain.com/%2Fwp-admin%2F or https://domain.com/http%3A%2F%2Fdomain.com%2Fwp-admin%2F both ways get 404-errors.
The bug seems to be fixed by adding urldecode() to the redirect_to.
In Handle_login():
$redirect_to = urldecode($_REQUEST[‘redirect_to’]);
But, I’m not sure this is a good fix, because the PHP manual says to not call it on $_REQUEST.(https://php.net/manual/en/function.urldecode.php)
Kind regards,
Marvin
]]>Hi Marcel,
I think that the BrowserID scripts should be loaded in the footer of the page. This enables the plugin to load the scripts only when needed.
Here is a diff/patch showing the small changes needed to make this happen:
https://pastebin.com/QmkS8iBx
Kind regards,
Marvin
I translated the Plugin for BrowserID to german. What is the best way to make the po/mo file available?
I put it in this pastbin: https://pastebin.com/cZTUmBCW
Unfortunately I can’t find a localized login-botton from mozilla.
Marvin
]]>Hi, awesome plugin!
I ran into some trouble with one of my websites, because the get request the plugin generates was to long (browserid_assertion.length was > 2000). I solved this by creating a form element in login.js and submitting it. (https://pastebin.com/p50K55cF).
tiny question:
In Check_assertion() wouldn’t it be better to “get_options” only after “if (isset($_REQUEST[‘browserid_assertion’])”?
Something else I think this would be a lot easier to use for many people if you shipped with https certificats. I wanted to use it in a hosting environment, but my host hadn’t configured curl for https. So I disabled the verify SSL-certificat option, but this feels insecure to me.
Maybe the plugin can somehow set CURLOPT_CAINFO somehow and ship with the required files?
Could this be made to work with buddypress? I guess some sort of wordpress user account needs to be created for each new user signing in with browserid (like the wp-facebook autoconnect thing does – I’d love to be able to ditch that and use browserid only =D).
]]>Thanks so much for creating this plugin!
On line 269, you’re adding ?browser_assertion to the site_url, but it’s safer to ensure a trailing slash on the url, so you want trailingslashit(get_site_url()). I ran into this issue on my own site, where site_url ends without the slash. It’d be great if you could make this fix.
There’s also a number of other fixes which I think ought to be made (including removal of the “security risk” options… never make user-facing options which you don’t think they should use). I’d be happy to contribute to the plugin. Feel free to get in touch via email, [email protected] x=mitcho if you’d like. ??
]]>Hi,
Not sure this works with the Theme My Login plugin. Any thoughts on having it be compatible with that plugin?
Thanks,
Peter
I had to say publicly that Marcel, the author of this plugin, does very good work on his plugins and has very good support and is very knowledgeable.
Thank you Marcel for all that you do!!
Peter
]]>