tbenyon
Forum Replies Created
-
Hey @philengel,
1) That is not an error from this plugin. It looks like you may also be using Custom WP Login?
Try deactivating that plugin and see if you still get the error.
2) Yes – it is normal to only see part of the e-mail. I truncate the strings when displaying it to the end user.
Let me know how you get on with disabling the other plugin and trying it again.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] password hasingIf the hook is in place, the rest of the settings for password hashing are ignored.
Youโve made me realise however this is not documented or very clear. I may add a notice to the admin area in the future to indicate if the custom hook has been found.
Iโll mark this thread as resolved for now but if you have any further issue donโt hesitate to get back in contact. ๐
If you like the plugin Iโd be very grateful for a review.
Thanks Colman,
Tom ๐
Forum: Plugins
In reply to: [External Login] password hasingHey @colmanbyrne,
The statement you have sent is a custom hashing solution and thus not supported by the plugin as a standard setting.
This is because as well as using the crypt hashing method, it is also relying on an md5 hash.
For this reason the only way for you to solve this is by using the “exlog_hook_filter_authenticate_hash” hook. You can find documentation for its use in the FAQ.
To help you out however, this is something like what you would want to add to your functions.php file:
function myExlogHashAuthenticator($password, $hashFromDatabase, $username, $externalUserData) { $pw_salt = 'someSaltUsedOnExternalDatabase' $generatedHashFromEnteredPassword = crypt(md5($password), $pw_salt) return $generatedHashFromEnteredPassword == $hashFromDatabase; } add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 4);I have not tested this so treat this like pseudo code to help you build a solution.
I should also point out that the hashing system your external database is using is not best practice. I would recommend reading the
SECURITY NOTES -> Hashingsection of the main plugin page for guidance on why this is not desirable.Let me know if you have any questions, and let me know how you get on,
Thanks,
Tom ๐
- This reply was modified 6 years, 5 months ago by tbenyon.
Forum: Plugins
In reply to: [External Login] Doubt about the pluginThanks for the info.
A 500 error indicates that it is an error on your external database. You really need to look at the error logs on that server to see why it returned a 500.
If you can’t see anything there you could look to see if there are any errors in your php error logs at the moment you clicked this button.
I can’t really help you unless we can get more information on what the error was.
Some things to double check:
- Is your ‘Database Type’ setting definitely set to MSSQL?
- Are there definitely users in your external user table?
- Have you definitely spelt the name of your database and the table correctly in your settings
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Doubt about the pluginRegarding this 500 error. Can you tell me:
- What you click/press to make the error appear? The test button in the settings page?
- Do you get any other information with the error?
- Do any errors appear in your PHP error logs at the time you did this action?
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Possible Bug and/or Security Issue?Hey,
No problem at all.
Definitely agree with your feedback. If admin is default that is definitely dangerous!
Iโll add a task on my board to review this.
Iโll mark this as resolved for now, but feel free to post back if you have other issues ๐
Forum: Plugins
In reply to: [External Login] Map Additional FieldNo problem! Iโll mark this as resolved for now but if you have any issues with this just reply back here and weโll have a further look together.
Thanks, and good luck with the project! ๐
Forum: Plugins
In reply to: [External Login] Doubt about the pluginHey @fabianesm,
It sounds like this would do part of what youโre looking for but I would just like to clarify the flow.
Every time the user logs in to WordPress, the plugin will first try to login the user with the external database of users.
If it can connect to the external database and the user is found, it will use the external database to try and authenticate the user.
If their password was correct it will create their user in the WordPress database. If a user with that username already exists it will update that users password and other information from the external database.
This would ensure the password was up to date every time they logged in to WordPress.
If the database canโt be connected to, it will try and login the user using the WordPress database (but there is a setting to turn that off called โDisable Local Loginโ).
The plugin does nothing to move data from WordPress to the external database. However, there is a hook you can use that fires after the user has been authenticated that would allow you to run queries then.
