Custom Login

Hey @johnfields,

Great question!

You’ll want to use the default WordPress way of doing this.

I’ve tried to write the plugin to stick to the standard WordPress flow as much as possible. For this reason, using someone else’s plugin to customise the look or writing your own modification in the standard WordPress way, as you plan to do, should work just fine. ??

For now I’ll close the ticket. If you have any issues feel free to get back to me.

If you get a chance to write a review I’d be very grateful.

Thanks John,

Tom ??

Hi Tom,

I have another question. For now i was trying to access directly WordPress login.php before customizing my own login. I tested the connection to DB in the settings and everything worked ok, but when i try to insert one of my other users it doesn’t let me, saying wrong username or password (only my admin user works). And when i activate the hash option to bcrypt even my admin user can’t be recognized.

Do you know what might be causing the error?

Thanks,
John

It sounds like the correct hashing algorithm is not being selected.

Do you know for sure bcrypt is the type of hash being used for your passwords in the external database?

You may be sure but if not, this help question may guide you to interpret what type it is your external database is using:
https://www.ads-software.com/plugins/external-login/#what%20hashes%20are%20available%20and%20which%20does%20my%20external%20database%20use%3F

Let me know if you think you’ve ruled this out while I start thinking what the next thing to try is ??

I have 3 different scenarios that happen when i try to login:
1. I have another user in my DB and if the password is encrypted with bcrypt and i introduce the plain text password in the form it won’t recognize it.
2. If the password for that user is in plain text it will recognize and will do the login correctly.
3. If i activate the hash option for bcrypt it won’t recognize either my admin user or another one i have (both for password encrypted or in plain text)

Thanks,
John

Hi Tom,
Yes i encrypted myself with bcrypt, and i checked the password and looks like the ones you presented.
So, as I explained next, when i activate the bcrypt hash none of my users are recognized. And when i set the option to none, only the users with plain text passwords are recognized, this is second part is supposed to happen, right? Since the hash is not activated

Hey John,

1. I have another user in my DB and if the password is encrypted with bcrypt and i introduce the plain text password in the form it won’t recognize it.

Understood. Why this is happening is something we’ll need to determine. If you could create a new user in your external database with the password password so and send me the created hash that’d be awesome.

2. If the password for that user is in plain text it will recognize and will do the login correctly.

Some clarification needed here. Some of your users have passwords stored as a bcrypt hash and some of them have passwords stored in plain text?

3. If i activate the hash option for bcrypt it won’t recognize either my admin user or another one i have (both for password encrypted or in plain text)

Understood.

As per my comment to your point one. Let’s start with you sending me an example bcrypt hash generated with your code and I can see if I can replicate this my end. I’ll assume you’re using the latest version of the plugin (1.7.3).

Here it goes,

1. I have a custom registration form that i use to create an user in DB with bcrypt hash. The one i created now with the password “password” generated this: $2y$10$0j6qdtq9YWKBwM5dEY10Y.xePVI04x77004QuxD2dFPntVynPBs96.

2. Since i’m still testing i first created 2 users with bcrypt hash and activated the bcrypt hash setting but couldn’t login in the platform. Then i created another user without the hash (just a plain text password) and selected the hash setting to none and the login worked just fine. But in the future everything will have bcrypt hash, after this problem is solved ??

And I’m using the latest version (1.7.3)

Hey John,

1.
Does the end of your hash in the db have a . on it or did you add that when you pasted here.

It should not have the dot.
i.e.
Good:
$2y$10$0j6qdtq9YWKBwM5dEY10Y.xePVI04x77004QuxD2dFPntVynPBs96

Bad:
$2y$10$0j6qdtq9YWKBwM5dEY10Y.xePVI04x77004QuxD2dFPntVynPBs96.

2.
Thanks for the clarification ??

Oh sorry Tom, it doesn’t have it. So it’s all good. I just put it there to end a phrase, my mistake ??

So it seems the problem is not the hashing generation.

Doesn’t appear to be. Could you send me screenshots of your settings? I really need to write a feature to make a nice output to make this easier. Apologies to have to ask this way ??

Obviously – obfuscate sensitive data!!! ??

No problem, i’ll send it right away.

Well, can i ask you a question first?

While i was talking with you, I changed the redirect location to a subfolder, where i have my wordpress folder. Before it was redirecting to my domain main page. And since that change now I can login in wordpress with the users with bcrypt hash assigned. The other users with plain text passwords don’t work, as supposed to.

Has this change impacted anything with your plugin? Cause now it works just fine, the rest of the setting remained the same as before.

Anyway, maybe i missed out something. But thanks for all the time and great support. And of course, for developing a great plugin.

I’ll write you a review, as I would do no matter what. You deserve it!

Thanks for everything,
John

Hey @johnfields,

Great find!

This is a relatively new feature so it is certainly possible this is not working. It has only been tested by me and I have not had anyone reported it working yet.

Could you give me an example of what worked and what didn’t work so that I can try to replicate?

Thanks,

Tom