tbenyon
Forum Replies Created
-
Forum: Plugins
In reply to: [External Login] Values ββare truncated to a maximum of 10 charactersHey @vartolomej,
The plugin doesnβt migrate users automatically. When a user goes to login, it will then try to authenticate them using the external users.
It will then create that user in the WordPress database.
Does this answer your question?
Forum: Plugins
In reply to: [External Login] Values ββare truncated to a maximum of 10 charactersHi @vartolomej,
Apologies – I should make this clearer – I truncate them just for the test data to present nicer and so as not to disclose too much personal data unnecessarily.
I shall add something that explains this in the next release.
Thanks for checking in though π
I’ll mark this as resolved for now but would love to hear back if you get it all setup and working and also if you have any further questions,
Thanks,
Tom
Forum: Plugins
In reply to: [External Login] password resetI did Rene – I really appreciate it – thank you very much! π
I promise you it will only go towards the best beer! π
I’ll mark this as resolved for now however I’m sure someone will ask me to re-open this in the future.
Thanks again and good luck with your project,
Tom
Forum: Plugins
In reply to: [External Login] password resetHey Rene,
I vaguely remember starting to work on something for someone a long while ago but they suddenly dropped off the radar. It is not a feature I’m excited about writing to be honest. I’m concerned that it adds risk as it would be the first feature to do any writing to the external database.
It gets more complicated as we’re starting to talk about syncing. At the moment, when you login to WordPress we create (or update) a user from the external database in WordPress’ database. Every time the user logs in from the external database we update the information. That does mean that if a user updates their password on the external system it doesn’t immediately update in WordPress – only when they next try to login. If the external password is unobtainable, due to a failed request or the database being down, the user is then able to login to WordPress with the old password. This is why I added the disable local login feature for those that want to prevent local login and ensure that the user is always using the password in the external database.
I think I would similarly have to enforce the use of this strict link to do this as, if a password change was requested in WordPress I would first have to make sure that the password matched the requirements in WordPress and then firstly update it in the external database, ensure that was successful before updating in WordPress. Otherwise if the request failed we’d have passwords out of sync.
It also raises the question of if other information (such as e-mail address) is updated in WordPress, should this be synced. This adds a lot more complexity which I won’t go in to now. At the moment, any of the data that is pulled from the external database will always write over what is in WordPress when the user next logs into WordPress.
As another thought if both WordPress and the External Database are currently in use – often the external database will have a reset password flow. A tidier solution for some users would be to modify the reset password feature within WordPress and replace it with a button that links the user to the external systems reset password flow. This is better in a lot of ways as this means only one reset password flow is managed. There are different ways to reset a password so it is probably best to only have one system handle this. I could understand however that some people would rather have WordPress be the way to handle this.
Wow I’ve really rambled at you π Apologies. This was mostly me just thinking out loud regarding how this would even be tackled but I wanted to voice as I’d be interested in the perspective of yourself and other users.
To be completely honest, If I do work on this feature, I think it would be the first feature I would add to a pro version of the plugin due to the time it’ll take to write and support.
Please let me know your thoughts Rene,
Thanks,
Tom π
Forum: Plugins
In reply to: [External Login] Can’t login and Undefined IndexHey Rene (@ketr64),
Glad to hear yours has progressed!
I may make a testing system in the admin area in the future so users can test they are using the correct hash algorithm.
If your hashing system is using something more customised than what the settings page caters for there is a hook that you can use to write custom. More details on this in the FAQ for the plugin but feel free to come back here if you have any questions.
Thanks,
Tom π
SIDE NOTE
I’m sure you have everything in hand but using just sha512 to hash your passwords is not the most secure but you may well be putting in additional steps. Bcrypt is a good way to go as it handles custom salts for each password, slow hashing and future proofing by via rounds. More detail in the Security Notes section on the main pluguin page πForum: Plugins
In reply to: [External Login] Can’t login and Undefined IndexHey @torrespri,
Sounds like this is a new error. Presumably this one is called because weβve got passed the last one.
Iβm still confused why when Iβm trying to use the same versions you specified that Iβm not seeing the same errors in the php error log.
Thereβs over 1000 sites using the plugin successfully so Iβm intrigued to know how this issue has only cropped up now by two users.
It feels like we must be using a different version of PHP. Very strange.
I could fix this error again without being able to replicate it but we might be on a continuous cycle.
Iβm going to do more research this evening to see what else could be the difference between our setups.
Thanks for keeping me posted and Iβll endeavour to do the same π
Forum: Plugins
In reply to: [External Login] Conflict with other plugin (Logged in)Hey @danilocubrovic,
I just wanted to let you know that I have added your feature request of being able to give custom error messages for the exclude hook.
Now if you return a string the user will be blocked and the string will be used as the error for the user. Heres an example:
function myExlogCustomExcluder($userData) { return strtotime($userData['expiry']) < strtotime('now') ? 'Your account has expired' : false; } add_filter('exlog_hook_filter_custom_should_exclude', 'myExlogCustomExcluder', 10, 1);The change is in release 1.11.0.
