No unique username field in external db, only e-mail and password hash

  • Resolved lvelve

    (@lvelve)


    4 years, 9 months ago

    Hi,

    Our external database is used in an app and is leading. But I want to make a desktop version in wordpress and authenticate with the external db. This plugin looks great for that!!

    I have an external db that has no unique username. But is has an e-mail and password hash stored, together with a name field. Can I map both user and email from Worpdress to the email field in external database? So email becomes username in wordpress, too?

    Is the password hash in wordpress updated when the hash changes in external database? Or can I do that with a hook?

    Is there a hook on password change in wordpress to update the password in the external database too?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author tbenyon

    (@tbenyon)

    Hey @lvelve,

    Can I map both user and email from Worpdress to the email field in external database? So email becomes username in wordpress, too?

    I believe you can. I had another user in this forum that I believe did exactly that ??

    Is the password hash in wordpress updated when the hash changes in external database? Or can I do that with a hook?

    Every time the user logs in it updates the hash in the WordPress database which is generated from the new password.

    Is there a hook on password change in wordpress to update the password in the external database too?

    WordPress has a hook that you could tie into. At that point you could write a query to target your external database to update the field.

    Quick Clarification on Hashes
    I’m sure you’re aware of this but just wanted to make sure you’re happy with this. The hash that is stored in your external database will not necessarily be the same as the hash stored in WordPress as they likely use different hashing algorithms.

    They will of course both authenticate a user with the same password.

    If you want to store the correct hash in the external database you will have to either:

    • Generate the hash in the exported format for the external database within that WordPress hook and then update the hash in the external DB with that
    • Send the plain text password to the external system and let it generate the hash using the system it already uses

    As always, be super careful with any of this stuff as you don’t want to leak plain text passwords in your server logs or anywhere else where they could be intercepted.

    I think I’ve answered all your questions so I’ll mark this as resolved but if you have further things you need clarified feel free to post back ??

    Thanks,

    Tom

    Thread Starter lvelve

    (@lvelve)

    Hi Tom,

    Thanks for the quick reply. You answered all my questions.

    I know the hash method in the external database, so I know how to hash it before updating the password with in a custom query. I wasn’t aware of the default WordPress hooks ‘after_password_reset’ and ‘password_reset’. Thanks for hinting me.

    Also noticed that there are hooks and filters on login. With these I can force the user the update the password, too after a defined period.

    I’ll give it a try.

    Luc

    Plugin Author tbenyon

    (@tbenyon)

    That’s awesome Luc.

    Sounds like you’ve got it all in hand.

    If it all works I’d be grateful if you could write a review or even buy me a beer.

    Keep me posted with how you get on!

    Thanks,

    Tom ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘No unique username field in external db, only e-mail and password hash’ is closed to new replies.