Support » Plugin: WP w3all phpBB » Auto Login to PHPBB is not working from WP

  • Resolved siteadmin123

    (@siteadmin123)


    Hi I am trying to link phpbb forum to my wordpress site. I have now brought over the iframe and all the text is green in the plugin. I have followed all your instructions but then the autologin of users is not working. Can you please help urgently?

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 23 total)
  • Plugin Author axew3

    (@axewww)

    Hi! it just show a counter and a Coming Soon text, the page you linked asking for help, so has not been possible to check the issue, that should be cookie related

    Hi – sorry I have now removed the under construction mode.

    I have set the forum at https://test2020.joc.org.uk/forum and have set the cookies on phpbb to be .joc.org.uk to cover all subdomains.

    Am I missing anything?

    Plugin Author axew3

    (@axewww)

    I see your overall_footer.html, that lack of the part before this:
    <script src="iframeResizer.contentWindow.min.js"></script>
    then i assume you want to build your own js about?
    If not, you have to add all what reported here:
    https://www.axew3.com/w3/2020/01/phpbb-wordpress-template-integration-iframe-v5/

    Or you mean something else, related to the fact, that a remember me login do not work, and the session expire?

    p.s the problem given by the js code you still have not add into overall_footer, when you are on wp forum page (that contain the phpBB iframe)?

    • This reply was modified 3 months, 2 weeks ago by axew3.

    hi thanks!

    We added this but now once we login, the page keeps on refreshing

    Also, migrated users from WP to PHPBB are not able to login to PHPBB using the WP credentials. Is there a Live chat option? so that we could resolve this together?

    Plugin Author axew3

    (@axewww)

    It is normal as explained on procedure, that transferred wordpress users into phpBB will not be able to logi, because hash do not will match.

    This has been resolved on new 2.4.0 that’s coming on this week.

    Your transferred users into phpBB will have to reset their password, in order to correctly login into phpbb.

    If you experience that is not possible to login in wp side with the actual not updated WP password, let may know, i will apply a patch to 2.3.9 on fly. So if you will let users login only in wp side they will be able to login without resetting actual password.

    If you leave users login also in phpBB, then transferred users will have by the way update the password, then it will be recognized on both (until integration run)

    what about the refresh? have you setup the security settings to allow remember me logins, and may set days to expire of the remember me login to a value that is not 0?

    Hi Thanks for your response.

    Our users will mainly login from the WP side. However, the auto login (single sign on) is still not working. Can you please apply the patch or help in looking into the issue? Is it possible to teamview or something like that?

    I can provide you a test user access

    Plugin Author axew3

    (@axewww)

    open up wp_w3all.php file into plugin folder and where
    from line 808 until 873

    there is this code:

     if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :
    
    function wp_check_password($password, $hash, $user_id) {
       global $wpdb,$wp_hasher;
          
       $password = trim($password);
       $check = false;
       
       if( $user_id < 1 ){ return; }
     
         $wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
         $wpu = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '".$user_id."'");
         if(empty($wpu)){
          $wpu = get_user_by( 'ID', $user_id );
         }  
         
     if(!empty($wpu)){
     	 $is_phpbb_admin = ( $user_id == 1 ) ? 1 : 0; // switch for phpBB admin // 1 admin 0 all others
       $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wpu->user_login, $is_phpbb_admin, $wpu);
    	 if ( $changed !== false ){
          $hash = $changed;
        }   
    
    	 // If the hash is still old md5...
        if ( strlen($hash) <= 32 ) {
            $check = hash_equals( $hash, md5( $password ) );
         }
    
     // Argon2i and Argon2id password hash
     if( substr($hash, 0, 8) == '$argon2i' ){
     	$password = stripslashes(htmlspecialchars($password, ENT_COMPAT)); // " do not need to be converted
      //$password = stripslashes(htmlspecialchars($password));
      $check = password_verify($password, $hash);
      $HArgon2i = true;
     }
     
     if ( !isset($check) OR $check !== true && !isset($HArgon2i) ){ // md5 check failed or not fired above ...
    	 if ( empty($wp_hasher) ) {
    		require_once( ABSPATH . WPINC . '/class-phpass.php'); 	
    		$wp_hasher = new PasswordHash(12, true);
    	 } 
        $check = $wp_hasher->CheckPassword($password, $hash); // WP check  
      }
      	 
     if ($check !== true && strlen($hash) > 32 && !isset($HArgon2i)){ // Wp check failed
        //$password = utf8_encode($password);
        $password = stripslashes($password);
        $password = htmlspecialchars($password, ENT_COMPAT);
        $check = password_verify($password, $hash);
      }
         
         if ($check === true){
         	  $phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu); 
         	 if(! defined("PHPBBCOOKIERELEASED") ){ 
         	  define("PHPBBCOOKIERELEASED", true); // then the session will be set on_login hook, if this filter bypassed
           }
          } else {
               $check = false;
            }
    	   return apply_filters( 'check_password', $check, $password, $hash, $user_id );
    } else {
         	return apply_filters( 'check_password', false, $password, $hash, $user_id );
         }
    }
    
    endif;

    change with:

    if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :
    
    function wp_check_password($password, $hash, $user_id) {
       global $wpdb,$wp_hasher;
           
