• Geekery

    Single Sign-on for Multiple WordPress Installations

    Lafayette Community Church uses a couple different WordPress installations for its website.

    I set it up so that users need log in only once, and their login persists across both sites. I didn’t need to use any plugins or LDAP or third party authentication systems for this.

    Here’s what you need to do to make it work for your site as well:

    • Both WordPress installations must be running on the same domain, even though they might reside in different subdirectories or different subdomains.
    • Both installations must be running on the same database but with different table prefixes.
    • If your secondary site already has users, you will need to do manual database updates, and that’s beyond the scope of this tutorial. The rest of this tutorial assumes you are okay with the fact that your secondary installation’s user table will be completely ignored and both installations will use the primary installation’s user table.
    • Change the wp-config.php file on the secondary blog to tell WordPress which table to use for users.
    
    define('CUSTOM_USER_TABLE', 'blog1_users');         // replace blog1 with the table prefix from your
    define('CUSTOM_USER_META_TABLE', 'blog1_usermeta'); // main wordpress installation
    
    • Change both wp-config.php files to unify the cookies across the two installations. I’ll go into more detail here.

    Unifying Authentication Cookies across multiple WordPress Installations

    WordPress uses two cookies to handle authentication, but there are a number of settings that need to be synchronized between installations so that WordPress can read and understand the cookies properly.

    Authentication Keys

    Your WordPress installations may or may not have custom authentication keys set up, but in order for this to work properly, you should have the same keys set up on each installation. In wp-config.php on BOTH sites, add these lines:

    
    /**#@+
    * Authentication Unique Keys and Salts.
    *
    * Change these to different unique phrases!
    * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
    * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    *
    * @since 2.6.0
    */
    define('AUTH_KEY',         'custom-hash-here');
    define('SECURE_AUTH_KEY',  'custom-hash-here');
    define('LOGGED_IN_KEY',    'custom-hash-here');
    define('NONCE_KEY',        'custom-hash-here');
    define('AUTH_SALT',        'custom-hash-here');
    define('SECURE_AUTH_SALT', 'custom-hash-here');
    define('LOGGED_IN_SALT',   'custom-hash-here');
    define('NONCE_SALT',       'custom-hash-here');
    

    Of course, you want to replace “custom-hash-here” with different random strings, and of course, if you already have these values set in your wp-config.php files, you need to replace what’s currently there with these so that both sites are using the same exact settings.

    Cookie Settings

    Hash, Domain, and Path

    When WordPress uses three defined constants when creating authentication cookies for the browser: COOKIEHASH, COOKIE_DOMAIN, and COOKIEPATH.

    
    define('COOKIEHASH', 'custom-hash-here'); //define the hash
    define('COOKIE_DOMAIN', '.example.org');  //remove the leading dot if you aren't using subdomains
    define('COOKIEPATH', '/');                //this must be a parent directory to all WP installations
    

    Again, these three settings must be exactly the same across your all installations, but there are additional concerns:

    The COOKIE_DOMAIN and the COOKIEPATH must be parents of both installations. That means, if your installations are on separate subdomains, the COOKIE_DOMAIN must apply to both (a leading dot before the domain name will accomplish this), and if your installations are using separate subdirectories, your COOKIEPATH must be a parent to both. To be safe, you can make it ‘/’, but you actually want your cookies to be as specific as possible, so if one blog is in example.org/wordpress/blog1 and the other blog is in example.org/wordpress/blog2, you can use /wordpress as your COOKIEPATH, or if one blog is blog1.example.org/wordpress and the other is blog2.example.org/wordpress, you should also be able to use /wordpress as your COOKIEPATH.

    Site and Admin

    WordPress uses two defined constants to help it look for the right cookies to see if a user has been authenticated. One of those constants is SITECOOKIEPATH and it is used by the WordPress frontend. The other is ADMIN_COOKIE_PATH and it is used by the WordPress backend.

