Simple Membership . Password empty or invalid

[kcfez]

I am trying to add a WordPress (version 6.8.1) front end to a version 3.3.5 phpbb site so that I can use the membership payment options available with Simple Membership plugin.

The Simple Membership plugin (Version: 4.6.4 Author: wp.insider) works as required with the WP phpbb plugin deactivated, but does not when it is activated, giving the ' Password empty or invalid' error on every attempt to login.

This instance of WP, with the WP phpbb plugin activated but with the Simple Membership plugin deactivated, worked with the template modifications. But the wp-login.php is missing, so users are unable to login using WP although they can through phpbb and pass through to WordPress logged in correctly.

I built a separate new instance of WordPress with just the WP phpbb plugin and phpp extension. This seemed to work well with both phpbb and wp login.

So any ideas on how to either set up the two plugins and extension or to modify Simple Membership before I do some debugging.

I am really looking to see if anybody has the setup working and how they overcame any issues they had.

[axew3]

A fly test before to go to sleep return this on $_POST when the

Code: Select all

function wp_check_password($password, $hash, $user_id = '') {

on wp_w3all.php fire:

Code: Select all

Array ( [swpm_login_origination_flag] => 1 [swpm_user_name] => test [swpm_password] => tteess [swpm-login] => Log In )

then no one of these vars are detected as valid, the wp_check_password correctly return false, the membership plugin presents vars named on his own way.

So that, to make it work the integration plugin in the right way there are some options, tomorrow i will check whats better, but result to be obvious that if you want to change it into the integration plugin, you could re-assign vars (i will look a smart way tomorrow) so:
inside the wp_w3all.php file
there is this code:

Code: Select all

# replace WP default wp_check_password function that include the phpBB session setup for the user, if the pass match
if ( ! function_exists( 'wp_check_password' ) && ! defined("WPW3ALL_NOT_ULINKED") ) :

function wp_check_password($password, $hash, $user_id = '') {

// wp do not allow char \ on password
// phpBB allow \ char on password

just after add simply this:

Code: Select all

if(isset($_POST['swpm_user_name'])){
	$password = $_POST['swpm_password'];
	$u = get_user_by('login', trim($_POST['swpm_user_name']));
	$user_id = $u->id;
}

i do not remember if $_POST['swpm_user_name'] in this case require to be sanitized before, i will give you tomorrow the right code and the way to add without having to loose it any time the plugin update using the plugin's custom files options.

See you later

[kcfez]

Chow axew3,
I will not start hacking as WP is a whole new ballgame to me although I have been using phpbb since 2003. I will await your suggested fix.

As well as creating users in Simple Membership (/wpexample/wp-admin/admin.php?page=simple_wp_membership&member_action=add), I also tried using Simple Membership WP user Import Version: 1.9.1 Author: wp.insider to transfer the WP users imported from phpbb (/wpexample/wp-admin/admin.php?page=swpm-wp-import). I also tried using Simple Membership registration (/wordpress/membership-join/membership-registration-2/). That information probably does not help because, as you say, swpm is using different variables so username and password are not being exchanged correctly.
When completing this registration ( /wordpress/membership-login/?swpm_auto_login=1&swpm_user_name=bill&swpm_encoded_pw=NDYyM2tjc3ViYXJV&swpm_auto_login_nonce=101601d435&swpm_login_origination_flag=1 ) I get an access denied error.

[axew3]

Hello, so going on:

If you like to add custom code/hooks for external plugins, it as been added lately this, that's mentioned on the very bottom of the Help Install Page (but an explain post will be added soon) the notice say:

/wp-content/plugins/wp-w3all-phpbb-integration/common/custom_functions.php
Open it with a text editor, there are simple info on how to use and a basic and working snippet example.

the file as you can see contain the explain on how to do:

Code: Select all

# ADD hooks and custom code to be added into the wp_w3all.php file
# Place this file into the folder
# /wp-content/plugins/wp-w3all-custom/
# so you'll have
# /wp-content/plugins/wp-w3all-custom/custom_functions.php
# Then it will be parsed as part of the plugin code
# The inclusion (if the file '/wp-content/plugins/wp-w3all-custom/custom_functions.php' exist)
# is on file /wp-content/plugins/wp-w3all-phpbb-integration/wp_w3all.php

A solution can be to add so on it, after of before to add the file as explained into the created folder, the following code:

Code: Select all

# Simple membership plugin login vars fix
  if( isset($_POST['swpm_user_name']) && isset($_POST['swpm_password']) && isset($_POST['swpm-login']) ){
  	if(! defined("WPW3ALL_NOT_ULINKED")) define("WPW3ALL_NOT_ULINKED",true);
  }

