Login problems

  • Resolved zweihochvier

    (@zweihochvier)


    8 years, 6 months ago

    I upgraded to the latest version of phpBB and all the php warnings dissappeared and I thought everything is fine now, having uninstalled WP United, using “WP w3all phpBB”.

    When I tried to change my password in phpBB, everything is fine and I can login in WP also.
    When login in WP, without having changed my password in phpBB, the login failes.
    My customer called me today and didn’t had a chance to login with his old account. When setting a new user everything is fine.

    What can I do that also the login / password change in WP works. It seems like phpBB has a higher priority in the user administration and I would like to make it work.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author axew3

    (@axewww)

    Hello, just looking … ok maybe another fix for 1.5.0.
    Please, can you try to:
    Open:

    wp-content/plugins/wp-w3all-phpbb-integration/addons/ext_plugins_fixes.php

    Search for line:
    } else { $role = 'subscriber'; }
    immediately after add the follow:

    		  	     
$changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wp_user_data->user_login, 0);

	 if ( $changed !== false ){ 
	 	
      $hash = $changed;
    }
    if ( strlen($hash) <= 32 ) {
        $check = hash_equals( $hash, md5( $password ) );
        if ( $check && $user_id ) {
            wp_set_password($password, $user_id);
            $hash = wp_hash_password($password);
            $userdata->user_password = $hash;
        }
     }

    Resolved?

    • This reply was modified 8 years, 6 months ago by axew3.
    • This reply was modified 8 years, 6 months ago by axew3.
    • This reply was modified 8 years, 6 months ago by axew3.
    • This reply was modified 8 years, 6 months ago by axew3.
    Plugin Author axew3

    (@axewww)

    look that i’ve just edit the code above, if not it was return an error maybe:
    so look that the line
    $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wp_user_data->user_login, $is_phpbb_admin);
    has been modified to be:
    $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wp_user_data->user_login, 0);
    or will not work.
    Just to be sure, you try out the right version, as i can’t know if you’ve already read the above, prior my correction.
    Let know.

    Plugin Author axew3

    (@axewww)

    No sorry, let the above … just looking …
    the problem is maybe that users are added with same MD5 password (that should be not recognized by wp) as on phpBB without being re-hashed: loooking for a fast fix i will reply a soon i can.

    • This reply was modified 8 years, 6 months ago by axew3.
    Thread Starter zweihochvier

    (@zweihochvier)

    thank you. Waiting for your answer.

    Plugin Author axew3

    (@axewww)

    Sorry for the wrong above.
    Starting from the thing i can’t reproduce the problem, i think it can come out due to old MD5 passwords on phpBB.
    So, maybe this is the fix, that should resolve (if the problem come out due to different hash as i think)

    Open:
    wp-content/plugins/wp-w3all-phpbb-integration/addons/ext_plugins_fixes.php
    search for:
    $wp_user_data = get_user_by('login', $w3all_uap[0]);
    and immediately after add this code:

    // If the hash is still md5...
    if ( strlen($userdata->user_password) <= 32 ) {
        $check = hash_equals( $userdata->user_password, md5( $w3all_uap[1] ) );
        if ( $check && $wp_user_data->ID ) {
            // Rehash using new hash.
            wp_set_password($w3all_uap[1], $wp_user_data->ID);
            $hash = wp_hash_password($w3all_uap[1]);
        }
        
        $test_pass = wp_check_password($w3all_uap[1], $hash, $wp_user_data->ID);
     
        		  	if( $test_pass === true ){ 
   
   		  	  	    WP_w3all_phpbb::phpBB_user_session_set_res($wp_user_data);
   		  	  	   
         	   return;
   		  		
   		  	}
     
     }

    Please let know if it resolved.

    • This reply was modified 8 years, 6 months ago by axew3.
    Plugin Author axew3

    (@axewww)

    Nothing, i presume not resolved, because the problem should not be the one i’ve think above, as
    i’ve find out right now a moment to setup an MD5 pass into phpBB for an user, so i’ve try to login into WP (when user still was not added into WP, and after), and all run ok. I can’t reproduce at moment. The pass is hashed correctly and converted in WP if MD5 in phpBB, and, even if the user pass in phpBB isn’t updated by wp_w3all onlogin (as instead happen when profile is updated in wp), the user is correctly logged in.

    I’m just now logging in/out the use ‘Monster’ with MD5 pass in wp to test out new avatars features, that are little hard to be applied into last post widget. For the rest, avatars from phpBB feature is +- ready. Just to mention as this have nothing to do about your problem.

    p.s maybe Wp United plugin had hash password for users in a way that only is recognized by the plugin? It is strange if it is, and if it is the case, than you can only ask to your users to reset their passwords in phpBB.

    If user have been added into WP, due to the fact he have try to login in WP, (also) failing (but user will be in any case added, so can choose after to reset pass in WP, that will be so updated also in phpBB), can also choose to reset pass in Wp. But almost a login need to be executed in this case on wp side, by the user. That +- all the logic behind the joke.