       $password = trim($password);
       //$password = str_replace(chr(0), '', $password);
       $check = false;
       $hash_x_wp = $hash;
    
         $wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
         $wpu = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '".$user_id."'");
         if(empty($wpu)){
          $wpu = get_user_by( 'ID', $user_id );
         }  
         
     if(!empty($wpu)){
     	 $is_phpbb_admin = ( $user_id == 1 ) ? 1 : 0; // switch for phpBB admin // 1 admin 0 all others
       $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wpu->user_email, $is_phpbb_admin, $wpu);
    	 if ( $changed !== false ){
          $hash = $changed;
        }
     
    	 // If the hash is still old md5...
        if ( $hash != null && strlen($hash) <= 32 ) {
            $check = hash_equals( $hash, md5( $password ) );
         }
    
     // Argon2i and Argon2id password hash
     if( substr($hash, 0, 8) == '$argon2i' ){
     	$password = stripslashes(htmlspecialchars($password, ENT_COMPAT)); // " do not need to be converted
      //$password = stripslashes(htmlspecialchars($password));
      $check = password_verify($password, $hash);
      $HArgon2i = true;
     }
     
     if ( !isset($check) OR $check !== true && !isset($HArgon2i) ){ // check the default Wp pass: md5 check failed or not fired above
    	 if ( empty($wp_hasher) ) {
    		require_once( ABSPATH . WPINC . '/class-phpass.php'); 	
    		$wp_hasher = new PasswordHash(8, true); // 8 wp default
    	 } 
        $check = $wp_hasher->CheckPassword($password, $hash_x_wp);
      }
      	 
     if ($check !== true && strlen($hash) > 32 && !isset($HArgon2i)){ // Wp check failed, check phpBB pass that's may not Argon2i 
        $password = stripslashes($password);
        $password = htmlspecialchars($password, ENT_COMPAT);
        $check = password_verify($password, $hash);
      }
      
         if ($check === true){
         	  $phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu); 
         	 if(! defined("PHPBBCOOKIERELEASED") ){ 
         	  define("PHPBBCOOKIERELEASED", true); // then the session will be set on_login hook, if this filter bypassed
           }
          } else {
               $check = false;
            }
    	   return apply_filters( 'check_password', $check, $password, $hash, $user_id );
     } else {
         	return apply_filters( 'check_password', false, $password, $hash, $user_id );
         }
    }
    
    endif;

    i’m axew w w (without spaces between w chars) on skype

    Plugin Author axew3

    (@axewww)

    spam system here, putted the post on moderation queue after edit.
    So i just reply the same as before:

    open up wp_w3all.php file into plugin folder and where
    from line 808 until 873

    there is this code:

     if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :
    
    function wp_check_password($password, $hash, $user_id) {
       global $wpdb,$wp_hasher;
          
       $password = trim($password);
       $check = false;
       
       if( $user_id < 1 ){ return; }
     
         $wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
         $wpu = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '".$user_id."'");
         if(empty($wpu)){
          $wpu = get_user_by( 'ID', $user_id );
         }  
         
     if(!empty($wpu)){
     	 $is_phpbb_admin = ( $user_id == 1 ) ? 1 : 0; // switch for phpBB admin // 1 admin 0 all others
       $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wpu->user_login, $is_phpbb_admin, $wpu);
    	 if ( $changed !== false ){
          $hash = $changed;
        }   
    
    	 // If the hash is still old md5...
        if ( strlen($hash) <= 32 ) {
            $check = hash_equals( $hash, md5( $password ) );
         }
    
     // Argon2i and Argon2id password hash
     if( substr($hash, 0, 8) == '$argon2i' ){
     	$password = stripslashes(htmlspecialchars($password, ENT_COMPAT)); // " do not need to be converted
      //$password = stripslashes(htmlspecialchars($password));
      $check = password_verify($password, $hash);
      $HArgon2i = true;
     }
     
     if ( !isset($check) OR $check !== true && !isset($HArgon2i) ){ // md5 check failed or not fired above ...
    	 if ( empty($wp_hasher) ) {
    		require_once( ABSPATH . WPINC . '/class-phpass.php'); 	
    		$wp_hasher = new PasswordHash(12, true);
    	 } 
        $check = $wp_hasher->CheckPassword($password, $hash); // WP check  
      }
      	 
     if ($check !== true && strlen($hash) > 32 && !isset($HArgon2i)){ // Wp check failed
        //$password = utf8_encode($password);
        $password = stripslashes($password);
        $password = htmlspecialchars($password, ENT_COMPAT);
        $check = password_verify($password, $hash);
      }
         
         if ($check === true){
         	  $phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu); 
         	 if(! defined("PHPBBCOOKIERELEASED") ){ 
         	  define("PHPBBCOOKIERELEASED", true); // then the session will be set on_login hook, if this filter bypassed
           }
          } else {
               $check = false;
            }
    	   return apply_filters( 'check_password', $check, $password, $hash, $user_id );
    } else {
         	return apply_filters( 'check_password', false, $password, $hash, $user_id );
         }
    }
    
    endif;

    change with:

    if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :
    
    function wp_check_password($password, $hash, $user_id) {
       global $wpdb,$wp_hasher;
           