But in this way, the default function wp_check_password will be loaded, and not the one that replace it from the w3all plugin and that recognize also phpBB hash passwords, then, you should setup:
a) the plugin on main settings to USE THE WP PASSWORD HASH way
b) allow users to update their password only in wordpress and not in phpBB

AND, but, i see that on profile anyway, this plugin follow on his way again, so that, when you update the email of an user in phpBB, the result seem to me that, if you go to WP default it result correctly updated, so Wordpress recognize the new email, WHILE this plugin, display the old one!
I not checked the way this plugin wirk, nor his hooks that could be used to work around all, but doing the above, you should so DO NOT ALLOW USERS TO UPDATE THEIR EMAIL AND PASSWORD in phpBB.
To this disable the module on ACP, as explained into the install help steps
https://www.axew3.com/w3/wordpress-phpb ... n-install/

Note: to disable the Edit account settings module in phpBB on
ACP -> System Tab -> Module management -> User Control panel
disable the Edit account settings module (where an user can change the email and update password in phpBB ucp).

This is a way to go integrated, i've take just a fast look without looking as said, into the Memberships hooks and code but there are surely many more.

Code: Select all

if( isset($_POST['swpm_user_name']) && isset($_POST['swpm_password']) && isset($_POST['swpm-login']) ){

check only the login? I hope so, and i think yes, but if all three vars are set even when it is not a login but a profile update, it will set with

Code: Select all

if(! defined("WPW3ALL_NOT_ULINKED")) define("WPW3ALL_NOT_ULINKED",true);

line, the user as NOT LINKED, no one user's profile or session actions are affected by the plugin code that will NOT run.
But i tested it working fine, so should be ok (an email updated into the Membership front end profile is correctly updated in phpBB.
Let know, i have to go now but i will better read your post above after, and i will return in reply again!

PS NOTE that the option USE CUSTOM files into plugin admin do not require to be set to Yes for the custom_functions.php to work. It will work anyway if the file exist.
AND NOTE that if an user changed the password in phpBB or WP while the plugin was active, HE HAVE TO RESET the password because the hash will not be recognized!

If all works with the setup like the above, and you like the way it is integrated (no pass and email update in phpBB) then you should be up and running just with it.
Let know!

[kcfez]

Thanks axew3,
Great service.
I have made the mods to custom and setup and will report back after testing.

[kcfez]

I have performed a quick test and as yet have not managed to get it to work.
I have /srv/jowett.club/public/htdocs/wordpress/wp-content/plugins/wp-w3all-phpbb-integration/custom_functions.php

Code: Select all

<?php defined( 'ABSPATH' ) or die( 'forbidden' );
if ( !function_exists( 'add_action' ) ) {
  die( 'forbidden' );
}

# ADD hooks and custom code to be added into the wp_w3all.php file
# Place this file into the folder
# /wp-content/plugins/wp-w3all-custom/
# so you'll have
# /wp-content/plugins/wp-w3all-custom/custom_functions.php
# Then it will be parsed as part of the plugin code
# The inclusion (if the file '/wp-content/plugins/wp-w3all-custom/custom_functions.php' exist)
# is on file /wp-content/plugins/wp-w3all-phpbb-integration/wp_w3all.php

# Example: WP members redirect message fix
# fix registration error message when an existent username/email is found into the forum db
if(isset($_POST['_wpmem_register_nonce']) && !empty($_POST['username']) && !empty($_POST['user_email']))
{
   if( !empty(WP_w3all_phpbb::ck_phpbb_user( $_POST['username'], $_POST['user_email'] )) ){
    add_filter( 'wpmem_register_data', 'w3all_wpmem', 2 );
   }
}
  function w3all_wpmem($data, $tag='new'){
   global $wpmem_themsg;
   $wpmem_themsg = 'Error: Username or email address exists into our forum.';
    return $data;
  }
  
# Simple membership plugin login vars fix
if( isset($_POST['swpm_user_name']) && isset($_POST['swpm_password']) && isset($_POST['swpm-login']) ){
if(! defined("WPW3ALL_NOT_ULINKED")) define("WPW3ALL_NOT_ULINKED",true);
}

I have set plugin to USE THE WP PASSWORD HASH.
I have disabled th Edit account settings module.
I have not rebooted .
I have closed browser and reopend with URL https://jowett.club/wordpress/membership-login/
I still get it refusing the password.
I then tried loging in to phpbb and it succesfully logged in to wp , so did that rest the password in wp to the wp encoding, rather than the phpbb encoding?
I then imported that user from WP into Simple Membership using Simple Membership WP user Import and tried again. Still no joy!

Any ideas? Perhaps looking at the database entries might help to see what is going on.