Hello,
When a user changes their password on my "change password" screen, I watch the change happen IN the wordpress database. The hash is changes and I can tell it got updated.
The next time a user clicks on a page in wordpress it gets changed BACK to the old password.
The interesting part is when I click directly on my "forum" link to go to phpBB the password stays the same UNTIL I go back to Wordpress in which time it is changed back to the old one.
The only system that has my password is phpBB so I surmise that the change never happened in phpBB after they changed it in Wordpress. So, the update is not happening or something else weird is going on!
Thank you!!!
James
Password change problem
-
- User ww
- Posts: 21
- Joined: Fri May 15, 2020 7:23 pm
Re: Password change problem
I fixed it. For everyone else, I needed to make sure that I called the action 'after_password_reset' and that made WP-W3all update the phpBB password. So, the whole flow looks like:
do_action( 'password_reset', $current_user->ID, $pass1 );
wp_set_password( $pass1, $current_user->ID );
do_action( 'after_password_reset', $current_user, $pass1 );
Thanks!!
do_action( 'password_reset', $current_user->ID, $pass1 );
wp_set_password( $pass1, $current_user->ID );
do_action( 'after_password_reset', $current_user, $pass1 );
Thanks!!
- axew3
- w3all User
- Posts: 2883
- Joined: Fri Jan 22, 2016 5:15 pm
- Location: Italy
- Contact:
Re: Password change problem
Hello James! Thank for the report.
When an user change password in wordpress, it should be also updated to the same in phpBB at same time.
If it is not, then happen what you correctly say: the pass is updated to the old one, because the verify_phpbb_credentials(){ function check for password match, and if mismatch, update the pass of the wp user with phpBB password. This because you could let users change their passwords into phpBB. So when a wp profile update happen, the password should be updated at same time into phpBB also.
If this do not happen, then what you experience come out.
The solution you propose seem to be the right way to resolve, but ... answering to you right now, and looking into code at same time, this aspect come out with a bug into plugin code i assume (do not know why it is this way, why at this moment in the past, this function has been coded like this):
into wp_w3all.php file there is a call to the after_password_reset hook:
that into same file, fire then the function:
then into file class.wp.w3all-phpbb.php:
I see it update retrieving the user data via a query to db, then it update using retrieved data.
I assume that this way, is the wrong way because maybe, the time of the query happen BEFORE the effective WP user pass update, so why do not use, the $new_pass value, going to query the db instead? So the function should be like this instead?
if it possible to test it without changing nothing else into plugin code, and look if all after this change works fine would be great, or please let me know what (if using) plugin you experience the issue.
Another issue to be fixed on next coming soon 2.3.6
Thank you!
with a specific plugin or default wp?"change password" screen
When an user change password in wordpress, it should be also updated to the same in phpBB at same time.
If it is not, then happen what you correctly say: the pass is updated to the old one, because the verify_phpbb_credentials(){ function check for password match, and if mismatch, update the pass of the wp user with phpBB password. This because you could let users change their passwords into phpBB. So when a wp profile update happen, the password should be updated at same time into phpBB also.
If this do not happen, then what you experience come out.
The solution you propose seem to be the right way to resolve, but ... answering to you right now, and looking into code at same time, this aspect come out with a bug into plugin code i assume (do not know why it is this way, why at this moment in the past, this function has been coded like this):
into wp_w3all.php file there is a call to the after_password_reset hook:
Code: Select all
add_action( 'after_password_reset', 'wp_w3all_wp_after_password_reset', 10, 2 );
Code: Select all
function wp_w3all_wp_after_password_reset($user, $new_pass) {
$phpBB_user_pass_set = WP_w3all_phpbb::phpbb_pass_update_res($user, $new_pass);
$phpBB_user_activate = WP_w3all_phpbb::wp_w3all_wp_after_pass_reset($user);
}
Code: Select all
public static function phpbb_pass_update($user, $new_pass) {
global $w3all_config,$wpdb;
$w3phpbb_conn = self::wp_w3all_phpbb_conn_init();
$wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
$ud = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '$user->ID'");
if(empty($ud)){
return;
}
if ( $user->ID == 1 ){ // update phpBB admin uid2
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$ud->user_pass' WHERE user_id = '2'");
} else {
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$ud->user_pass' WHERE username = '".$user->user_login."'");
}
}
I assume that this way, is the wrong way because maybe, the time of the query happen BEFORE the effective WP user pass update, so why do not use, the $new_pass value, going to query the db instead? So the function should be like this instead?
Code: Select all
public static function phpbb_pass_update($user, $new_pass) {
global $w3all_config;
$w3phpbb_conn = self::wp_w3all_phpbb_conn_init();
if ( $user->ID == 1 ){ // update phpBB admin uid2
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE user_id = '2'");
} else {
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE username = '".$user->user_login."'");
}
}
Another issue to be fixed on next coming soon 2.3.6
Thank you!
- axew3
- w3all User
- Posts: 2883
- Joined: Fri Jan 22, 2016 5:15 pm
- Location: Italy
- Contact:
Re: Password change problem
a moment ...
so the function should maybe be like this ... a moment ...Remark: the $new_pass parameter is the “New password for the user in plaintext” originally passed to reset_password( $user, $new_pass )
- axew3
- w3all User
- Posts: 2883
- Joined: Fri Jan 22, 2016 5:15 pm
- Location: Italy
- Contact:
Re: Password change problem
Code: Select all
public static function phpbb_pass_update($user, $new_pass) {
global $w3all_config,$wpdb;
$w3phpbb_conn = self::wp_w3all_phpbb_conn_init();
$new_pass = wp_hash_password($new_pass);
if ( $user->ID == 1 ){ // update phpBB admin uid2
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE user_id = '2'");
} else {
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE username = '".$user->user_login."'");
}
}
- axew3
- w3all User
- Posts: 2883
- Joined: Fri Jan 22, 2016 5:15 pm
- Location: Italy
- Contact:
Re: Password change problem
Yes it seem to work into my tests, with the function changed to the above.
So the
function public static function phpbb_pass_update($user, $new_pass) {
into file class.wp.w3all-phpbb.php
should may be changed like this
and all works fine now?
So the
function public static function phpbb_pass_update($user, $new_pass) {
into file class.wp.w3all-phpbb.php
should may be changed like this
Code: Select all
public static function phpbb_pass_update($user, $new_pass) {
global $w3all_config;
$w3phpbb_conn = self::wp_w3all_phpbb_conn_init();
$new_pass = wp_hash_password($new_pass);
if ( $user->ID == 1 ){ // update phpBB admin uid2
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE user_id = '2'");
} else {
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE username = '".$user->user_login."'");
}
}