Auto Login to PHPBB is not working from WP

Hi! it just show a counter and a Coming Soon text, the page you linked asking for help, so has not been possible to check the issue, that should be cookie related

Hi – sorry I have now removed the under construction mode.

I have set the forum at https://test2020.joc.org.uk/forum and have set the cookies on phpbb to be .joc.org.uk to cover all subdomains.

Am I missing anything?

I see your overall_footer.html, that lack of the part before this:
<script src="iframeResizer.contentWindow.min.js"></script>
then i assume you want to build your own js about?
If not, you have to add all what reported here:
https://www.axew3.com/w3/2020/01/phpbb-wordpress-template-integration-iframe-v5/

Or you mean something else, related to the fact, that a remember me login do not work, and the session expire?

p.s the problem given by the js code you still have not add into overall_footer, when you are on wp forum page (that contain the phpBB iframe)?

• This reply was modified 4 years, 1 month ago by axew3.

hi thanks!

We added this but now once we login, the page keeps on refreshing

Also, migrated users from WP to PHPBB are not able to login to PHPBB using the WP credentials. Is there a Live chat option? so that we could resolve this together?

It is normal as explained on procedure, that transferred wordpress users into phpBB will not be able to logi, because hash do not will match.

This has been resolved on new 2.4.0 that’s coming on this week.

Your transferred users into phpBB will have to reset their password, in order to correctly login into phpbb.

If you experience that is not possible to login in wp side with the actual not updated WP password, let may know, i will apply a patch to 2.3.9 on fly. So if you will let users login only in wp side they will be able to login without resetting actual password.

If you leave users login also in phpBB, then transferred users will have by the way update the password, then it will be recognized on both (until integration run)

what about the refresh? have you setup the security settings to allow remember me logins, and may set days to expire of the remember me login to a value that is not 0?

Hi Thanks for your response.

Our users will mainly login from the WP side. However, the auto login (single sign on) is still not working. Can you please apply the patch or help in looking into the issue? Is it possible to teamview or something like that?

I can provide you a test user access

open up wp_w3all.php file into plugin folder and where
from line 808 until 873

there is this code:

 if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :

function wp_check_password($password, $hash, $user_id) {
   global $wpdb,$wp_hasher;
      
   $password = trim($password);
   $check = false;
   
   if( $user_id < 1 ){ return; }
 
     $wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
     $wpu = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '".$user_id."'");
     if(empty($wpu)){
      $wpu = get_user_by( 'ID', $user_id );
     }  
     
 if(!empty($wpu)){
 	 $is_phpbb_admin = ( $user_id == 1 ) ? 1 : 0; // switch for phpBB admin // 1 admin 0 all others
   $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wpu->user_login, $is_phpbb_admin, $wpu);
	 if ( $changed !== false ){
      $hash = $changed;
    }   

	 // If the hash is still old md5...
    if ( strlen($hash) <= 32 ) {
        $check = hash_equals( $hash, md5( $password ) );
     }

 // Argon2i and Argon2id password hash
 if( substr($hash, 0, 8) == '$argon2i' ){
 	$password = stripslashes(htmlspecialchars($password, ENT_COMPAT)); // " do not need to be converted
  //$password = stripslashes(htmlspecialchars($password));
  $check = password_verify($password, $hash);
  $HArgon2i = true;
 }
 
 if ( !isset($check) OR $check !== true && !isset($HArgon2i) ){ // md5 check failed or not fired above ...
	 if ( empty($wp_hasher) ) {
		require_once( ABSPATH . WPINC . '/class-phpass.php'); 	
		$wp_hasher = new PasswordHash(12, true);
	 } 
    $check = $wp_hasher->CheckPassword($password, $hash); // WP check  
  }
  	 
 if ($check !== true && strlen($hash) > 32 && !isset($HArgon2i)){ // Wp check failed
    //$password = utf8_encode($password);
    $password = stripslashes($password);
    $password = htmlspecialchars($password, ENT_COMPAT);
    $check = password_verify($password, $hash);
  }
     
     if ($check === true){
     	  $phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu); 
     	 if(! defined("PHPBBCOOKIERELEASED") ){ 
     	  define("PHPBBCOOKIERELEASED", true); // then the session will be set on_login hook, if this filter bypassed
       }
      } else {
           $check = false;
        }
	   return apply_filters( 'check_password', $check, $password, $hash, $user_id );
} else {
     	return apply_filters( 'check_password', false, $password, $hash, $user_id );
     }
}

endif;

change with:

if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :

function wp_check_password($password, $hash, $user_id) {
   global $wpdb,$wp_hasher;
       
   $password = trim($password);
   //$password = str_replace(chr(0), '', $password);
   $check = false;
   $hash_x_wp = $hash;

