Error when placing secret keys in wp-config.php

Hello @torbenmogensenco

thank you for your message and for using my plugin.

I’ll check this out when I have the change. Could you just let me know if you’re using the latest plugin version?

Hi, thanks for looking at it.
I am using version 2.2.0, I believe that is the latest.

I just checked again, and it fails to authenticate the keys are defined in wp-config.php, but works when the keys are stored in the uploads folder.

Just let me know if anything else you need.

@torbenmogensenco

that’s weird, because I remember testing this thoroughly and I had 0 problems with it. Are you following this guide?

https://www.licensemanager.at/docs/handbook/setup/security/

Basically, you need two constants: LMFWC_PLUGIN_SECRET and LMFWC_PLUGIN_DEFUSE. They need to hold the contents of the secret.txt and the defuse.txt file respectively, not just the text “secret.txt” and “defuse.txt”.

If that’s how you’ve done it and you still get the error, then I’ll definitely need to take a look. Could you also tell me your PHP version?

Hi, PHP version is 7.4.10

I am not sure if the constants are actually set, or how to check that.
I have these two lines in wp-config.php:

/** Keys for License Manager plugin */
define(‘LMFWC_PLUGIN_SECRET’, ‘kjh6546GSDFG-the-secret-key-54dfga’);
define(‘LMFWC_PLUGIN_DEFUSE’, ‘kjh6546GSDFG-the-long-key-54dfga’);

When i rename/remove the /uploads/lmfwc-files, the authentication fails.

It seems to me that a key-format is expected in Crypto.php, but the constant is a ‘string’ when its set in wp-config.php.

Hope this is helpful.

@torbenmogensenco

wp-config.php is the way to go for this.

However, I think your LMFWC_PLUGIN_DEFUSE constant is wrong, it should start with def. Here’s an example from my development environment:

secret.txt (LMFWC_PLUGIN_SECRET)

4cb7f4ecfe18b979d402275828563571fa0785ef68ef4d436967dc7652fa760a

defuse.txt (LMFWC_PLUGIN_DEFUSE)

def00000c148e4045984f9c206aaa1bae2f33abb5ba6d1c45883718a5646166e2d2657c36c6f23a94c43e6f26de74d76efe129c4907e40f4d892e1b9a40775ec33469ab3

So, the final result would be:

define('LMFWC_PLUGIN_SECRET', '4cb7f4ecfe18b979d402275828563571fa0785ef68ef4d436967dc7652fa760a');
define('LMFWC_PLUGIN_DEFUSE', 'def00000c148e4045984f9c206aaa1bae2f33abb5ba6d1c45883718a5646166e2d2657c36c6f23a94c43e6f26de74d76efe129c4907e40f4d892e1b9a40775ec33469ab3');

No, the keys are correct – checked them many times.
Just a habit i have ?? – trying to keep secret codes secret, even though that aren’t really secret.

/** Keys for License Manager plugin */
define(‘LMFWC_PLUGIN_SECRET’, ‘289529a54860b13115b2754270a80f95c09a1213b5ef8218d1169522f7d5dd23a’);
define(‘LMFWC_PLUGIN_DEFUSE’, ‘def000006fa01352370b197e61e020b73ed6388e7891680628ce240b1377e44c0d047e6ef045cff48197d0629efa57df9ee8de3a401ecae68e49a97dd7cfbff47326ddd3’);

@torbenmogensenco

I honestly don’t know why this would happen, I just tested it on my development environment again, and it works.

Do you maybe have a relevant excerpt from the PHP error logs?

I can’t remember in which location I found the log with the error, if you can point me in the right direction(ubuntu server).

Its some time ago, but I remember the error is in line 29 of Crypto.php
‘Expecting key’ and I guess what was supplied was a string.
But PHP is not my strong side.

@torbenmogensenco

By default, the PHP error logs on Ubuntu should be inside of: /var/log/apache2/error.log

Hmmm Okey – it seems to be a different problem now. Or maybe Im doing something wrong.
When I setup the same conditions, I do not get any PHP errors.

When keys are read from lmfwc-files I get this response from server:
{:success=>true, :data=>{:id=>3, :orderId=>3225, :productId=>3212, :userId=>1, :licenseKey=>"T0-TLaKRN7TzEc80F6G9E50yH7m17Tb", :expiresAt=>"2020-09-30 00:00:00", :validFor=>nil, :source=>1, :status=>2, :timesActivated=>2, :timesActivatedMax=>2, :createdAt=>"2020-09-11 11:00:48", :createdBy=>1, :updatedAt=>"2020-09-23 08:56:35", :updatedBy=>1}}

When I rename lmfwc-files to lmfwc-files-old, and I assume keys are read from wp-config.php I get this response:
{:code=>"lmfwc_rest_data_error", :message=>"License Key: T0-TLaKRN7TzEc80F6G9E50yH7m17Tb could not be found.", :data=>{:status=>404}}

Everything is the same.

It may be a different issue – not authentication issue at all.

Well that seems to work, are those the actual, decrypted license keys? If so, then everything seems to be working.

Do you see the decrypted license keys when you go to License Manager -> Licenses?

Yes – all is fine, except when the lmfwc-files folder are NOT found and keys should be read from the constant in wp-config.

When read from lmfwc-files response = :success=>true

When read from the WP constant response: :code=>”lmfwc_rest_data_error”, :message=>”License Key: T0-TLaKRN7TzEc80F6G9E50yH7m17Tb could not be found.”, :data=>{:status=>404}}

So we’re back to square one ??

Okay, do you maybe have a test/staging server where I could take a look myself?