Password Change for External User does not allow them to login

Hey @stikekar,

Sounds like you’ve done the right thing and your expected behaviour is in line with mine. Let’s see if we can solve it together ??

I know this is working for myself and other users so my first question is, what manages the external db system? Laravel, another WordPress site, a custom made system?

I ask because one thought is that new passwords are being upgraded to a new hashing system in a different column? I’ve seen this before.

Does the old password continue to work on the WordPress database?

Does the new password definitely work on the external system?

If none of this triggers a solution for you I’ll suggest where we can add some debugging lines in the plugin to look deeper.

Tom

Thanks for checking in with me. The external system is a MSSQL test database that we have created. Our plan is to present WordPress as a CMS. The changed password is going into the same column in the external database as before using our URL and is not updating the WordPress user password. If I login the user in WordPress using the old password, the user is able to login. We have also tested that the user is able to login into the external system using the new password.

No worries @stikekar and thanks for getting back with more info. All sounds good to me.

The next route of debugging this issue is to look at the data coming back from your database and check that it is what you expect to see.

I’m going to ask you add some additional logging into the app.

IMPORTANT!!! This will log the personal information of the user that you are fetching information for. For this reason, you should do this with test data to ensure that your users’ information does not appear in your logs.

Please look for the following while loop at line 131 in the following path:
wp-content/plugins/external-login/plugin-files/login/db.php

Below is the same code with some additional log lines.

while( $userData = sqlsrv_fetch_array($stmt)) {
    error_log('EXLOG----------------------->>>> START');
    $user_specific_salt = false;

    if (exlog_get_option('external_login_option_db_salting_method') == 'all') {
        $user_specific_salt = $userData[$db_data["dbstructure_salt"]];
    }

    error_log('EXLOG----------------------->>>> 1');
    error_log(var_export($userData, true));
    $valid_credentials = exlog_validate_password($password, $userData[$db_data["dbstructure_password"]], $user_specific_salt);
    
    error_log('EXLOG----------------------->>>> 2');
    error_log(var_export($valid_credentials, true));
    if ($valid_credentials) {
        $wp_user_data = exlog_build_wp_user_data($db_data, $userData);
        $wp_user_data["exlog_authenticated"] = true;
        return $wp_user_data;
    }
    error_log('EXLOG----------------------->>>> END');
}

Please update the code to look like this and then come back to me with the answer to these questions:

• Did you see the logs messages appear in your logs?
• Does the hash in the logged data match the hash that is stored for your user with the updated password?

Thanks,

Tom

I added the additional lines and went through login/change password on external site/login(did not work). Where should I be looking for the log file. I have not seen one created.

It varies based on your setup. This may help you:
https://www.loggly.com/ultimate-guide/php-logging-basics/

I have looked at the Apache Access log and Apache error log for the site. Both files are empty with no recorded activities. Log path for the site are
/var/log/virtualmin/members.e-ikon.com_access_log
/var/log/virtualmin/members.e-ikon.com_error_log

You could try adding an error_log to the top of your functions.php file to see if we’re not getting to where we put the logs in the other file.

At that point, if you can’t see the log there’s not a lot I can do to help you as it’s really about your server configuration. You could ask your hosting provider for help locating the logs.

Just to confirm the modifications you requested were done correctly by me.

while( $userData = sqlsrv_fetch_array($stmt)) {
error_log(‘EXLOG———————–>>>> START’);
$user_specific_salt = false;

if (exlog_get_option(‘external_login_option_db_salting_method’) == ‘all’) {
$user_specific_salt = $userData[$db_data[“dbstructure_salt”]];
}

error_log(‘EXLOG———————–>>>> 1’);
error_log(var_export($userData, true));
$valid_credentials = exlog_validate_password($password, $userData[$db_data[“dbstructure_password”]], $user_specific_salt);

error_log(‘EXLOG———————–>>>> 2’);
error_log(var_export($valid_credentials, true));
if ($valid_credentials) {
$wp_user_data = exlog_build_wp_user_data($db_data, $userData);
$wp_user_data[“exlog_authenticated”] = true;
return $wp_user_data;
}
error_log(‘EXLOG———————–>>>> END’);
}

I will also check with my hosting company. Also, how can I send you a private note?

Hey @stikekar,

I’m afraid I’m not allowed to give out private details on the forum. I was told off when I started the plugin for doing it by the moderators.

That looks right to me, I haven’t tested it on my local copy.

As I said before, you may want to add another log to the start of your functions.php file to ensure logs are working at all first.

e.g. error_log(‘EXLOG———————–>>>> START of functions.php’);

Let me know when you get your logs showing ??

Tom

Tom,

Upon further investigation, we were able to identify the problem in our external DB. The plugin works perfectly. Thanks for your time and a beer or two are on the way. Are you planning updates to the plugin ?

That’s brilliant @stikekar!!!

Well done for getting it resolved!

Yeah, there’s a couple of fixes in the pipeline. Started a new job recently so haven’t come round to update but I will continue to support the plugin ??

Money received. That was very generous of you and much appreciated.

If you have any more issues don’t hesitate to get back in contact.

Kind regards,

Tom

There is one issue that has come up now. When a user logs into WordPress using the external database and then changes their password in the external database, that user can still login to the WordPress with the old password until the user logs into WordPress using the new password.

So the plugin will only allow login with the old password in one condition. If the external server is not available, the plugin will use the local password stored in WordPress to login a user.

As soon as a login is made with the server the password is updated locally in WordPress.

You can tick the box in the settings to disable local login. This will mean if the external database is not accessible it will not attempt to use the local database to login users.

My theory on what could be happening in your case.

1. The server was unavailable when you tried to login with the old password so it used the local one (the old password) to validate
2. There is a caching issue with your setup?

I would suggest you start by using the same log messages we talked about before to see if you are definitely getting the data back from the server. You can then also check that the new hash is definitely coming back from that query.