tbenyon
Forum Replies Created
-
Forum: Plugins
In reply to: [External Login] Support for SQL Server DBForum: Plugins
In reply to: [External Login] unable to login using this pluginCool
Forum: Plugins
In reply to: [External Login] Support for SQL Server DBHey Tom,
Let me see what I can do. Can’t make any promises but I will keep you up to date. I welcome you to check in and chase to see how I’m getting on over the next few weeks – I won’t think it’s rude.
If I deliver in four weeks I’ll let you buy me a beer to say thank you 🙂
Tom
Forum: Reviews
In reply to: [External Login] Excellent Support and Help from Plugin AuthorReally appreciate you taking the time to review Tom 🙂
Thanks
🙂
Forum: Plugins
In reply to: [External Login] Support for SQL Server DBHey Tom,
Really glad you like it. If you wouldn’t mind taking the time to write a one line review I’d be very grateful.
Moving forward, I’ll add this to my backlog of features for now. Do you have a deadline of when this would be useful? Can’t make promises but it may sway my timeline.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Use only APIHey @doublesharp,
I could do. However this leads to the question of how much of the plugins functionality are we bypassing. Likely answer is most of it.
The idea would be that I’d write you a filter that would give you the username and password from the form and you would return user data in a valid format if they were authenticated and maybe false if not.
This begs the question, what is the plugin actually doing for you?
The rest of the logic is really simple so you may prefer to just include the custom code yourself.
The plugins core logic of that part of it was all based on this blog post by Ben Lobaugh:
https://ben.lobaugh.net/blog/7175/wordpress-replace-built-in-user-authenticationI’m certainly not saying I can’t do that for you – and I’m happy to look into it if you’re keen. But it won’t be saving you much.
Any thoughts?
Forum: Plugins
In reply to: [External Login] unable to login using this pluginHi @agentmishra,
I just tested that ID you sent and it does appear to work.
If you use the version of the plugin that I shared with you before and add the below code to your functions.php file in your active theme then you should find it is working.
function myExlogHashAuthenticator($password, $hashFromDatabase) { $hmacHashFromPassword = hash_hmac('sha256', $password, '0ee04f60e6f20d6e369ead803e66d46c5cc9ef0c39a97273c4e93e6f876f4710'); return password_verify($hmacHashFromPassword, $hashFromDatabase); } add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 2);If you can verify this is working for you I will get this change into the next plugin update.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Support for SQL Server DBHey Tom,
I’ve had a read and understandably as a proof of concept, you’ve written over a lot of the existing options which means I can’t easily integrate this in.
If you would like to see an option to support this integration in the actual plugin code base so that you’ll get future updates etc there are two ways ahead that I would suggest.
1) I’ll add it to my backlog and try and get a test environment setup and see if I can integrate your logic in with what already exists. (Not likely to be super soon to be honest)
2) You could make a pull request from the git repo and write the full integration your self. I’ll then test it and if it all looks good my end I can integrate it in to a future release and will of course credit you as a contributor.
You may not need this integrated and are quite happy to continue using your own adapted version of the plugin.
Just wanted to see how you wanted to progress.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Support for SQL Server DBHey Tom,
You’re all over this yourself – love it! 🙂
Just wanted you to know that I’m not ignoring you and I’m going to look at your changes now.
Tom
Forum: Plugins
In reply to: [External Login] unable to login using this pluginHey @agentmishra,
As mentioned before, this is well beyond the scope of support for this plugin. This is the bit you should be doing.
I will however try and help you out and find the time to test this for you this week.
Thanks,
Tom
Forum: Reviews
In reply to: [External Login] excellent plugin from excellent developerThanks for the review @agentmishra 🙂
Forum: Plugins
In reply to: [External Login] unable to login using this pluginYou’re going to owe me a 5* review after this @agentmishra 😛
————————————
Dear Blesta support,I need to be able to validate a user’s password from the database using an external system using PHP.
Given a function that receives the plain text password and the hash for the user stored in the database I am struggling to see how I can validate the password.
I believe it should look something like the following but I am unsure of the key that would need to be passed into the hash_hmac function (see this currently replaced with question marks:
function validatePasswordAgainstHash($password, $hashFromDatabase) { $hmacHashFromPassword = hash_hmac('sha256', $password, '?????????????'); $resultAfterBcrypt = password_verify($hmacHashFromPassword, $hashFromDatabase); return $resultAfterBcrypt; }Am I close?
Thank you for your support.
——————————————–You now need to work with them to get it working on your local code.
You can try running this function with their modifications and passing in the data you’ve given me and making sure it returns true. E.g.
function validatePasswordAgainstHash( '$2y$12$37Vz4b3gvYtpfEoFfB2uyOvL7kt0gfnW.m.584aMqqaBADVA0YQiS', 'password' ) { $validated = // Whatever code they suggested here if ($validated) { error_log('Validated') } else { error_log('Not validated') } return $validated; }If you could write a review I’d be grateful.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] unable to login using this pluginHey @agentmishra,
I’ve made some progress with this.
I’ve created the feature that will allow you to add your own custom authentication checking. The hook gives you:
– the password that the user typed in
– the hash from the databaseIt then allows you to check to see if that password is valid for that hash.
What I haven’t been able to get working is to make this work with Blestas hashing method.
The code that you will need to add to your functions.php file will look something like this:
function myExlogHashAuthenticator($password, $hashFromDatabase) { $hmacHashFromPassword = hash_hmac('sha256', $password, '?????????????'); $resultAfterBcrypt = password_verify($hmacHashFromPassword, $hashFromDatabase); return $resultAfterBcrypt; } add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 2);However I do not know what the key that needs passing into the hash_hmac function. You can see I’ve currently added question marks in there.
This is something you’ll have to check with Blesta support.
I have not yet published the code that will make this code work but I thought you might like to start your enquiry with Blesta sooner rather than later.
If you wanted to do some initial testing with this feature before I release it, you can find the code here:
https://github.com/tbenyon/wordpress_external_login_plugin/tree/hashhookI won’t mark this as resolved until I publish the feature in the next release.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] –Block– user role not blockingHey @geckonet,
I’ll do as you recommend and close this for now.
If you have any more issues just come back here and we’ll make this a live issue again.
In the meantime, if you get a chance, I’d be REALLY grateful if you could write me a one line review.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] –Block– user role not blockingHey @geckonet,
I have just tested this and it is working completely as expected my end using 1.7.1 and 5.2.1.
Once you change the setting in the plugin to make that user role blocked you should get an error next time you try to login that says “You are not allowed access”.
In case you’re interested and technically minded you can see the logic for this feature in this file:
login/authenticate.php$block_access_due_to_role = true; foreach ($roles as $role) { if ($role != EXLOG_ROLE_BLOCK_VALUE) { $block_access_due_to_role = false; } } // If a user was found if ($response) { // If role is blocking user access if ($block_access_due_to_role) { $user = new WP_Error('denied', __("You are not allowed access"));Are you sure you’ve written the role to be blocked in the same CaSe as it is in the database?
To help you diagnose further you could modify the snippet of code I shared with you above to the following and then look at your php error logs to see what it is doing:
$roles = exlog_map_role($response['role']); 

