tbenyon

Hey @intlabnz,

Thanks for taking the time to write a review!

Good luck with the project,

Tom

Hey @gareth7923,

Apologies for the delayed response.

I’ve had a quick look and this does get complicated and having two plugins modifying the authentication workflow is always going to have the potential for bugs going forward, even if you get it working now.

This is because External Login and UM (Ultimate Member) both seem to hook into WordPress’ authentication filter. In UM:
– add_filter( 'authenticate', 'um_wp_form_errors_hook_ip_test', 10, 3 );
– add_filter( 'authenticate', 'um_wp_form_errors_hook_logincheck', 50, 3 );
In External Login:
– add_filter('authenticate', 'exlog_auth', 10, 3);

The problems start coming because:
– The prioritisation between plugins can cause issues, both plugins hook in at a priority of 10 – which goes first?
– If one changed their priority is that going to break functionality for other users?
– External Login relies on disconnecting the standard WordPress tie in to this hook to prevent logging in with the local WordPress user in certain setting flows, it may also need to cancel login flows with this plugin – I’m not sure what it does when it filters.

For this reason it becomes a very customised job. You would need to pay a developer to do this work for you. You would then also want to carefully monitor changes to either plugin to ensure no future releases cause future bugs.

I’m happy to discuss adding additional hooks / actions that would help with this integration work if you have someone that could advise what would be useful.

Essentially it would need to fire the exlog_auth function on filtering the front end login flow.

I’m going to mark this as resolved as compatibility between plugins is outside of the scope of this support but I’m more than happy that you continue to ask questions and I’ll do my best to answer 🙂

Thanks,

Tom

Apologies @palstalk but WordPress forbids offering private work through the forum.

This should be work that any WordPress developer can easily pick up and of course if there are any questions specific to this plugin I am more than happy to support them in the forum.

Sorry I cannot be of more help.

Kind regards,

Tom

This thread has gone stale so I’m marking as resolved.

Please feel free to come back with questions if you have any 😊

Hey @adailtonphp,

Thanks for taking the time to write a review.

It’s much appreciated 🙂

Really glad it’s all working for you 🙂

Hey @adailtonphp,

Another set of logs for you to add to the external-login/login/authenticate.php file:

// If user was authenticated
            } else if ($response["authenticated"]) {
                error_log('-------------exlog authenticated --------');

                // External user exists, try to load the user info from the WordPress user table
                $userobj = new WP_User();
                $user = $userobj->get_data_by('login', $response['wp_user_data']['username']); // Does not return a WP_User object 🙁
                $user = new WP_User($user ? $user->ID : NULL); // Attempt to load up the user with that ID

                $exlog_userdata = array(
                    'user_login' => $response['wp_user_data']['username'],
                    'first_name' => $response['wp_user_data']['first_name'],
                    'last_name'  => $response['wp_user_data']['last_name'],
                    'role'       => $roles[0],
                    'user_email' => $response['wp_user_data']['email'],
                );

                error_log('-------------exlog built user data--------');

                // Only update the WordPress user's password if it has changed
                // Without this all other sessions for the user gets cleared
                $check = wp_authenticate_username_password( NULL, $username , $password );
                if (is_wp_error( $check )) {
                    $exlog_userdata['user_pass'] = $password;
                }

                error_log('-------------exlog do they already exist??? --------');
                // If user does not exist
                if ($user->ID == 0) {
                    error_log('-------------exlog end $user already existed so updating --------');
                    // Setup the minimum required user information

                    $new_user_id = wp_insert_user( $exlog_userdata ); // A new user has been created

                    // Load the new user info
                    $user = new WP_User ($new_user_id);
                } else {
                    error_log('-------------exlog end $user does not exist so creating --------');

                    $exlog_userdata['ID'] = $user->ID;

                    add_filter('send_password_change_email', '__return_false'); // Prevent password update e-mail

                    wp_update_user($exlog_userdata);
                }

                $user->set_role($roles[0]); // Wipe out old roles

                // Add roles to user if more than one
                foreach ($roles as $role) {
                    $user->add_role($role);
                }

                // Hook that passes user data on successful login
                do_action('exlog_hook_action_authenticated', $user, $exlog_userdata, $response['raw_response']);
            }
        }

        // Whether to disable login fallback with the local WordPress version of the username and password
        // Prevents local login if:
        // - Disable local login  is set in the admin area
        // - OR
        // - The user was found but the password was rejected
        if (exlog_get_option('external_login_option_disable_local_login') == "on" || is_wp_error($user)) {
            remove_action('authenticate', 'wp_authenticate_username_password', 20);
            remove_action('authenticate', 'wp_authenticate_email_password', 20);
        }
    }

    error_log('-------------exlog end $user --------');
    error_log(var_export($user, true));

    return $user;
}

Can you confirm if the external user is getting added to the wordpress database?

I’m sure we’ll get there 🙂

Thanks,

Tom

Hey @adailtonphp,

The likely problem is that you have not configured the correct hashing algorithm that the external database uses.

Find out exactly what it does.

If it does not use one of the out of the box hashing algorithms, you can use a plugin hook to replicate the hashing process on the external database.

You can find information about the exlog_hook_filter_authenticate_hash hook in the FAQ.

Here’s a copy of the information . . .
——————————–
You can use this hook to check if the password is correct in a custom way. For example, if you use a hashing algorithm not supported by the plugin by default.

This hook provides you with a range of different information:
– $password – the password that was typed in at the login screen
– $hashFromDatabase – the hash stored in the database
– $username – the username that was typed in in the login screen
– $externalUserData – the rest of the data retrieved from the external database for the user that was found

Returning true will authenticate the user and returning false will treat them as unauthorised.

The below example shows how you could use the filter:

function myExlogHashAuthenticator($password, $hashFromDatabase, $username, $externalUserData) {
    return password_verify($password, $hashFromDatabase);
}
add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 4);

———————————–

I think I’ve answered your questions so I’m going to mark this as resolved.

I’m obviously still happy to answer questions though so feel free to keep messaging back if you have more questions about the plugin 🙂

Thanks,

Tom
🙂