    Simply set both of them to be the same as the COOKIEPATH and you should be fine.

    
    define('SITECOOKIEPATH', COOKIEPATH);
    define('ADMIN_COOKIE_PATH', COOKIEPATH);
    

    Conclusion

    So, for completeness, here are all the settings together:

    In secondary wp-config.php files:

    
    define('CUSTOM_USER_TABLE',      'blog1_users');    // replace blog1 with the table prefix from your
    define('CUSTOM_USER_META_TABLE', 'blog1_usermeta'); // main wordpress installation
    

    In all wp-config.php files

    
    define('AUTH_KEY',           'custom-hash-here');
    define('SECURE_AUTH_KEY',    'custom-hash-here');
    define('LOGGED_IN_KEY',      'custom-hash-here');
    define('NONCE_KEY',          'custom-hash-here');
    define('AUTH_SALT',          'custom-hash-here');
    define('SECURE_AUTH_SALT',   'custom-hash-here');
    define('LOGGED_IN_SALT',     'custom-hash-here');
    define('NONCE_SALT',         'custom-hash-here');
    define('COOKIEHASH',         'custom-hash-here');
    define('COOKIE_DOMAIN',      '.example.org');
    define('COOKIEPATH',         '/');
    define('SITECOOKIEPATH',     COOKIEPATH);
    define( 'ADMIN_COOKIE_PATH', COOKIEPATH );
    

    Post a comment if it doesn’t work for you.

    Published by:
  • Geekery

    Transfer an Entire Ubuntu System to a new Drive

    After having done this same procedure a number of times, I have finally figured out the best way of transferring an entire Linux System from one drive to another and still have it be bootable.

    Step 0: Did you format and partition the drives the way you want?

    I write this down just to clarify that I’m assuming you know enough about Linux to have been able to partition and format your new drive the way you want. Furthermore, this guide assumes that your entire root file structure exists on one partition. If you are advanced enough to know how to have your filesystem span multiple partitions (e.g. one partition for /, another for /boot, another for /home, etc), then you should be able to translate these steps for your own situation.

    Step 1: Mount your source and target devices.

    Let’s say your current root filesystem exists on /dev/sda1 and you want to move it to /dev/sdb1. We want to mount the filesystems in a fresh location so that we are only dealing with those two filesystems. Note also that your target filesystem should be cleanly formatted and large enough to contain all the files from the source filesystem.

    Commands starting with # should be run with root privileges.

    # mkdir /mnt/source /mnt/target
    # mount /dev/sda1 /mnt/source
    # mount /dev/sdb1 /mnt/target
    

    Step 2: Copy files

    The following command will copy all the files from the source filesystem to the target filesystem

    # rsync -av /mnt/source/ /mnt/target/
    

    Note that the “v” option stands for “verbose” and tells rsync to print the name of every file it copies. You can remove the “v” option if you don’t want to see that output.

    Step 3: Copy again (optional)

    Since you are moving a live filesystem, it’s possible that a few things were changed. Usually, we don’t care about these incidental operating system changes, but just to be sure, you can run the exact same rsync command a second time.

    # rsync -av /mnt/source/ /mnt/target/
    

    Step 4: Mount System Directories and “chroot”

    The following steps will allow you to step into the new filesystem just as if you had booted from it.

    These commands will make the new filesystem work just like the real filesystem so that when you switch into it, the operating system isn’t confused.

    # mount --bind /proc /mnt/target/proc
    # mount --bind /sys /mnt/target/sys
    # mount --bind /dev /mnt/target/dev
    # mount --bind /run /mnt/target/run
    # mount --bind /dev/pts /mnt/target/dev/pts
    # mount --bind /etc/resolv.conf /mnt/target/etc/resolv.conf
    

    This command puts you into the new filesystem just as if you had booted from it.

    # chroot /mnt/target
    

    At this point you are in your new filesystem. Note however, that the Linux kernel, modules and other operating system files are all still loaded from the real root, so you aren’t actually booted into your new system, but since this new filesystem is identical to the old one, everything should work just fine.

    Step 5: Fix fstab

    Get the UUID of your new filesystem.

    # blkid |grep /dev/sdb1
    

    (If your target filesystem was something other than /dev/sdb1, use that instead.)

    In the command output, you will see something like this.

    /dev/sdb1: UUID="af6dcc3f-a5c7-42a2-a2b5-e94ccac3cdd9" TYPE="ext4"
    

    You need to know both the UUID and the TYPE, but you don’t need the quotation marks. Copy them down somewhere.

    Graphical editors might not work from the chroot environment, so you will do better using a console based editor like nano or vim

    # nano /etc/fstab
    

    If you aren’t familiar with editing fstab files, you need to be careful here, but you shouldn’t be afraid. Each line in an fstab file tells the operating system which device to use for which part of the filesystem. The format is the same:

    [device] [mount point] [filesystem type] [options] [dump] [pass]
    

    (Each “column” is separated by one or more spaces or tabs, so even though I use the word “column” to refer to each item, they might not look like they are arranged into neat columns.)