$block_access_due_to_role = true;
 error_log('---------EXLOG: STARTING ROLE CHECKING---------'); 
error_log('---EXLOG: ROLES:'); 
error_log(var_export($roles, true));
 foreach ($roles as $role) {
 error_log('-----EXLOG: ROLE:');
 error_log(var_export($role, true)); 
 error_log('-----EXLOG: CHECK:'); 
 error_log(var_export(EXLOG_ROLE_BLOCK_VALUE, true)); 
 error_log('-----EXLOG: ARE THEY NOT EQUAL?:'); 
 error_log(var_export($role != EXLOG_ROLE_BLOCK_VALUE, true)); 
 if ($role != EXLOG_ROLE_BLOCK_VALUE) {
 $block_access_due_to_role = false; 
 }
 } 

error_log('-----EXLOG: FINAL - Should we block em?!');
error_log(var_export($block_access_due_to_role, true));
error_log('---------EXLOG: END ROLE CHECKING---------');

// If a user was found
if ($response) {This shows in my error logs when I do NOT have a blocked role set in the external database:
[15-Jun-2019 13:15:14 UTC] ---------EXLOG: STARTING ROLE CHECKING--------- [15-Jun-2019 13:15:14 UTC] ---EXLOG: ROLES: [15-Jun-2019 13:15:14 UTC] array ( 0 => 'administrator', ) [15-Jun-2019 13:15:14 UTC] -----EXLOG: ROLE: [15-Jun-2019 13:15:14 UTC] 'administrator' [15-Jun-2019 13:15:14 UTC] -----EXLOG: CHECK: [15-Jun-2019 13:15:14 UTC] 'exlog_block' [15-Jun-2019 13:15:14 UTC] -----EXLOG: ARE THEY NOT EQUAL?: [15-Jun-2019 13:15:14 UTC] true [15-Jun-2019 13:15:14 UTC] -----EXLOG: FINAL - Should we block em?! [15-Jun-2019 13:15:14 UTC] false [15-Jun-2019 13:15:14 UTC] ---------EXLOG: END ROLE CHECKING---------This shows in my error logs when I do NOT have a blocked role set in the external database:
[15-Jun-2019 13:17:02 UTC] ---------EXLOG: STARTING ROLE CHECKING--------- [15-Jun-2019 13:17:02 UTC] ---EXLOG: ROLES: [15-Jun-2019 13:17:02 UTC] array ( 0 => 'exlog_block', ) [15-Jun-2019 13:17:02 UTC] -----EXLOG: ROLE: [15-Jun-2019 13:17:02 UTC] 'exlog_block' [15-Jun-2019 13:17:02 UTC] -----EXLOG: CHECK: [15-Jun-2019 13:17:02 UTC] 'exlog_block' [15-Jun-2019 13:17:02 UTC] -----EXLOG: ARE THEY NOT EQUAL?: [15-Jun-2019 13:17:02 UTC] false [15-Jun-2019 13:17:02 UTC] -----EXLOG: FINAL - Should we block em?! [15-Jun-2019 13:17:02 UTC] true [15-Jun-2019 13:17:02 UTC] ---------EXLOG: END ROLE CHECKING---------Tom