500 server error

To help you further you would have to have a look at your php error logs on your WordPress server and look at your logs on your database server to see if you can see specific errors.

There have been a couple of solutions mentioned in this thread before but it’s hard to say what will solve your issue without you investigating your logs.

The two issues people have mentioned before for this error were:

• The external database having no data
• Not having php mssql extension installed and enabled

Let me know if you find any logs or solve your problem ??

Thanks,

Tom

@tbenyon Thank you for the reply, Below are the logs, the database and the table has data and I am pretty sure the mssql extension is also installed and enabled.

2020-01-10 04:05:51 EXLOG:
2020-01-10 04:05:51 PHP Fatal error: Uncaught Error: Call to undefined function FormatErrors() in *:\******\******\*******\********\wp-content\plugins\external-login\login\db.php:24
Stack trace:
#0 *:\******\******\*******\********\wp-content\plugins\external-login\login\db.php(225): exlog_get_external_db_instance_and_fields(‘mssql’)
#1 *:\******\******\*******\********\wp-content\plugins\external-login\options\testing_ajax.php(7): exlog_test_query(5)
#2 *:\******\******\*******\********\wp-includes\class-wp-hook.php(288): exlog_test_connection(”)
#3 *:\******\******\*******\********\wp-includes\class-wp-hook.php(312): WP_Hook->apply_filters(”, Array)
#4 *:\******\******\*******\********\wp-includes\plugin.php(478): WP_Hook->do_action(Array)
#5 *:\******\******\*******\********\wp-admin\admin-ajax.php(175): do_action(‘wp_ajax_exlog_t…’)
#6 {main}
thrown in *:\******\******\*******\********\wp-content\plugins\external-login\login\db.php on line 24

Awesome! We’re getting there!

Things I think this has told me:

1. I think you’re right that mssql extension is installed as we wouldn’t have otherwise been able to get to this error
2. The error being thrown is an error my end
3. The error is only being thrown because the connection to the database failed. However the error is preventing us from seeing the relevant errors

There is an update I need to make here but to help you get closer to finding the issue, if you’re able to modify the code, can you make the following modification…
In:
\wp-content\plugins\external-login\login\db.php
(around line 22)
Can you change this ….

if( $db_instance === false ) {
	error_log('EXLOG:');
	error_log(FormatErrors(sqlsrv_errors()));
	return false;
}

… to this …

if( $db_instance === false ) {
	error_log('EXLOG:');
	error_log(var_export(sqlsrv_errors(), true));
	return false;
}

Let me know what the logs say once you’ve tried that ??

Thanks,

Tom

I added the code, this is the new log.
2020-01-14 04:08:39 EXLOG:
2020-01-14 04:08:39 array (
0 =>
array (
0 => ‘28000’,
‘SQLSTATE’ => ‘28000’,
1 => 18456,
‘code’ => 18456,
2 => ‘[Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user \’*****_*****\’.’,
‘message’ => ‘[Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user \’*****_*****\’.’,
),
1 =>
array (
0 => ‘28000’,
‘SQLSTATE’ => ‘28000’,
1 => 18456,
‘code’ => 18456,
2 => ‘[Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user \’*****_*****\’.’,
‘message’ => ‘[Microsoft][ODBC Driver 13 for SQL Server][SQL Server]Login failed for user \’*****_*****\’.’,
),
)
<< Less

2020-01-14 04:08:39 PHP Fatal error: Uncaught Exception: External Login Error: No test results found. in *:\*\*\*\*\wp-content\plugins\external-login\views\test_results.php:23
Stack trace:
#0 *:\*\*\*\*\wp-content\plugins\external-login\options\testing_ajax.php(9): include()
#1 *:\*\*\*\*\wp-includes\class-wp-hook.php(288): exlog_test_connection(”)
#2 *:\*\*\*\*\wp-includes\class-wp-hook.php(312): WP_Hook->apply_filters(”, Array)
#3 *:\*\*\*\*\wp-includes\plugin.php(478): WP_Hook->do_action(Array)
#4 *:\*\*\*\*\wp-admin\admin-ajax.php(175): do_action(‘wp_ajax_exlog_t…’)
#5 {main}
thrown in *:\*\*\*\*\wp-content\plugins\external-login\views\test_results.php on line 23

Also I wanted to use, Rfc2898DeriveBytes (PBKDF2) as the Hash type.
There is a support thread where you said you will add this in the new patch, so was it added or will it be added cause I cant find it in the provided list.