    One of the lines will have a simple slash in the second column, and that’s the line we want to change. It might look like this:

    UUID=32322b4a-6b43-48da-a021-1f395a61bd2d / ext3 defaults,noatime,nodiratime 0 1
    

    Replace the numbers after UUID= with the UUID numbers you got from the blkid command above, and also replace the ext3 (or whatever is in the third column) with the TYPE you got from the blkid command.

    Save the file and exit.

    Step 6: Fix initramfs

    We only have two steps left. When Linux boots, in most cases, the first thing that is loaded is the kernel and the second thing that is loaded is an initial ram filesystem or initramfs. The initramfs is like a temporary operating system that helps the Linux kernel get everything set up for real. If your system doesn’t need an initramfs, you can skip this, but if you are running a system that doesn’t need one, you probably don’t need to be reading these instructions anyway!

    This step is again platform specific, but on Ubuntu, the command is simple:

    # update-initramfs -u
    

    It may take a minute or two.

    Step 7: Install the bootloader

    Finally, to make sure your new drive is bootable, we need to install a bootloader. Most Linux systems these days are using grub or grub2 for their bootloader, and there are a lot of confusing ways out there to “fix” your bootloader or to “install” a bootloader, however, your Linux system should already know how to do this.

    If you are running Ubuntu, simply type this:

    # dpkg-reconfigure grub-pc
    

    When the prompts ask you, be sure to install grub to your new device. In our example scenario, you would pick /dev/sdb.

    Once this is done, you should exit the chroot environment, reboot your computer, tell your BIOS to boot from the new drive, and enjoy running Linux from your new drive!

    # exit
    # reboot
    

    Conclusion

    This has taken a number of steps, but in summary, transferring to a new drive isn’t all that hard. It really just boils down to these things:

    • freshly mount the source and target filesystems
    • transfer all files with rsync
    • create a good chroot environment and then chroot into it.
    • update the fstab file and the initramfs file
    • install the bootloader

    The only tricky part is discovering how your specific Linux distribution handles the initramfs and bootloader installation. I’ve described how Ubuntu handles it here, but if your distribution handles it differently, put a comment below!

    Published by:
  • Geekery

    Hide/Show Desktop Icons on Mac OSX

    I get distracted easily, so I wrote a little script to toggle the visibility of the desktop icons on Mac OSX.

    Here it is:

    #!/bin/bash
    
    CURRENT=$(defaults read com.apple.finder CreateDesktop 2>/dev/null || echo 1)
    
    defaults write com.apple.finder CreateDesktop $((! $CURRENT))
    killall Finder
    

    Just run this script and if the icons are on your desktop, they will all disappear… if you have already hidden them, run this script to get them back.

    Published by:
  • Geekery

    HOW TO: Fix “Home” and “End” keys in the Mac Terminal

    The Mac Terminal.app is one of the best Terminals I have used, but it has some annoying quirks like not supporting standard key definitions out of the box. The most frustrating ones are Home and End.

    In nearly every OS, Home has meant “go to the beginning of the line” and End has meant “go to the end of the line,” but on the Mac, the default has always been for Home to scroll a document up to the top and for End to scroll the document down to the bottom.

    However, since most Terminal applications aim for the Unixy world, they don’t care about scrolling through documents as much as dealing with the line you are on.

    Luckily, the Mac Terminal has the ability to let the intrepid user customize it’s keybindings. If you want to make your Terminal operate like a standard Unix-like terminal, follow these simple steps:

    • Open the Terminal app.
    • Select Preferences from the Terminal Menu.
    • Under Settings, select a Profile you want to change.
    • In the right pane, select the Keyboard button to see keyboard settings.
    • Select the line that has the word “home” in the “Key” column.
    • Click the Edit Button at the bottom.
    • Make it look like this:

    Screen Shot 2013-08-23 at 10.46.57 AM

    • To enter the right key code, clear the box and type these keys in order: ESCAPE O H (that’s a capital letter o, not a zero)
    • The right key code for “end” is exactly like “home” but you replace the “H” with an “F”.

    Some Linux/Unix Friendly Keycodes (submit your own in the comments):

    • home :: \033OH
    • end :: \033OF
    • F1 :: \033[11~
    • F2 :: \033[12~
    • F3 :: \033[13~
    • F4 :: \033[14~

    Other links that worked but had problems:

    The main problem with each solution below is that they only work part of the time. My solution above is compatible with the latest version of Mac OS X (Mountain Lion), and is also the default key binding for xterm, remote shells (ssh), vi(m), and also GNU screen. Each of the solutions below only work in a few of the cases for me.

    Published by:
  • Church Planting Front Page Tough Questions

    To Tithe or Not to Tithe

    In a recent conversation I had with a church planting friend of mine, the topic of the tithe came up, and I thought it might be interesting for me to put down in this forum what I am teaching my church regarding giving.

