Required fields and salt location

  • Hello there,

    i tried to authenticate against a mybb database. The problem is that there are some (hidden) requirements regarding fields in your addon:

    I need to have the following fields in my database, which are not existent in my case:

    • First Name
    • Last Name
    • Role

    You should either make them non-essential (especially first and last name) or mark them as such. Otherwise the test function just loads forever but never gives any feedback.

    Next, the salt database field can be entered, but i can’t select it when i specify the hashing options (only none, before and after are selectable). The passwords in my database are hashed with md5 and the salt is stored in a column called ‘salt’.

    I guess the plugin won’t work for my project anyways, since mybb has a loginkey which is needed fpr the logout function, but the above could be an issue for other people, too ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author tbenyon

    (@tbenyon)

    Hey @zalnart,

    1) I completely agree with your first comment as First Name and Last Name appear not to be required by WP and the plugin is built to allow a default role. I’ll get this sorted asap.

    2) Can you give me more information on what you are trying to make for your settings – or an example where the settings don’t work. I have done some validation for hiding elements when they’re not needed but I might have missed something. For example, if you are using bcrypt, you won’t have a field for a salt because the salt is stored as part of the password hash in the Database. Happy to help with this just need more info as my logic might be wrong?

    3) I don’t know anything about mybb but if a small tweak could make this work for you I’m happy to help. I’m not sure why you need this unless the user flow is different to what I’ve built the plugin for (which may be the case).

    The WordPress login session is assumed to be a completely different session any other site. If you are looking at shared login sessions you should really be looking at an OAuth solution in my opinion.

    If you don’t need this, the login session is purely handled by WordPress.
    Step 1 -> user logs in.
    Step 2 -> we query the external database to see if their username and password are correct
    step 3 -> we create or update the details of the new user
    step 4 -> we log that user in
    step 5 -> when the user logs out of wordpress the wordpress session ends

    This doesn’t use the external login system at all – purely the username and password fields are looked up in the users table to validate them.

    Thanks @zalnart,

    Tom

    Thread Starter zalnart

    (@zalnart)

    Hiya ??
    1) Very good ??
    2) Well, in my case the passwords were hashed with md5 and the salt was stored in it’s own database column. If i select md5 as hash, i get the choice “Not salted”, “salt after” and “Salt before”. But there is no way to select “Salt in given column”. I don’t have much experience with cryptography, so i fear i won’t be of much help there…
    3)You’re right. You know, it was late and stuff… Actually i was looking for an OAuth solution for a while, but as this seemend incredibly tedious (and to be fair, a bit overwhelming for me, since all my programming knowledge is self taught) i looked for other possibilities.

    In the end i decided to change the software completely, as there was an existing solution.

    But this way, i got to know some nice people ??

    To cut a long story short: I won’t need the plugin anymore, but i?m still happy to help with improvements if i can ??

    -Z

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Required fields and salt location’ is closed to new replies.