Let me know if you have any other questions ๐
Forum: Plugins
In reply to: [External Login] PBKDF2HashHey All,
Just letting you know that this feature is now complete and released in V1.8.4.
You can see some basic documentation here.
I will close this ticket for now, however if you have any questions or issues please get back in contact here ๐
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Map Additional FieldHey @enduser670,
I hadn’t properly read this post until now. Been trying to get a different release out for another but that is now resolved.
I still have plans to add custom fields to be pulled from the user table. However there is another way you can handle this for now.
If you look in my frequently asked questions section there is some details about available hooks.
You could use the
exlog_hook_action_authenticatedhook to add additional meta fields when they get authenticated.The hook pulls in the new wordpress user and all the fields grabbed from the external table on the authenticated user.
I haven’t tested this, so treat it like pseudo code, but you could do something like this:
function enduser670_exlog_add_additional_user_data($wp_user, $exlog_user_data) { add_user_meta( $wp_user->ID, // User ID 'fav_colour', // WP Meta field key $exlog_user_data['favourite_colour'], // External table data false // Not unique ); } add_action('exlog_hook_action_authenticated', 'enduser670_exlog_add_additional_user_data', 10, 2);If any of this does not make sense, feel free to get back to me. Also happy to support further if you get an error you don’t understand.
Thanks,
Tom ๐
Forum: Plugins
In reply to: [External Login] Possible Bug and/or Security Issue?Hey @enduser670
I wanted to apologise for not getting back to your previous query fast enough but itโs great that you managed to resolve it yourself.
I was also really grateful for the detailed review you gave. It really does mean a lot so thank you ๐
Regarding this issue, there is a drop down that lets you specify the default role in the role mappings section. This is used for the exact scenario you are talking about. It lets you choose which role users should come in with if there are no custom mappings met.
Can you check that you havenโt got this drop down set to the administrator value for me.
Thanks,
Tom ๐
Forum: Plugins
In reply to: [External Login] unable to login using this pluginHey @agentmishra,
I am planning to get this feature released by the end of next week ๐
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] users created when not in external databaseHi @wburling1,
Apologies for the delayed reply.
The plugin does not block users from registering through WordPress.
This is something you can handle yourself and there’s a good article on how here however I haven’t tested it myself.
Regarding your second question, new user notifications is a standard WordPress feature and not something the plugin handles. I’m sure there is another plugin out there that can help you with this.
Regarding your third point about the error, thank you very much for bringing this to my attention. It will currently not cause any harm but means that the plugin logo will stop showing in the settings page in the future and I have to write another way of achieving this.
As this should be simple I’m hoping to get this out in the next release.
Thanks @wburling1 ,
Tom ๐
Forum: Plugins
In reply to: [External Login] Password Reset/Recovery SystemHey @puupak,
I see your interested in this feature too.
Still not the top priority but I’ve bumped it up the list as more interest is now apparent.
@matrixmedia, let us know if you have done any development yourself on this ๐
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] PBKDF2HashHi All,
Sincere apologies for taking so long to reply. Life’s been busy.
Thank you for the code @underdigital. The integration mentioned above is quite custom for each user.
Things that change for each user are:
-
how salt is handled (in your case salt is added to the beginning of the password)
-
the amount of iterations
length
To make this reusable I am going to add functionality to allow something like the custom function to be called from a plugin hook.
I am midway through developing this code already.
You as the user would need to add code similar to this to your functions.php file.
function myExlogHashAuthenticator($password, $hashFromDatabase, $username) { $iterations = 10000; $length = 40; $salt = $passwordSalt . $username; $hash = hash_pbkdf2("sha1", $password, $salt, $iterations, $length); $hash = \strtoupper($hash); return $hash == $hashFromDatabase; } add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 2);Let me know if any of you have any hesitations about this but my plan is to get this out as the next release.
Tom