tbenyon
Forum Replies Created
-
Forum: Reviews
In reply to: [External Login] Wow. It Just Works!Hey @rjjacob,
I really appreciate you taking the time to write a review.
The beer money is also very much appreciated and I’m going to specially go to the pub tonight to enjoy at least a pint 🙂
This made my week 🙂
Thank you,
Tom
Forum: Plugins
In reply to: [External Login] Accept Different Password FormatHey Kyle,
Apologies for the delayed response.
You’ve used the word migrate which gives me the impression that the old service will be killed off in replacement for WordPress.
The plugin as it stands is designed for when you’ve got another live service running that handles forgotten passwords and changes to details.
If this is not what you need however we could look at an alternative.
One thing that jumps out at me is that the password hashing method is not ideal in the system you’re currently using for at least one reason I specify in the ‘Security Notes’ for the plugin (speed of hashing algorithm).
For this reason the solution we look at to solve your problem may benefit from converting old user passwords into the way WordPress handles it by default.
Can you confirm that you are looking to kill off the old system and then we can start to discuss what you are looking for.
I could publish another plugin with a lot of the same logic but looking at user migration for you. I think it would be confusing to do what you want in the current plugin for other users.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Usage QuestionHey @rjjacob,
Sounds like you’re all sorted! Please let me know if you have any other questions.
I would be SOOOOOOOO grateful if you could take the time to write a 1 sentence review?
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Active/Inactive UsersHey @anemos2k,
Thanks for your thoughts. I agree with most of what you’ve said but I think in regard to blocking roles, I’ll probably just add to the list of roles to map to block login so it’s all tied in to the drop down. Partly because I can develop that quicker and may iterate a change to the UI later.
It sounds like the checking an additional field is of more importance to you at this stage so I’ll start work on that first.
I think I’ll implement this with a separate section called “Exclude Users”.
It will have:
– A checkbox to activate the functionality
– A box to type the field name where the blocking state is stored
– A text field to type the value that should be blocked
– EXTENSION – Make the text field repeatable so multiple values can be blocked. E.g. if they are marked as “deleted” or “banned”Starting work on this now. Let me know if you are not happy with the above.
Tom
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderHey @roger23e,
Just seeing if this fixed the issue for you too?
If it did would you mind writing a quick review if you have time.
Let me know if you need any further help.
Thanks for the support,
Tom
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderYou’ve made my day Mike!
Thank you very much!
Let me know if you run into any other issues 🙂
Tom
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderOh sorry just seen your message, haven’t changed a thing. Maybe your JS was cached.
Apologies for it not working first time!
Could you please write me a review, I’d be really grateful 🙂
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderI would LOVE to do that but I’ve been told off before for this by the moderation team.
Although you hypothetically could find me on FB or Linked In I can’t share contact information on here or gain access to your system due to security issues. Which makes sense as it would mean developers potentially getting access to peoples live systems – potentially with malicious intent.
Are you running this site locally or on a server? Are you comfortable modifying some code for me to add more logging to the local JS?
The file that is doing this check is here:
/wp-content/plugins/external-login/js/exlog_test.jsCould you swap the code to:
(function ($) { $(function () { var $modal = $(".exlog_modal"); var $loader = $(".exlog_loader_container"); var $modal_content_container = $(".exlog_test_results_inner_container", $modal); var $modal_test_results = $(".exlog_test_results", $modal); var $modal_error = $(".exlog_test_fail", $modal_content_container); var $modal_error_title = $(".exlog-error-title", $modal_error); var $modal_error_message = $(".exlog-error-message", $modal_error); var $wordpressBaseUrlContainer = $('[data-exlog-wp-base]'); var wordpressBaseUrl = $wordpressBaseUrlContainer.attr('data-exlog-wp-base'); console.log("EXLOG - Base container length: ", $wordpressBaseUrlContainer.length); console.log("EXLOG - Base container URL: ", wordpressBaseUrl); var error_messages = { unknown: { title: "Error", message: "This is an unknown error." }, lost: { title: "Error", message: "Could not access the server to run the test." }, server: { title: "Error", message: "There was an error on the server." }, empty_result: { title: "Error", message: "No data returned from the server. Please check your settings." } }; var error_codes = { 100: error_messages.unknown, // Ajax returned, unknown error 101: error_messages.unknown, // Unknown error passed to error handler 404: error_messages.lost, // 404 from Ajax 500: error_messages.server, // 500 from server - see test_results.php? 501: error_messages.server, // String of "0" returned - caused by missing function? 502: error_messages.server, // 500ish error from Ajax 600: error_messages.empty_result, // Empty AJAX response 601: error_messages.empty_result // Blank string AJAX response // 999: ???????????????????????? // Hard coded in markup case this system fails }; function errorMessageState(error_code) { console.log("EXLOG - Error message state ran"); console.log("EXLOG - Error code: ", error_code); if (!error_code) { $modal_error.hide(); } if (!error_codes.hasOwnProperty(error_code)) { error_code = 101; } console.log("EXLOG - Error code validated: ", error_code); var error_data = error_codes[error_code]; console.log("EXLOG - All error codes: ", error_codes); console.log("EXLOG - Error data: ", error_data); console.log("EXLOG - Error title length: ", $modal_error_title.length); console.log("EXLOG - Error message length :", $modal_error_message.length); $modal_error_title.text(error_data.title + ": " + error_code); $modal_error_message.text(error_data.message); $modal_error.show(); } $(".exlog_close_button", $modal).click(function () { $modal_error.hide(); $modal.hide(); $modal_test_results.text(""); }); $("input.exlog_test_connection").click(function () { $modal.show(); $loader.show(); var data = { 'action': 'exlog_test_connection', 'test_results': 10 }; console.log("EXLOG - Error AJAX about to run."); console.log("EXLOG - Base URL = ", wordpressBaseUrl); console.log("EXLOG - Whole URL = ", wordpressBaseUrl + "/wp-admin/admin-ajax.php"); $.ajax({ type: "GET", url: wordpressBaseUrl + "/wp-admin/admin-ajax.php", data: data, success: function (data) { if (!data) { errorMessageState(600); $modal_error.show(); } else if (data == "") { errorMessageState(601); $modal_error.show(); } else if (data === "0") { errorMessageState(501); $modal_error.show(); } else { $modal_error.hide(); $modal_test_results.append(data); } $loader.hide(); }, error: function (xhr, ajaxOptions, thrownError){ if(xhr.status == 404) { errorMessageState(404); } else if (xhr.status === 500) { errorMessageState(500); } else if (Math.floor(xhr.status / 100) === 5) { errorMessageState(502); } else { errorMessageState(100); } $loader.hide(); } }); }); }); }(jQuery));I would then be interested to see what console logs you now get.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderThanks for the quick response.