    • This reply was modified 8 years, 6 months ago by axew3.
    Thread Starter zweihochvier

    (@zweihochvier)

    Could you send me the whole code of the “ext_plugins_fixes.php”.
    I tried to built in both varieties but the first one produced php syntax problems, for the second one i could not find the right line to paste the script.

    thanks

    Plugin Author axew3

    (@axewww)

    Hello, no in true i’ve think that this could be the problem, but as explained, i’ve after setup an md5 passw for an user, and logged it him successfully into WP without any code modification, so think the problem was not that i’ve think to be about MD5 old passwords.
    By the way, this was the code in case:

    <?php
//// workaround for some plugin that substitute wp-login.php default login page
//// ... but that DO NOT reset $_POST array (like some frontend ajax login widget plugin do)

// to detect if we are onlogin in WP

   		$w3all_check_ext_login = 0; 
   		
   			foreach ($_POST as $key => $value) {
          if( strstr($key,'username') OR strstr($key,'password') OR strstr($key,'log') OR strstr($key,'pwd') OR strstr($key,'user_login') OR strstr($key,'login_user_pass') ){
          
           $w3all_uap[] = $value;
   		  	 $w3all_check_ext_login++;
   		  	 $w3all_on_ext_login = true;
   		    }
   		     if(strstr($key,'rememberme')){
   		    	$phpbb_k_val_yn = (empty($value)) ? 0 : 1;
   		     }
   		     
   		  }

	function wp_w3all_detect_login(){
		
    global $w3all_check_ext_login, $w3all_uap, $phpbb_k_val_yn;

   		if(  $w3all_check_ext_login > 0 ) {

  $pattern = '/^.*@[-a-z0-9]+\.+[-a-z0-9]+[\.[a-z0-9]+]?/'; // check if is by email address
  preg_match($pattern, $w3all_uap[0], $uname_email);

  $uname_email = (empty($uname_email)) ? 'login' : 'email';

  $w3all_uap[0] = sanitize_user( $w3all_uap[0], $strict = false );
   		
   		  $wp_user_data = get_user_by($uname_email, $w3all_uap[0]);
   		  
   if ( empty($wp_user_data) ){ // this user need to be added also 
       
   		  	$userdata = WP_w3all_phpbb::wp_w3all_get_phpbb_user_info($w3all_uap[0]);
   		  	
   		  	
   		 // If the hash is still md5...
    if ( strlen($userdata->user_password) <= 32 ) {
        $check = hash_equals( $userdata->user_password, md5( $w3all_uap[1] ) );
        if ( $check && $wp_user_data->ID ) {
            // Rehash using new hash.
            wp_set_password($w3all_uap[1], $wp_user_data->ID);
            $hash = wp_hash_password($w3all_uap[1]);
        }
     
     }  	
   		  	
   		  	      

   	 if( !empty($userdata) && $userdata->user_id > 2 ){
   	 	
   		  	            if( $userdata->user_type == 1 ){
   		  	            	$role = '';
   		  	             } else { $role = 'subscriber'; }    	
   		  	             	
   		  	    $userdata = array(
               'user_login'       =>  $userdata->username,
               'user_pass'        =>  $hash,
               'user_email'       =>  $userdata->user_email,
               'user_registered'  =>  date_i18n( 'Y-m-d H:i:s', $userdata->user_regdate, false ),
               'role'             =>  $role
              );
               
           $user_id = wp_insert_user( $userdata );
           // we should return errors if something wrong here
           // ... check this user give us correct credentials
           $wp_user_data = get_user_by('ID', $user_id);
   		  	     
           $test_pass = wp_check_password($w3all_uap[1], $wp_user_data->user_pass, $wp_user_data->ID);
        
   		  	if( $test_pass === true ){ 
   
   		  	  	    WP_w3all_phpbb::phpBB_user_session_set_res($wp_user_data);
   		  	  	   
         	   return;
   		  		
   		  	} else {  unset($wp_user_data,$userdata,$w3all_uap); return; }  
  
   	 }
                     
  }
                  
      if(!empty($wp_user_data)){ // user already exist
   	
                     	  $test_pass = wp_check_password($w3all_uap[1], $wp_user_data->user_pass, $wp_user_data->ID);

   		  	if( $test_pass === true){

   		  			  WP_w3all_phpbb::phpBB_user_session_set_res($wp_user_data);		 
              return;
   		  		 
   		  	} else { unset($wp_user_data,$userdata,$w3all_uap); return; } 
               	
   	} 
 
  } else {
  	unset($w3all_uap);
  }
} 	

// workaround 

    add_action( 'init', 'wp_w3all_detect_login', 1 );  	
  
//// END workaround for some plugin that substitute wp-login.php default login page

?>
    • This reply was modified 8 years, 6 months ago by axew3.
Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Login problems’ is closed to new replies.