Thanks,
Tom π
Forum: Plugins
In reply to: [External Login] Simultaneous user sessionsHey @johnfields,
Spent all morning on this it was a ‘fun’ one :P.
It turns out WordPress destroys all sessions when a user’s password is updated. Because I was updating the user’s password every time they login, this was always kicking out other sessions.
I now only update the password if it has changed. The important thing to note is that if the external password has changed then the users sessions will be killed on other browsers which I’m sure you’ll agree is the correct behaviour.
The change is released as version 1.11.0.
Please let me know if this has resolved your problem,
Thanks,
Tom
- This reply was modified 5 years, 6 months ago by tbenyon.
Forum: Plugins
In reply to: [External Login] Can’t login and Undefined IndexHey @torrespri and @ketr64,
Just an update to let you know that although I could not replicate this error, I have made a change to the code so that this error cannot happen. The change is released as version 1.11.0.
Could you please let me know if this has resolved your issues?
Thanks for your support,
Tom Benyon π
Hey @chuckmo,
I haven’t heard back so I’m going to mark this issue as resolved.
If this is not the case, please don’t hesitate to get back in contact.
Thanks,
Tom π
Forum: Plugins
In reply to: [External Login] Simultaneous user sessionsHey @johnfields,
Hope you’re well. I’ve just sat down and run the experiment I mentioned above.
I cannot replicate the issue you have mentioned. I’ve got a base install and with the plugin active and working using the base WordPress theme and just this plugin installed I can login in both my standard window and an incognito window. I can then continue to navigate in WordPress with both sessions.For this reason I believe your issue is not to do with this plugin. For this reason, I’m going to mark this as resolved. However, if you do other tests and you believe this is wrong just message back here with replication steps and I’ll be happy to have a further look. πAfter thinking I couldn’t I may have been able to replicate – will keep you posted – I’m continuing to look into this.
Thanks John,
Tom
Forum: Plugins
In reply to: [External Login] Can’t login and Undefined IndexThanks @torrespri and @ketr64 for keeping me posted. Will update you at the weekend.
π
Forum: Plugins
In reply to: [External Login] Can’t login and Undefined IndexHey @ketr64,
βNotice: Undefined index: required in /var/www/wordpress/wp-content/plugins/external-login/views/form_elements/text_field.php on line 18β
This is just a “notice” it’s not an error as such. It’s basically because I have set
trueto form items that are required but not set anything for ones that are not. PHP warns you that you’ve not set anything. I will make a change for this in the future to get rid of the notification but it won’t break the functionality.Also, when I try to login, I have the following error message:
βError: The indicated user could not be found.β and βNotice: Trying to get property βIDβ of non-object in /var/www/wordpress/wp-content/plugins/external-login/login/authenticate.php on line 41β as well as βNotice: Undefined property: WP_Error::$ID in /var/www/wordpress/wp-includes/class-wp-user.php on line 171βI can add some additional safeguarding to protect this from happening but it seems strange that you’re getting this error on that line of code. I’m curious to know if you’re using a particularly old version of WordPress? Do you know your version?
Could you also advise which version of PHP you are running? I’m just surprised you’re getting this error as it is expected that that line will not always find a user and no one else has ever reported an error getting returned – it normally just indicates to the plugin that it should be creating a new user rather than updating the one that’s already been setup in the WordPress database.These PHP and WordPress versions should help me replicate this issue locally.
Thanks Rene,
Tom
Forum: Plugins
In reply to: [External Login] Tom, can you install this for me, for a fee?Hey @sadgrove and @yaroslavx2,
Sounds great that you sorted your issue @yaroslavx2 – well done π
@sadgrove, unfortunately I am not allowed to contact users outside of the forum so I will not be able to help you. I am a developer like any other however so I would suggest you reach out to another developer to see if they can support you with your project.
If you or they have questions specifically about setting up the plugin that can’t be found in the instructions on here or in the FAQ I am of course happy to assist.
I’ll mark this as resolved for now but if you have more questions feel free to post back here.
Thanks,
Tom
π
Forum: Plugins
In reply to: [External Login] Simultaneous user sessionsHey @johnfields,
Really sorry for the delay in getting back to you work and home life has been busy – sincere apologies.
I would be very surprised if the plugin was changing this functionality in anyway because it just uses the authentication hook to either return a user or an error (if they are not authenticated).
However I am not saying for sure this is the case. I’m going to set some time aside at the weekend to see if I can replicate this. This should be pretty straight forward to see if it is this plugin causing the issue. On my local copy I plan to deactivate the plugin and try and login and then again on a private browser session. I’ll then activate the plugin and try this again.
If you have time to experiment with this before I do I welcome your feedback π
If it is the plugin causing this I will of course delve deeper and find out why this is happening π
Thanks John,
Tom