The coming (awesome) WP_w3all WP phpBB 3.0.0 - logs

Post Reply
User avatar
axew3
w3all User
w3all User
Posts: 2991
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:
Contact axew3

The coming (awesome) WP_w3all WP phpBB 3.0.0 - logs

Post by axew3 »

On plugin version 3 a new global var will be added:

Code: Select all

$avoid_w3all_password_check
it can be set into the Custom code file as more like and so, used to, as the name explain himself, to avoid the default wp_check_password replacement with the one of the integration plugin in certain cases:
https://www.axew3.com/w3/2025/06/wordpr ... code-file/

Explain: it can be seen actually, into the wp_w3all.php file, this code:

Code: Select all

// 2fa x All-In-One Security is into WP_w3all_phpbb::verify_phpbb_credentials()
# Avoid for Wordfence 2fa. Just do not replace wp_check_password, let Wordfence 2fa auth do his way
if(isset($_POST['action']) && $_POST['action'] == 'wordfence_ls_authenticate')
{ # do nothing
  } else {
# replace WP default wp_check_password function that include the phpBB session setup for the user, if the pass match
if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :

function wp_check_password($password, $hash, $user_id = '') {

// wp do not allow char \ on password: ... ...
... ...
a line WILL BE CHANGED in favor of this instead:

Code: Select all

if( $avoid_w3all_password_check > 0 OR isset($_POST['action']) && $_POST['action'] == 'wordfence_ls_authenticate')
{ # do nothing
  } else {
the use of the global $avoid_w3all_password_check var that can be set as 1, will avoid the replacement of the WP default wp_check_password not only as it is coded now, when there is a Wordfence 2fa request, BUT FOR ANY OTHER PLUGIN AND POSSIBLE SITUATION.

Like so in this example, instead of this:
viewtopic.php?p=7008#p7008

we can resolve like this:

Code: Select all

# Simple membership plugin login vars fix
  if( isset($_POST['swpm_user_name']) && isset($_POST['swpm_password']) && isset($_POST['swpm-login']) ){
  	#if(! defined("WPW3ALL_NOT_ULINKED")) define("WPW3ALL_NOT_ULINKED",true);
  	$avoid_w3all_password_check = 1;
  }
that's the correct way, if we want not all the code excluded, firing/defining the constant WPW3ALL_NOT_ULINKED, but just avoid the wp_check_password replacement.
Top
User avatar
axew3
w3all User
w3all User
Posts: 2991
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:
Contact axew3

Re: The coming (awesome) WP_w3all WP phpBB 3.0.0 - logs

Post by axew3 »

Many code lines into the file
/class.wp.w3all-phpbb.php
requires a deep cleanup about several stupids and incongruent lines of code!
Top
Post Reply

Return to “phpBB WordPress”