Password change problem

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Maximum filesize per attachment: 1 MiB.

Expand view Topic review: Password change problem

Re: Password change problem

by axew3 » Sun Jul 12, 2020 10:42 pm

Hello! On 2.3.6
add_action( 'after_password_reset', 'wp_w3all_wp_after_password_reset', 10, 2 );
has been switched to add_action( 'password_reset', 'wp_w3all_wp_after_password_reset', 10, 2 );
because on many front-end plugins, after_password_reset simply do not fire.

I tested some plugin that was not working before, that now works fine on 2.3.6.
Some bug resolved, and more fixes coming on 2.3.7.
2.3.6 resolve any password problem, eliminate the use of Bcript plugin's library, and switch to native Php functions.
It is working fine without problems tested until Php 7.4.7.

You can always return back to old plugin code because there are not database changes since several versions now, and this will be for long time in the future also. So you can save your modified version, and return back just replacing plugins files.
Or may apply the modification you did into 2.3.6, that resolve more bugs from 2.3.5.
See you soon, cheers!

Re: Password change problem

by jambo » Sun Jul 12, 2020 10:07 pm

Sorry for getting back to you so late! I was working other small issues on the site and because the password integration was working I never checked back here.

Now that the site looks good and the number issues are almost zero I came back to check what I missed and saw this.

I made those changes and it still works fine. I did not remove the changes I made to the plugin and will keep them there because I that since Wordpress calls those functions in that order, so should the plugin.

The plugin I am using is "Paid Memberships Pro" and it works very good with your phpbb integration!

I am going to wait a few weeks to upgrade to 2.3.6 for all theater issues to calm down.

Thank you for everything!!!

Re: Password change problem

by axew3 » Tue Jun 30, 2020 8:52 am

Yes it seem to work into my tests, with the function changed to the above.
So the
function public static function phpbb_pass_update($user, $new_pass) {
into file class.wp.w3all-phpbb.php
should may be changed like this

Code: Select all

public static function phpbb_pass_update($user, $new_pass) { 

     global $w3all_config;
     $w3phpbb_conn = self::wp_w3all_phpbb_conn_init();
     $new_pass = wp_hash_password($new_pass);
 
    if ( $user->ID == 1 ){ // update phpBB admin uid2
       $w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE user_id = '2'");
     } else { 
        $w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE username = '".$user->user_login."'");
       } 

} 
and all works fine now?

Re: Password change problem

by axew3 » Tue Jun 30, 2020 8:36 am

Code: Select all

public static function phpbb_pass_update($user, $new_pass) { 

     	 global $w3all_config,$wpdb;
     
     $w3phpbb_conn = self::wp_w3all_phpbb_conn_init();
      
   $new_pass = wp_hash_password($new_pass);
 
    if ( $user->ID == 1 ){ // update phpBB admin uid2
       $w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE user_id = '2'");
     } else { 
        $w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE username = '".$user->user_login."'");
       } 
}
going to check all about asap

Re: Password change problem

by axew3 » Tue Jun 30, 2020 8:27 am

a moment ...
Remark: the $new_pass parameter is the “New password for the user in plaintext” originally passed to reset_password( $user, $new_pass )
so the function should maybe be like this ... a moment ...

Re: Password change problem

by axew3 » Tue Jun 30, 2020 8:15 am

Hello James! Thank for the report.
"change password" screen
with a specific plugin or default wp?

When an user change password in wordpress, it should be also updated to the same in phpBB at same time.
If it is not, then happen what you correctly say: the pass is updated to the old one, because the verify_phpbb_credentials(){ function check for password match, and if mismatch, update the pass of the wp user with phpBB password. This because you could let users change their passwords into phpBB. So when a wp profile update happen, the password should be updated at same time into phpBB also.
If this do not happen, then what you experience come out.

The solution you propose seem to be the right way to resolve, but ... answering to you right now, and looking into code at same time, this aspect come out with a bug into plugin code i assume (do not know why it is this way, why at this moment in the past, this function has been coded like this):

into wp_w3all.php file there is a call to the after_password_reset hook:

Code: Select all

add_action( 'after_password_reset', 'wp_w3all_wp_after_password_reset', 10, 2 );
that into same file, fire then the function:

Code: Select all

function wp_w3all_wp_after_password_reset($user, $new_pass) {
     $phpBB_user_pass_set = WP_w3all_phpbb::phpbb_pass_update_res($user, $new_pass); 
     $phpBB_user_activate = WP_w3all_phpbb::wp_w3all_wp_after_pass_reset($user); 
}
then into file class.wp.w3all-phpbb.php:

Code: Select all

public static function phpbb_pass_update($user, $new_pass) { 

     	 global $w3all_config,$wpdb;
     
     $w3phpbb_conn = self::wp_w3all_phpbb_conn_init();

        	$wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';

	     $ud = $wpdb->get_row("SELECT * FROM  $wpu_db_utab WHERE ID = '$user->ID'");
       
     if(empty($ud)){
       	return;
      }

    if ( $user->ID == 1 ){ // update phpBB admin uid2
       $w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$ud->user_pass' WHERE user_id = '2'");
     } else { 
        $w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$ud->user_pass' WHERE username = '".$user->user_login."'");
       } 
} 
I see it update retrieving the user data via a query to db, then it update using retrieved data.
I assume that this way, is the wrong way because maybe, the time of the query happen BEFORE the effective WP user pass update, so why do not use, the $new_pass value, going to query the db instead? So the function should be like this instead?

Code: Select all

public static function phpbb_pass_update($user, $new_pass) { 

     	 global $w3all_config;
     
     $w3phpbb_conn = self::wp_w3all_phpbb_conn_init();

    if ( $user->ID == 1 ){ // update phpBB admin uid2
       $w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE user_id = '2'");
     } else { 
        $w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE username = '".$user->user_login."'");
       } 
} 

if it possible to test it without changing nothing else into plugin code, and look if all after this change works fine would be great, or please let me know what (if using) plugin you experience the issue.
Another issue to be fixed on next coming soon 2.3.6
Thank you!

Top