tbenyon

This is now deployed so you will be able to download the code / update the plugin in the normal way.

Could you please let me know if it is working for you?

Documentation is here:
https://wordpress.org/plugins/external-login/#what%20hooks%20are%20available%20in%20the%20external%20login%20flow%3F

• This reply was modified 7 years ago by tbenyon.

On your server, you need to replace the external login folder with the one from the download.

You’re current External Login install is in “/home/vwca1/public_html/vwwordpress/wp-content/plugins”. You need to replace the files there to test it.

Let me know how you get on.

Thanks,

Tom

Hey @wburling1,

I wanted to let you know that I’ve finished coding the feature to add in a hook when the user is authenticated from the external database.

I am not going to deploy this just yet as I am going to add one more feature to this release which I am about to start work on (disccussed here).

If however you wanted to download a copy of the code to test it for now you can grab it here.

The hook I have created is an action hook called “exlog_hook_action_authenticated”.

This hook is run after the user has been authenticated from the external database.

This will not run if the user is authenticated from the local WordPress database.

Below is an example of code that could be added to your functions.php file to delete a user from the external database after they have logged in.

/**
 * Example function to do something after External Login has authenticated a user
 *
 * In this case we are deleting the user from the external database
 *
 * WP User Object $wp_user The WordPress user object for the authenticated user.
 *
 * Array $exlog_user_data An associative array of user data generated when attempting to authenticate the user
 */
function my_function_to_do_something_after_authentication($wp_user, $exlog_user_data) {
  // Uses the data provided to the plugin to create the database object and data required for a query
  $db_data = exlog_get_external_db_instance_and_fields('mysql');

  // A query of your choice
  $rows = $db_data["db_instance"]->delete(
    esc_sql($db_data["dbstructure_table"]),
    array( esc_sql($db_data["dbstructure_username"]) => esc_sql($exlog_user_data['user_login']) )
  );

  // Checking if the user was deleted
  if ($rows) {
    error_log('User Successfully deleted from external database');
  } else {
    error_log('Unable to delete user from external database');
  }
}

add_action('exlog_hook_action_authenticated', 'my_function_to_do_something_after_authentication', 10, 2);

I will get back to you when this feature is fully deployed but I’d welcome any feedback in the mean time.

I will respond to your next query in a follow up message.

Thanks,

Tom

Hey Mikkel,

I’m afraid this is not something I have experience in.

If you find out how to make the DB connection over SSH using only PHP code I’d love to hear about it and then we could discuss how it could be integrated in the plugin if that would be of use to you.

Thanks,

Tom

One other thing, if the username is in the external database when a user tries to log in but the password is blank what will happen then?

External Login will check to see if the password that was entered matches the one in the database. For this reason, if the user typed nothing and the password was nothing, they would be authenticated. HOWEVER, at the top of the authentication script I only query the database if the password entered is not blank. So they would not be authenticated.

Thanks,

Tom

• This reply was modified 7 years ago by tbenyon.

Hey @wburling1,

You may already be aware so I apologise in advance for this. Storing password in plain text in a database is incredibly dangerous for your users. For the reasons on why, this article is amazing:
https://martinfowler.com/articles/web-security-basics.html#HashAndSaltYourUsersPasswords

However, the nice thing is that the plugin will help you migrate user’s passwords. When the user logs in and it’s checked the username and password are correct in the external database it uses that password to create a new user in the WordPress database.

The great thing with that is that the password is stored in the WordPress database using Bcrypt which is much safer for your users. The only downside is that those users plain text passwords will still exist in your external database.

To answer your question “I want to use this database with the external login plugin but do not know how to make the password change so the the plugin will allow users log in with their current password.” – This is all handled by the plugin. You don’t have to do anything.

You also asked “I also am not sure where I set a separate salt for each password.” – With Bcrypt the salts are all handled automatically. You don’t have to do anything and your user’s passwords will be using a safe salting method.

If I have misunderstood you and you are talking about the external database using salts please give more details and I’ll try my best to answer your question.

Hope this helps,

Tom

Hey @jmock,

Apologies for the delayed reply. Life’s been busy!

I could add this feature for you if you’re still interested. I think I’ll make a checkbox for it in the “Functionality Settings” section.

So if you tick the “Prioritise Local DB” checkbox, it will check if the username is already in the WP version first. If it is, it will never check the external database and just log you in with those details?

Maybe this should be called “Migration mode”?! The idea being that once a user is migrated, you don’t refer back to them anymore?

Any thoughts before I do the work?

Hey,

Apologies for the delayed reply.

You can download the plugin from the main page.

https://wordpress.org/plugins/external-login/

The feature we discussed has been available since version 1.5.0.

Hope this helps.

Tom