Hello James! Thank for the report.
"change password" screen
with a specific plugin or default wp?
When an user change password in wordpress, it should be also updated to the same in phpBB at same time.
If it is not, then happen what you correctly say: the pass is updated to the old one, because the
verify_phpbb_credentials(){ function check for password match, and if mismatch, update the pass of the wp user with phpBB password. This because you could let users change their passwords into phpBB. So when a wp profile update happen, the password should be updated at same time into phpBB also.
If this do not happen, then what you experience come out.
The solution you propose seem to be the right way to resolve, but ... answering to you right now, and looking into code at same time, this aspect come out with a bug into plugin code i assume (do not know why it is this way, why at this moment in the past, this function has been coded like this):
into
wp_w3all.php file there is a call to the
after_password_reset hook:
Code: Select all
add_action( 'after_password_reset', 'wp_w3all_wp_after_password_reset', 10, 2 );
that into same file, fire then the function:
Code: Select all
function wp_w3all_wp_after_password_reset($user, $new_pass) {
$phpBB_user_pass_set = WP_w3all_phpbb::phpbb_pass_update_res($user, $new_pass);
$phpBB_user_activate = WP_w3all_phpbb::wp_w3all_wp_after_pass_reset($user);
}
then into file
class.wp.w3all-phpbb.php:
Code: Select all
public static function phpbb_pass_update($user, $new_pass) {
global $w3all_config,$wpdb;
$w3phpbb_conn = self::wp_w3all_phpbb_conn_init();
$wpu_db_utab = (is_multisite()) ? WPW3ALL_MAIN_DBPREFIX . 'users' : $wpdb->prefix . 'users';
$ud = $wpdb->get_row("SELECT * FROM $wpu_db_utab WHERE ID = '$user->ID'");
if(empty($ud)){
return;
}
if ( $user->ID == 1 ){ // update phpBB admin uid2
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$ud->user_pass' WHERE user_id = '2'");
} else {
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$ud->user_pass' WHERE username = '".$user->user_login."'");
}
}
I see it update retrieving the user data via a query to db, then it update using retrieved data.
I assume that this way, is the wrong way because maybe, the time of the query happen BEFORE the effective WP user pass update, so why do not use, the
$new_pass value, going to query the db instead?
So the function should be like this instead?
Code: Select all
public static function phpbb_pass_update($user, $new_pass) {
global $w3all_config;
$w3phpbb_conn = self::wp_w3all_phpbb_conn_init();
if ( $user->ID == 1 ){ // update phpBB admin uid2
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE user_id = '2'");
} else {
$w3phpbb_conn->query("UPDATE ".$w3all_config["table_prefix"]."users SET user_password = '$new_pass' WHERE username = '".$user->user_login."'");
}
}
if it possible to test it without changing nothing else into plugin code, and look if all after this change works fine would be great, or please let me know what (if using) plugin you experience the issue.
Another issue to be fixed on next coming soon 2.3.6
Thank you!