Regarding your database error, it appears that this is an issue with the authentication on your MSSQL server.

There are lots of other threads that talk about these errors but it does seem to be an issue not related to the plugin.

I found Googling sql state 28000 18456 listed a bunch of suggested resolutions.

If you read something that leads you to think that this may be an issue with the plugin, please let me know and I’ll be happy to look further.

Regarding your PBKDF2 request, I’ll follow this up with another comment ??

Hey @axharkhan,

Regarding your PBKDF2 query, I remember looking into this hash previously and finding that it wasn’t as simple as I thought it would be.

This is mostly because PBKDF2 can be implemented in loads of different ways.

This gets narrowed down a chunk if you start looking at C#s Rfc2898DeriveBytes class which pre-defines a lot of the options but also adds some complexity.

I’m not promising anything for this one as it is a lot of work to implement and I already have a bunch of jobs on the backlog.

If you could provide me with answers to the following questions it may help me weigh this up and see how quickly it could be implemented.

1. Are you using the same salt for all passwords?
2. Where and how are you storing the salt?
3. Can you give me an example generated hash? This would preferably be created for the password password and with a salt that you can also share with me.

For my reference, I’m going to include the following two links but you may also be iterested:

• https://www.cidean.com/blog/2019/password-hashing-using-rfc2898derivebytes/
• https://medium.com/rabbit-mobile-business-blog/writing-c-s-rfc2898derivebytes-in-php-88fa8c096dcb

The thing is I am very new to web development and stuff, I developed a website in ASP.Net Webforms, using Identity framework for membership, by default the framework uses this hashing technique (from what I’ve read online, mostly stackoverflow) to store the passwords.
I hope this helps.
https://stackoverflow.com/questions/20621950/asp-net-identitys-default-password-hasher-how-does-it-work-and-is-it-secure
https://andrewlock.net/exploring-the-asp-net-core-identity-passwordhasher/

• This reply was modified 5 years, 1 month ago by axharkhan.

And thank you, I will search the error code and try to resolve it.

@tbenyon the server error is fixed, thank you so much. Now if only the hashing issue is resolved too, that would be wonderful.
The fault was on my end and is now fixed.
I feel so stupid for wasting your time. ??

• This reply was modified 5 years, 1 month ago by axharkhan.

Hey @axharkhan,

Don’t apologise, I’m really glad you managed to find the issue. Well done! ??

Plus you helped me find a small flaw in the plugin which is great!

If you get a minute to write a review I’d be very grateful. ??

Regarding the hash, you sending me that link did teach me something else which is that I now realise that the salt is stored with the password it appears (which is good).

Again, if you can create a new user with password password and send me the created hash for that user it would help me test the issue.

Thanks,

Tom ??

• This reply was modified 5 years, 1 month ago by tbenyon.

@tbenyon I created a new user user with password password and this was the hash : AHqUjghU06UO2btWPC9NTzsebpIsAyG1B2l02vsljwQfB2FYDMxjmjO2TLCtwWp9Hw==
I hope this helps. ??

Hey @axharkhan,

Just wanted to update you. I’ve done a fair bit of reading and have gained a fair bit of understanding but I just don’t have the time to keep investing in this right now. It would involve me reading up a lot more on C# and then have to implement that in PHP.

I do have a ticket for this in the backlog so I hope to get round to it in the future.

I think if you need this now your best option is to pay a developer to write this part of the solution (unless you have the time to learn it yourself and implement it yourself). I am not allowed to offer paid work here unfortunately but I think this is something someone would happily pick up. Probably quite straight forward for someone with more C# understanding than I.

What you would need is someone that can write a PHP function that takes the hash you gave me in the last message, and a string for a password. It would then return true if the user was valid or false if it was not.

This is then easily implemented for you without any changes to the plugin. You can find some basic information how in the FAQ about hooks on the plugin but it would looks something like this:

function myExlogHashAuthenticator($password, $hashFromDatabase) {
    return someFunctionToCheckHashAgainstPassword($password, $hashFromDatabase);
}

add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 2);

If you did get someone to get this far, and you wanted the code added to the plugin, feel free to share it back here and, as long as it is the standard implementation for all ASP.net users, I’ll add in settings for it.

Thanks @axharkhan,

Tom