Are you getting any errrors in the console?
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderHey Mike,
Really sorry.
Can you please check something for me?
Could you please check the options page container with the class “exlog_options_page”. It should have a data attribute called “data-exlog-wp-base” which should store your site url.
I would expect it to be “https://mywebsite/portal/blog“.
The JS should be using that as the base for the request.
If it is there, the front end JS isn’t grabbing that correctly or not using it correctly.
If it is not there I know there is a PHO issue.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderHey @mikecoles and @roger23e,
Could you download the latest update and see if it fixes your issue.
If it does PLEASE write a 5 star review! 🙂
If not get straight back to me with what you’re seeing and I’ll have another go!
Thanks for the support!
Tom
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderHi Mike,
Had a look at this today and I’ve fixed it on my local copy.
I’m just doing tweaks to the error message you should have gotten.
However, the issue was isolated to the test button so the actual integration should work.
As always, backup your db before testing.
I’ll send another message once I’ve got it deployed. Won’t be home till late tonight and daughter is sick so you may have to wait till tomorrow.
If it makes a big difference to get this out in the next few later tonight (UK time) let me know and I’ll stay up and get it done.
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] Password HashingHey @windly,
I hadn’t heard of AES_ENCRYPT until you mentioned it but I’ve had a little read.
Under my sign off I’ve just flagged some potential security concerns. Please feel free to disregard as you may well have this all in hand and know more than me.
To be able to get this working from you I need to know more about your implementation.
From reading it appears that AES_ENCRYPT takes two arguments. The first would be your users password and the second would be a key string (which I will refer to as the salt as I believe it takes on this role in password hashing).
Is the ‘salt’ just a string? I can see this using the current salt integration in the plugin so it could be from a different field or a single string. If you’re doing something different let me know. I noticed some AES examples hashed a string for example.
Thanks David,
Tom
Please feel free to disregard this comment but I would encourage you to read the section “Hash and Salt Your Users’ Passwords” from this article. It will show some of the potential limitations and security risks to your users in this password securing method. I haven’t read about this method fully and I don’t yet know your full implementation but my initial concerns would be surrounding:
– The algorithm being too fast to calculate making brute force attacks easier
– That the algorithm is not a hash but a two way encryption meaning that developers could have the potential to access users passwords (depending on your implementation
– Not using unique salts?Not judging as you might have this all in hand, just sharing 🙂
Forum: Plugins
In reply to: [External Login] Active/Inactive UsersHey @anemos2k,
I find it hard to choose which features to add and how to implement them. My goals are:
– To not overcomplicate the user experience of the plugin
– To prioritise features that will be of use to as many users as possibleI welcome your opinion in making this decision.
I’ve had another user that had a feature request similar to yours but you have flagged one downside to it.
The feature would be to allow you to choose another field in the external user table that represented if the user was allowed to log in or not. The complication comes if there are more than two states in that field. I would have to allow the UI to accept “if this is true and not this” etc.
One downside would be that if a user logged in once, they had that field changed, the external db was offline and the WP data was being used this would not get updated. This is the nature of all systems getting out of sync. I could make it so that when a user logs in and they are not allowed to login – if a user is in the WP database – delete them.
Or I could make it so certain roles from the external login are not allowed to login. I could add “No login” instead of a role to the role mappings section and bloke those roles.
Advice welcome on which approach!
Regarding the SQL query, my plan was to not allow the user to modify the authentication query for logging in, but to write a PHP function that developers would be able to call on pages to query the external database. It would use the credentials stored in the plugin but allow a developer to easily grab more data and I could just return the results as a PHP array.
Is this what you had in mind or not really?
Thanks,
Tom
- This reply was modified 7 years, 7 months ago by tbenyon. Reason: Clarity and typos corrected
Forum: Plugins
In reply to: [External Login] DB Connection Issue when WP in sub folderHi Mike,
Sounds like a cock up my end.
I forgot to cater for WP installed in sub-directories.
I’ll start looking at this on my lunch break today and will keep you posted.
If you haven’t had an update from me by tomorrow evening, feel free to chase me 🙂
Thanks for the detailed explanation and apologies for not getting this right first time round!
Tom