tbenyon
Forum Replies Created
-
Forum: Plugins
In reply to: [External Login] Role settings doesn’t workNice! Glad it’s sorted ๐
If it all works Iโd be grateful if you could write a review or even buy me a beer.
Thanks,
Tom ๐
Forum: Plugins
In reply to: [External Login] Role settings doesn’t workHey @agnescld,
There was an update to the app recently that fixed this. Can you please:
- Check that you have V1.9.0 install
- Do a hard refresh of the settings page in your browser
Another user reported similar issues recently but found that it was their server caching the old broken JS.
Let me know if this makes any difference? If not, the next step is probably to guide you with showing me any logs that appear in your browsers console that may help us discover the issue ๐
Thanks,
Tom
Forum: Reviews
In reply to: [External Login] sha256 encryped passwordHey Douwe,
Really appreciate you taking the time to write a review – and nice work with integrating your hook code! ๐
Forum: Plugins
In reply to: [External Login] SHA256 encryptionHey @douweyntema,
Thatโs great news that youโve got it working ๐
Glad the plugin has been of use to you ๐
If youโre happy Iโd be grateful if you could write a review or even buy me a beer.
Thanks again and weโll done for getting it working! ๐
Forum: Plugins
In reply to: [External Login] SHA256 encryptionNo worries ๐
Have a great weekend.
Forum: Plugins
In reply to: [External Login] Call to undefined function sqlsrv_connect()Hey @joannabiava,
I haven’t heard back so I’m assuming this is resolved and will mark it as so.
If you have any further questions feel free to get back to me ๐
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Question on user nameI haven’t heard back from you so I’m going to mark this as resolved.
If you have any further questions or thoughts, feel free to get back in contact and we can talk this through further ๐
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] SHA256 encryptionHey @douweyntema,
Just checking in to see how you got on implementing the hook? ๐
Forum: Plugins
In reply to: [External Login] SHA256 encryptionFor me it is the same if the hashing algorithm is not set up correctly, the password is not validated correctly, resulting in beeing blocked from logging in to WordPress
Yes this makes sense as described above: “You will be blocked from logging in with a username on WordPress if the username exists in the external database and your password was not validated.”
Without this, if you changed a password for a user on the external system, it would never validate externally but continue to log them in locally with the now outdated password.
But I cannot find a file called functions.php in the folder structure of the plugin. Where has this file to be created?
No this file does not exist in the plugin.
You would not want to modify the code in the plugin as every time there was an update to the plugin it would be wiped.
Instead, WordPress uses a system called hooks that allow you to write custom code snippets outside of the plugin that will be executed at a set point while the plugin is running.
As a beginner to WordPress, the functions.php file is a fine place to put this for now and it exists in the base of your themes folder.
Thanks,
Tom ๐
Forum: Plugins
In reply to: [External Login] SHA256 encryptionIf you donโt have the correct hash algorithm setup then your password wonโt be validated by the plugin and should not update the WordPress user. I would be very surprised if the plugin that changed your password.
You will be blocked from logging in with a username on WordPress if the username exists in the external database and your password was not validated.
If the user does not exist on the external database it will try and log the user in via the WordPress database (unless โdisable local loginโ option is selected).
If you do authenticate correctly. It will store a different hash (using WordPressโ bcrypt hashing algorithm) for the same password in the WordPress database.
This way you can login with both systems with the same password but the hash will appear different.
Regarding the documentation, The details can be found in the hooks question in the FAQ.
You want the โexlog_hook_filter_authenticate_hashโ hook.
Youโll want to copy the code example and paste it in the top of your functions.php file.
Then you can change the logic within the function for your specific hashing use case.
Let me know if you have further questions. ๐
Forum: Reviews
In reply to: [External Login] the best plugin and the best supportForum: Plugins
In reply to: [External Login] Role settings not workingAwesome! That’s great news ๐
Bet that feels good to sort out!
If you have any more questions, feel free to get back to me.
If it all works and you have time, Iโd be grateful if you could write a review or even buy me a beer.
Thanks and good luck with the project ๐
Forum: Plugins
In reply to: [External Login] SHA256 encryptionHey @douweyntema,
So there are an infinite amount of ways to hash a password, some better than others and some just different.
When your external system stores a password, it will hash it in some way.
You’ve said that every user has their own salt which is good practise.
When a user on your system creates a password your system it will hash in some way. For example, it may:
1) get the user inputted password of ‘monkey’
2) create a random salt for the user ‘abc123’
3) join the password and hash somehow ‘monkeyabc123’ OR ‘abc123monkey’
4) hash the created string of monkeyabc123
5) store the created hash and the used salt in the databaseThe option we’re discussing chooses (in step 3 above) if the salt goes on the end or the beginning.
This setting is for basic usages. Your external system may be more complex than the basic process described here. If this is the case, you’ll find some information on the hope page FAQ section on how to use a hook to add some logic in for your custom use case.
I’m happy to advise with this but you must first know what the external system you have in place does.
Thanks,
Tom ๐
Forum: Plugins
In reply to: [External Login] SHA256 encryptionHey @douweyntema,
A salt is something that may get added to the password to increase security.
Using a SHA256 hash alone is not a particularly secure method of storing password. There’s some information on the main page if you’re interested in learning more.
The specific setting just specifies that, if you are using a salt, does it get added to the beginning or end of the password before the password is hashed.
It’s all completely down to how your external system hashes passwords.
If it is just using SHA256 then you need to use a salt in your settings.
Hope this helps but feel free to come back at me with more questions ๐
Forum: Plugins
In reply to: [External Login] Role settings not working@lucasbelini no worries. Apologies for the inconvenience.
I’m in my day job right now so will try and have a look at this asap for you.
Will keep you posted but please feel free to chase me.
Thanks,
Tom ๐