    Having been heavily influenced by the likes of Andy Stanley, Randy Alcorn, and my own Dad, I have become convinced that teaching percentage-based giving is not only the number one kind of giving to encourage in our people, but I have also become convinced that the church organization should structure its budget based on the tithes of the people without regard to special offerings, designated funds, or anything above and beyond the tithe.

    However, I know there are two major problems with my approach: Continue reading

    Published by:
  • Front Page Tough Questions

    How should Christians live out God’s ideal of justice?

    Occasionally, I get really deep questions turned in on our Sunday Connect Cards, and this past Sunday, I received this one:

    I noticed that two of the songs played in service this morning mentioned justice as something God has and uses to demonstrate his goodness. If one of the classic arguments against belief in a personal God is perceived injustice in the Bible – God plays favorites, the wholesale slaughter of thousands of men, women, children by the Hebrews, the concept of Hell, etc. – how should we answer that charge? On a less philosophical level, how should Christians demonstrate the ideal of God’s justice in our daily lives? How do we commit to something so ephemeral and confusing?

    This is such a big question that I responded to the author by email but thought it might be worthwhile to post it here as well. What follows is my response. Continue reading

    Published by:
  • Front Page Tough Questions

    Why do we say “Amen” at the end of prayers?

    Recently, a note came to me from someone in our church with an interesting question. It said this:

    Why is it that sometimes your prayers do not end with “Amen”? Is there a biblical reason why we do or do not say amen after prayers?

    I responded personally, but I also felt my answer might benefit others, so here it is in blog form.

    The Meaning of “Amen”

    First, the word Amen is a Hebrew word that comes from the Hebrew root AMN which means faith/faithfulness. Strangely enough, this same root word shows up in a variety of other Hebrew words including words for the firm columns supporting a roof. Continue reading

    Published by:
  • Front Page Lafayette Community Church Leadership

    LCC Weekly :: November 4 & 11, 2012

    This is part of a series of posts aimed at supporting and encouraging the volunteers of Lafayette Community Church.

    Sunday Review

    Our past two Sunday gatherings have been truly refreshing to me. For one thing, Jake Steffes has been selecting our music, and he has done a great job of not only picking songs that resonate with the theme but also ordering them in a way that encourages us on Sundays to release ourselves into God’s presence. His work has taken a load off of my mind and has given our band more time to prepare! Continue reading

    Published by:
  • Front Page Lafayette Community Church Leadership

    LCC Weekly :: October 28, 2012

    This is part of a series of posts aimed at supporting and encouraging the volunteers of Lafayette Community Church.

    Sunday Review

    What an incredible Sunday we experienced last week! Not only did we get the weekend started right with our Volunteer Refresh event on Saturday evening, but the whole weekend we were blessed to have Brian Fraaza and his band with us.

    It was also a great blessing to have Greg Shackleford, a great friend of mine and a founding member of this church, joining us this weekend as a part of Brian’s band. I also want to recognize Kelsey and Ben who drove down from Kalamazoo with Brian and Greg to bless us with their musical talents. Continue reading

    Published by:
  • Front Page Lafayette Community Church Leadership

    LCC Weekly :: October 21, 2012

    This is part of a series of posts aimed at supporting and encouraging the volunteers of Lafayette Community Church.

    Sunday Review

    Music

    http://grooveshark.com/playlist/2012+10+21+LCC+WORSHIP/78537924

    What made the music for this past Sunday extra special and extra refreshing for me was that Jake Steffes took the lead on planning the setlist and coordinating the band practice. I still say it is a joy to work with Jake, and I know all the rest of the band appreciates him as much as I do. Thanks Jake!

    Message

    This Sunday brought the second message in my series on conflict resolution called “f.i.g.h.t.” and there were aspects of it that were really personal for me. Continue reading

    Published by:
  • Front Page Lafayette Community Church Leadership

    LCC Weekly :: October 12, 2012

    This is part of a series of posts aimed at supporting and encouraging the volunteers of Lafayette Community Church.

    Sunday Review

    Message

    On Sunday, I started a brand new series of messages I’m calling “f.i.g.h.t” to cover the five skills you need to handle any kind of conflict that may come your way.

    This is a really personal issue for me. I remember as a child seeing all the conflict that arose in my home church. There were debates over whether the leaders of the church should be called Deacons, Elders, or Overseers. There were debates on whether the missionaries should get more money or the school. There were debates over whether the pastor really deserved as much money as they gave him. Continue reading

    Published by: