Page 1 of 1

Fatal Error at login

Posted: Fri Apr 30, 2021 8:13 am
by bbuerger
Hi,

since day before yesterday I get a fatal error when I log in to Wordpress. I did not install any updates or change anything else.

WordPress-Version 5.7.1
Current Theme: GeneratePress (Version 2.4.1)
Current Plugin: WordPress w3all phpBB integration (Version 2.4.4)
PHP-Version 7.4.16

The error is of type E_ERROR in line 847 of file /wp-content/plugins/wp-w3all-phpbb-integration/class.wp.w3all-phpbb.php .
Uncaught Error: Cannot unset string offsets in /usr/www/users/ciafad/ciaf/wp-content/plugins/wp-w3all-phpbb-integration/class.wp.w3all-phpbb.php:847

Stack trace:
#0 /usr/www/users/ciafad/ciaf/wp-content/plugins/wp-w3all-phpbb-integration/class.wp.w3all-phpbb.php(2755): WP_w3all_phpbb::phpBB_user_session_set(Object(WP_User))
#1 /usr/www/users/ciafad/ciaf/wp-content/plugins/wp-w3all-phpbb-integration/wp_w3all.php(966): WP_w3all_phpbb::phpBB_user_session_set_res(Object(WP_User))
#2 /usr/www/users/ciafad/ciaf/wp-includes/user.php(170): wp_check_password('##password##', '$argon2id$v=19$...', 61)
#3 /usr/www/users/ciafad/ciaf/wp-includes/class-wp-hook.php(292): wp_authenticate_username_password(Object(WP_User), '##user name#', '##password##')
#4 /usr/www/users/ciafad/ciaf/wp-includes/plugin.php(212): WP_Hook->apply_filters(NULL, Array)
#5 /usr/www/users/ciafad/ciaf/wp-includes/pluggable.php(582): apply_filters('authenticate', NULL, '##user name##', '##password##')
#6 /usr/www/users/ciafad/ciaf/wp-includes/user.php(

What I have tried:

I updated the plugin, since my version 2.4.4 was not exactly like the version downloaded from WordPress repository. Also my version was installed on March 16, the repository states the last update as beeing 3 weeks old. Have there been two updates with the same number?

The problem started shortly after a user changed his mail adress in phpbb. He was the first user to get this error message. That may or may not be connected. In WP database he was still listed with the old adress. I updated that. The problem is still there. Any login from any user gets the same error.

A user can log in from phpbb side. The forum works ok.

Now it gets really weird. When switching over to WP some users get 'Notice: mismatching session OR bruteforce login detected. Please login here again to unlock your account.'. Some users can switch over. I cannot find any difference.

I created an new user. He can switch to WP. He cannot log in from WP side.

I tried "forgot my password" for a user who could not switch. He still cannot switch over.

What else can I do?

Any help would be greatly appreciated.

Regards
Brigitta

Re: Fatal Error at login

Posted: Fri Apr 30, 2021 10:02 am
by axew3
Thank for the report.
In the while i will check for this, try to:
plugin admin, disable session brute force option, and save.
This will effectively empty records about bruteforce.
Then re-enable it.

Activate the plugin transfer/check options, use checks options to detect if there are users sharing same email in phpBB.

Let know how you configured the integration about: where users register, login and where you leave users updated their profiles and if you are using the integration with usernames/email pairs mismatching.

At mean time, i do not know how you configured the plugin to work, but i strongly recommend to use this from now on:
https://www.axew3.com/w3/forums/viewtop ... 5194#p5194

it is at first demo stage, but works fine. Until is not completely ready also for registrations, may leave users to register ONLY in wordpress side or phpBB.

Re: Fatal Error at login

Posted: Fri Apr 30, 2021 11:13 am
by bbuerger
Thank you for your reply.

Unfortunately I do not understand the first part of your message. Where do I have to disable session brute force option?

Users register and login through WP phpbb w3all Login Widget. Registration through WP is disabled. Users can update their profile in phpbb only. There are no duplicate usernames or mail adresses and they are matched.

The mismatched email adress I encountered day before yesterday was a first. I checked this, no mismatches found.

I have been using your plugin for more than 2 years and do not remember to have changed anything for the last major update. It has been working until now. But to my knowledge nobody tried to change his mailadress before. I will have a detailed look at the link you provided.

What I found are some possibly old password encryptions. Some passwords are like '$2y$.......' and some are like '$argon2id$v=19......'

Fortunately I am still logged in with an administration account which works as before. If I try log in with the same account with another device it fails.

Re: Fatal Error at login

Posted: Fri Apr 30, 2021 1:18 pm
by axew3
Screenshot_2021-04-30 w3all Options ‹ axew3 com — WordPress.png
Screenshot_2021-04-30 w3all Options ‹ axew3 com — WordPress.png (19.69 KiB) Viewed 29 times
try to reset, then try some user login, and let know.
Some passwords are like '$2y$.......' and some are like '$argon2id$v=19
it is ok. both recognized by phpBB, Bcript and argorn, and phpBB 3.3> rehash passwords when user (i do not remember exactly when) login in phpBB side or update his profile from bcript to argorn where supported by the system.

Until plugin active, into wordpress, both are recognized also.

Let see if i can reproduce the issue. It is anyway time to re-take a look to entire code for next release

Re: Fatal Error at login

Posted: Fri Apr 30, 2021 2:16 pm
by bbuerger
It works!

I reset, saved and set the option. That did it. So the different mail adresses may have been the reason. I will have a look at your link and try some changing of mailadresses later on.

Thank you so much for your great support.