       $password = trim($password);
       //$password = str_replace(chr(0), '', $password);
       $check = false;
       $hash_x_wp = $hash;
    
         $wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
         $wpu = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '".$user_id."'");
         if(empty($wpu)){
          $wpu = get_user_by( 'ID', $user_id );
         }  
         
     if(!empty($wpu)){
     	 $is_phpbb_admin = ( $user_id == 1 ) ? 1 : 0; // switch for phpBB admin // 1 admin 0 all others
       $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wpu->user_email, $is_phpbb_admin, $wpu);
    	 if ( $changed !== false ){
          $hash = $changed;
        }
     
    	 // If the hash is still old md5...
        if ( $hash != null && strlen($hash) <= 32 ) {
            $check = hash_equals( $hash, md5( $password ) );
         }
    
     // Argon2i and Argon2id password hash
     if( substr($hash, 0, 8) == '$argon2i' ){
     	$password = stripslashes(htmlspecialchars($password, ENT_COMPAT)); // " do not need to be converted
      //$password = stripslashes(htmlspecialchars($password));
      $check = password_verify($password, $hash);
      $HArgon2i = true;
     }
     
     if ( !isset($check) OR $check !== true && !isset($HArgon2i) ){ // check the default Wp pass: md5 check failed or not fired above
    	 if ( empty($wp_hasher) ) {
    		require_once( ABSPATH . WPINC . '/class-phpass.php'); 	
    		$wp_hasher = new PasswordHash(8, true); // 8 wp default
    	 } 
        $check = $wp_hasher->CheckPassword($password, $hash_x_wp);
      }
      	 
     if ($check !== true && strlen($hash) > 32 && !isset($HArgon2i)){ // Wp check failed, check phpBB pass that's may not Argon2i 
        $password = stripslashes($password);
        $password = htmlspecialchars($password, ENT_COMPAT);
        $check = password_verify($password, $hash);
      }
      
         if ($check === true){
         	  $phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu); 
         	 if(! defined("PHPBBCOOKIERELEASED") ){ 
         	  define("PHPBBCOOKIERELEASED", true); // then the session will be set on_login hook, if this filter bypassed
           }
          } else {
               $check = false;
            }
    	   return apply_filters( 'check_password', $check, $password, $hash, $user_id );
     } else {
         	return apply_filters( 'check_password', false, $password, $hash, $user_id );
         }
    }
    
    endif;

    i’m axew w w (without spaces between w chars) on skype

    thanks. Still does not autologin WP user to PHPBB

    created a test user for you

    can you login using username and PW as: testswara2

    and see what is the issue?

    Plugin Author axew3

    (@axewww)

    into phpBB overall_footer code you added, you set the cookie domain value to:
    document.domain = 'test2020.joc.org.uk';
    while your page-forum.php into your WP active template folder,
    where these lines say:

    document.domain = '".$document_domain."';
    		// document.domain = 'mydomain.com'; // NOTE: reset/setup this with domain if js error when WP is installed like on mysite.domain.com and phpBB on domain.com: js origin error can come out for example when WordPress is on subdomain install and phpBB on domain. The origin fix is needed: (do this also on phpBB overall_footer.html added code)

    returns this:
    document.domain = 'joc.org.uk';
    so open it, and change this line:
    // document.domain = 'mydomain.com'; // NOTE: reset/setup .....
    into this:

    document.domain = 'test2020.joc.org.uk'; // NOTE: reset/setup .....

    they need to be the same

    p.s may also change
    document.domain = '".$document_domain."';
    into this:
    //document.domain = '".$document_domain."';

    • This reply was modified 3 months, 2 weeks ago by axew3.
    • This reply was modified 3 months, 2 weeks ago by axew3.

    ok changed this but the page now keeps refreshing in loops

    Plugin Author axew3

    (@axewww)

    what are you doing?
    document.domain = 'joc.org.uk';
    say now your overall_footer code

    while it return
    document.domain = 'test2020.joc.org.uk';

    your page forum.

    set as
    document.domain = 'test2020.joc.org.uk';

    your overall_footer.html code, like on the page-forum.php

    p.s when you change the overall_footer code of phpBB, or any other phpBB template file, remember that you have to rebuild stale template (better is that you leave set yes until you not finished with all, then reset to no)

    • This reply was modified 3 months, 2 weeks ago by axew3.

    changed everything to test.2020.joc.org.uk both on the overall_footer.html and page-forum.php

    Plugin Author axew3

    (@axewww)

    guess you have to setup cookie domain on both overall_footer code and page-forum, to be
    joc.org.uk
    because the js function w3all_ajaxup_from_phpbb
    return

    Uncaught DOMException: Permission denied to access property “w3all_ajaxup_from_phpbb” on cross-origin object

    while your cookie domain do not match

    this cause the loop, the wrong cookie domain setting

Viewing 15 replies - 1 through 15 (of 23 total)
  • You must be logged in to reply to this topic.