password hasing

Hey @colmanbyrne,

The statement you have sent is a custom hashing solution and thus not supported by the plugin as a standard setting.

This is because as well as using the crypt hashing method, it is also relying on an md5 hash.

For this reason the only way for you to solve this is by using the “exlog_hook_filter_authenticate_hash” hook. You can find documentation for its use in the FAQ.

To help you out however, this is something like what you would want to add to your functions.php file:

function myExlogHashAuthenticator($password, $hashFromDatabase, $username, $externalUserData) {
    $pw_salt = 'someSaltUsedOnExternalDatabase'
    $generatedHashFromEnteredPassword = crypt(md5($password), $pw_salt)
    return $generatedHashFromEnteredPassword == $hashFromDatabase;
}
add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 4);

I have not tested this so treat this like pseudo code to help you build a solution.

I should also point out that the hashing system your external database is using is not best practice. I would recommend reading the SECURITY NOTES -> Hashing section of the main plugin page for guidance on why this is not desirable.

Let me know if you have any questions, and let me know how you get on,

Thanks,

Tom ??

• This reply was modified 5 years, 2 months ago by tbenyon.

Hi Tom

That’s great I will use the hook ,
one question though , do I need to set the Hashing type to none or anything else to use the hook and avoid any conflicts ? or the this setting ignores by the hook

Colman

If the hook is in place, the rest of the settings for password hashing are ignored.

You’ve made me realise however this is not documented or very clear. I may add a notice to the admin area in the future to indicate if the custom hook has been found.

I’ll mark this thread as resolved for now but if you have any further issue don’t hesitate to get back in contact. ??

If you like the plugin I’d be very grateful for a review.

Thanks Colman,

Tom ??