     $wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
     $wpu = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '".$user_id."'");
     if(empty($wpu)){
      $wpu = get_user_by( 'ID', $user_id );
     }  
     
 if(!empty($wpu)){
 	 $is_phpbb_admin = ( $user_id == 1 ) ? 1 : 0; // switch for phpBB admin // 1 admin 0 all others
   $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wpu->user_email, $is_phpbb_admin, $wpu);
	 if ( $changed !== false ){
      $hash = $changed;
    }
 
	 // If the hash is still old md5...
    if ( $hash != null && strlen($hash) <= 32 ) {
        $check = hash_equals( $hash, md5( $password ) );
     }

 // Argon2i and Argon2id password hash
 if( substr($hash, 0, 8) == '$argon2i' ){
 	$password = stripslashes(htmlspecialchars($password, ENT_COMPAT)); // " do not need to be converted
  //$password = stripslashes(htmlspecialchars($password));
  $check = password_verify($password, $hash);
  $HArgon2i = true;
 }
 
 if ( !isset($check) OR $check !== true && !isset($HArgon2i) ){ // check the default Wp pass: md5 check failed or not fired above
	 if ( empty($wp_hasher) ) {
		require_once( ABSPATH . WPINC . '/class-phpass.php'); 	
		$wp_hasher = new PasswordHash(8, true); // 8 wp default
	 } 
    $check = $wp_hasher->CheckPassword($password, $hash_x_wp);
  }
  	 
 if ($check !== true && strlen($hash) > 32 && !isset($HArgon2i)){ // Wp check failed, check phpBB pass that's may not Argon2i 
    $password = stripslashes($password);
    $password = htmlspecialchars($password, ENT_COMPAT);
    $check = password_verify($password, $hash);
  }
  
     if ($check === true){
     	  $phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu); 
     	 if(! defined("PHPBBCOOKIERELEASED") ){ 
     	  define("PHPBBCOOKIERELEASED", true); // then the session will be set on_login hook, if this filter bypassed
       }
      } else {
           $check = false;
        }
	   return apply_filters( 'check_password', $check, $password, $hash, $user_id );
 } else {
     	return apply_filters( 'check_password', false, $password, $hash, $user_id );
     }
}

endif;

i’m axew w w (without spaces between w chars) on skype

spam system here, putted the post on moderation queue after edit.
So i just reply the same as before:

open up wp_w3all.php file into plugin folder and where
from line 808 until 873

there is this code:

 if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :

function wp_check_password($password, $hash, $user_id) {
   global $wpdb,$wp_hasher;
      
   $password = trim($password);
   $check = false;
   
   if( $user_id < 1 ){ return; }
 
     $wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
     $wpu = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '".$user_id."'");
     if(empty($wpu)){
      $wpu = get_user_by( 'ID', $user_id );
     }  
     
 if(!empty($wpu)){
 	 $is_phpbb_admin = ( $user_id == 1 ) ? 1 : 0; // switch for phpBB admin // 1 admin 0 all others
   $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wpu->user_login, $is_phpbb_admin, $wpu);
	 if ( $changed !== false ){
      $hash = $changed;
    }   

	 // If the hash is still old md5...
    if ( strlen($hash) <= 32 ) {
        $check = hash_equals( $hash, md5( $password ) );
     }

 // Argon2i and Argon2id password hash
 if( substr($hash, 0, 8) == '$argon2i' ){
 	$password = stripslashes(htmlspecialchars($password, ENT_COMPAT)); // " do not need to be converted
  //$password = stripslashes(htmlspecialchars($password));
  $check = password_verify($password, $hash);
  $HArgon2i = true;
 }
 
 if ( !isset($check) OR $check !== true && !isset($HArgon2i) ){ // md5 check failed or not fired above ...
	 if ( empty($wp_hasher) ) {
		require_once( ABSPATH . WPINC . '/class-phpass.php'); 	
		$wp_hasher = new PasswordHash(12, true);
	 } 
    $check = $wp_hasher->CheckPassword($password, $hash); // WP check  
  }
  	 
 if ($check !== true && strlen($hash) > 32 && !isset($HArgon2i)){ // Wp check failed
    //$password = utf8_encode($password);
    $password = stripslashes($password);
    $password = htmlspecialchars($password, ENT_COMPAT);
    $check = password_verify($password, $hash);
  }
     
     if ($check === true){
     	  $phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu); 
     	 if(! defined("PHPBBCOOKIERELEASED") ){ 
     	  define("PHPBBCOOKIERELEASED", true); // then the session will be set on_login hook, if this filter bypassed
       }
      } else {
           $check = false;
        }
	   return apply_filters( 'check_password', $check, $password, $hash, $user_id );
} else {
     	return apply_filters( 'check_password', false, $password, $hash, $user_id );
     }
}

endif;

change with:

if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :

function wp_check_password($password, $hash, $user_id) {
   global $wpdb,$wp_hasher;
       
