Page 2 of 2

Re: Login fails after password change

Posted: Tue Jan 14, 2020 11:10 am
by axew3
Released 2.0.9

Code: Select all

== Changelog ==

= 2.0.9 =
*Release Date - 14 Gen, 2020*
* Fix: (reported bug) password check in WordPress fail, if password change done by user in phpBB profile
* Minor Fix: page-forum.php to correctly set the targetOrigin value
* Minor Fix: page-forum.php -> to have Template Forum as template option when creating blank page in WordPress, and installed WP theme let choose between different templates to create a page. The pae Forums will be available to choose, and let work fit the template with no problems on layout. See: https://www.axew3.com/w3/2019/12/phpbb-wordpress-template-integration-iframe-v4/
* Note that also the iframe overall_footer.html v4 code has been updated to fix two issues (most important: correctly reposition iframe in certain conditions)

Re: Login fails after password change

Posted: Tue Jan 14, 2020 11:29 am
by axew3
P.s

about the password fix, to be clear, still the code isn't perfect, but normally will work.
When will not work?
When an hash will present chars sequence like this into string:
$2y$10$KVxgz$argon2i.sYBz2ffHPU..6ISD2.KcA6gIseKv4cKe...
due to this:
if( strpos($hash,'$argon2i') !== false ){
the sequence
$argon2i
could be present into an hash as part of it, and strpos used like this, search for this chars sequence, despite it is at BEGIN of the string OR NOT
$argon2i$v=19$m=1024,t=2,p=2$em4yaWRMWmdjRzFkUkVXaQ$TjPDZZt2peE+5uLuYscob7CA2ZgDFRYKJQs0Z80f7XM
we suppose can be very rare but can happen that an hash present sequence like the
$argon2i as part of it and NOT at the start. 1 into 1 million? Do not know, in this case the hash recognition will fail.
I only know it need to be resolved just: checking that the string is at begin of the string (easy!) or using native php function, we'll see

Re: Login fails after password change

Posted: Tue Jan 14, 2020 10:38 pm
by axew3
So, i after check all things about, and i see all goes fine, until a password do not contain a character (for example) like "
"^K@rMtm5Pt%&""""\k5YYaDPO8xVl(Q

please update to

Code: Select all

== Changelog ==

= 2.1.0 =
*Release Date - 14 Gen, 2020*
* Fix: passwords hashing and password check flow, to be compatible between new phpBB3 3.3.0 and previsous 3.2 versions
* Fix: password containing special chars like " or may not allowed in WP like \ to be recognized and hashed correctly
* Add: phpBB 3.3.0 PASSWORD_ARGON2I and PASSWORD_ARGON2ID support
* Minor fixes
just released!