tbenyon

Hey @quantumco,

Firstly, your English is incredible! Everything you’ve written has been exceptionally clear. 🙂

So I’ve had a look at that plugin for you and I can see how the hash is being used in lib/Crypto/SSHA.php:

    public function checkPassword($password, $dbHash, $salt = null)
    {
        $saltedPassword = base64_decode(
            preg_replace("/" . $this->getPrefix() . "/i", "", $dbHash)
        );
        $salt = substr($saltedPassword, -(strlen($saltedPassword) - $this->getHashLength()));
        $hash = self::ssha($password, $salt);

        return hash_equals($dbHash, $hash);
    }

As this is a unique solution I will not be adding it directly to the plugin. However, I am going to try and go out of my way and write you the code for the hook that will integrate with the plugin.

If I succeed, I’d be grateful if you could write a review or even buy me a beer.

Will try and get back to you soon . . .

🙂

Hey @quantumco,

I may be able to help you with this.

Could you please create a new user with the password “password” and share with me the hash that is generated so that I can experiment?

Thanks,

Tom 🙂

Hey @anand_jodawat,

Great to hear you’ve made a good start and the test connection is working correctly 🙂

You’re correct that if the hash is wrong, you will get this error.

There is an infinite amount of possibilities for hashing configuration. The most common are supported in the options menu of the plugin.

If you have a more custom hashing solution, you may need to use the plugins inbuilt hook to script the support needed for your use case.

In regard to know which hashing solution is being used in the external database, you can look at the hash stored in the password field and see if you can see if you can match it up to a pattern shown by one of the supported hashing algorithms. The main plugin page shows examples of hashes for each.

Of course your solution may not be supported at all and will require the use of the built in hash. In such a case, you really need to:
– ask the developer who wrote the external system
– read the code yourself (or pay a developer to) to see what was used
– if the external database is a commonly used system, look at the docs online or Google it 🙂

I think I’ve answers your question so I’ll mark this as resolved but if you have any further questions please don’t hesitate to get back in contact here and I’ll be happy to help 🙂

Thanks,

Tom

Hey @sintwar,

That’s really cool of you. It’s really appreciated.

Have an awesome day 🙂

Tom

Hey @sintwar,

That’s great news 😊

If it all works I’d be grateful if you could write a review or even buy me a beer.

Good luck with your project 😊

Tom

Hey @sintwar,

Thanks for getting in touch.

I have just run through a flow to ensure this feature is working. Here’s what I did:

1. Logged in as USERA who does not exist in any database
2. Tested that the login failed
3. Added the user to the external database
4. Checked that the user was logged in and the user was created in the WordPress DB
5. Made sure disable external login was not activated
6. Deleted user from external database
7. Logged in as user
8. Checked I was authenticated
9. Activated disable local login
10. Logged in again and was not authorised as expected

I imagine this is either some other form of caching in your infrastructure OR you have another plugin that is maybe acting on the WordPress authenticate hash to authenticate users (unlikely).

My suggestions are:

• Check you do not have a level of caching on reading from your WordPress database
• Set yourself back to the default theme and deactivate all other plugins to ensure the flow is not getting effected

If you’ve checked these things and you’re still seeing issues I’ll advise you with some logging code snippets to add into the plugin so that I can help you diagnose the problem.

Let me know how you get on 🙂

Thanks,

Tom

Sounds awesome! Good luck with the project 🙂