   $password = trim($password);
   //$password = str_replace(chr(0), '', $password);
   $check = false;
   $hash_x_wp = $hash;

     $wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
     $wpu = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '".$user_id."'");
     if(empty($wpu)){
      $wpu = get_user_by( 'ID', $user_id );
     }  
     
 if(!empty($wpu)){
 	 $is_phpbb_admin = ( $user_id == 1 ) ? 1 : 0; // switch for phpBB admin // 1 admin 0 all others
   $changed = WP_w3all_phpbb::check_phpbb_passw_match_on_wp_auth($wpu->user_email, $is_phpbb_admin, $wpu);
	 if ( $changed !== false ){
      $hash = $changed;
    }
 
	 // If the hash is still old md5...
    if ( $hash != null && strlen($hash) <= 32 ) {
        $check = hash_equals( $hash, md5( $password ) );
     }

 // Argon2i and Argon2id password hash
 if( substr($hash, 0, 8) == '$argon2i' ){
 	$password = stripslashes(htmlspecialchars($password, ENT_COMPAT)); // " do not need to be converted
  //$password = stripslashes(htmlspecialchars($password));
  $check = password_verify($password, $hash);
  $HArgon2i = true;
 }
 
 if ( !isset($check) OR $check !== true && !isset($HArgon2i) ){ // check the default Wp pass: md5 check failed or not fired above
	 if ( empty($wp_hasher) ) {
		require_once( ABSPATH . WPINC . '/class-phpass.php'); 	
		$wp_hasher = new PasswordHash(8, true); // 8 wp default
	 } 
    $check = $wp_hasher->CheckPassword($password, $hash_x_wp);
  }
  	 
 if ($check !== true && strlen($hash) > 32 && !isset($HArgon2i)){ // Wp check failed, check phpBB pass that's may not Argon2i 
    $password = stripslashes($password);
    $password = htmlspecialchars($password, ENT_COMPAT);
    $check = password_verify($password, $hash);
  }
  
     if ($check === true){
     	  $phpBB_user_session_set = WP_w3all_phpbb::phpBB_user_session_set_res($wpu); 
     	 if(! defined("PHPBBCOOKIERELEASED") ){ 
     	  define("PHPBBCOOKIERELEASED", true); // then the session will be set on_login hook, if this filter bypassed
       }
      } else {
           $check = false;
        }
	   return apply_filters( 'check_password', $check, $password, $hash, $user_id );
 } else {
     	return apply_filters( 'check_password', false, $password, $hash, $user_id );
     }
}

endif;

i’m axew w w (without spaces between w chars) on skype

thanks. Still does not autologin WP user to PHPBB

created a test user for you

can you login using username and PW as: testswara2

and see what is the issue?

into phpBB overall_footer code you added, you set the cookie domain value to:
document.domain = 'test2020.joc.org.uk';
while your page-forum.php into your WP active template folder,
where these lines say:

document.domain = '".$document_domain."';
		// document.domain = 'mydomain.com'; // NOTE: reset/setup this with domain if js error when WP is installed like on mysite.domain.com and phpBB on domain.com: js origin error can come out for example when WordPress is on subdomain install and phpBB on domain. The origin fix is needed: (do this also on phpBB overall_footer.html added code)

returns this:
document.domain = 'joc.org.uk';
so open it, and change this line:
// document.domain = 'mydomain.com'; // NOTE: reset/setup .....
into this:

document.domain = 'test2020.joc.org.uk'; // NOTE: reset/setup .....

they need to be the same

p.s may also change
document.domain = '".$document_domain."';
into this:
//document.domain = '".$document_domain."';

• This reply was modified 4 years, 1 month ago by axew3.
• This reply was modified 4 years, 1 month ago by axew3.

ok changed this but the page now keeps refreshing in loops

what are you doing?
document.domain = 'joc.org.uk';
say now your overall_footer code

while it return
document.domain = 'test2020.joc.org.uk';

your page forum.

set as
document.domain = 'test2020.joc.org.uk';

your overall_footer.html code, like on the page-forum.php

p.s when you change the overall_footer code of phpBB, or any other phpBB template file, remember that you have to rebuild stale template (better is that you leave set yes until you not finished with all, then reset to no)

• This reply was modified 4 years, 1 month ago by axew3.

changed everything to test.2020.joc.org.uk both on the overall_footer.html and page-forum.php

guess you have to setup cookie domain on both overall_footer code and page-forum, to be
joc.org.uk
because the js function w3all_ajaxup_from_phpbb
return

Uncaught DOMException: Permission denied to access property “w3all_ajaxup_from_phpbb” on cross-origin object

while your cookie domain do not match

this cause the loop, the wrong cookie domain setting