Conversation
supportHi Josh, I’ve been using your plugin successfully for a while, and all working well. Recently i’ve been getting a default email notice from WordPress to confirm that my password has changed. My password hasn’t changed, and i’m always able to login as normal. It seems my logging in is triggering this email for some reason (this occurs each time i log in to the site). Wondering if you’ve come across this before, and whether it may be related to the plugin in some way, or unrelated? Just looking to narrow down the potential cause. Many thanks for time. Matt https://wordpress.org/plugins/external-db-auth-reloaded/
I will test this out. It seems that it may be either a conflict with another plugin, or maybe with the recent change in WordPress with regards to secure passwords.
Hi Josh Thanks for looking into it. To help i deactivated all plugins (including your EDAR plugin) and logged in/out directly from WP (as my details are stored now locally as well as externally). When i reactivated EDAR the ‘changed password’ message was received again. No other plugins active, and i’ve not changed my Theme. So maybe an issue with the latest WP version (which is version 4.3 on my site). Welcome further thoughts. Cheers Matt
i’m using MD5 password encryption method if that helps.
Hi Josh, Any update on this as yet? Thanks
@mattboden , I tested it with a database that uses the same encryption method. I don’t get the error message you are seeing. Actually, I forgot to do one other thing. I will post again once I’ve done another test.
Ok. What the plugin does is updates the wp_users table each time the user logs in including the password. So, because the password is updated on each log in, the admin receives an email alerting him/her that a user has changed/updated his/her password. I am hesitant in overriding this in a plugin update, so I think I have to leave this to the discretion of each person using this plugin. I am going to assume it is calling the action hook ‘password_reset’: https://core.trac.wordpress.org/browser/tags/4.3/src/wp-includes/user.php#L2520 So, adding this code in your theme’s function.php file might work, but I have not tested it. remove_action('password_reset','__return_false');
Thanks for further support Josh! Okay, so i’m a bit confused. I’ll check theme and plugins again. I’ve another WP website also using the database auth plugin, and updated this site to WordPress 4.3 yesterday. And now that one is doing the same thing on that site too. I’ve not tested your code above yet, but it has prompted a thought. The original site that had this problem is an eCommerce site (woocommerce), and whilst “members” reside on an external DB and can login via your plugin, there are also “customers” who can create an account locally on the website. Wondering how this will affect password reseting for this user group? What should it be doing in this scenario? Currently I can register and login as a “customer” directly onto my WP site/database (woocommerce) no problem, but I can’t reset the password for that customer using “password reset” /my-account/lost-password/ – just getting a blank white screen when EDAR is activated). Again should this work and bypass EDAR plugin? Does that make sense? I’ll do some testing again my end by deactivating plugins & theme. Cheers Matt
Hi Josh The function code you provided doesn’t seem to work either (i know you said it was untested). Thanks for ongoing help with this. Cheers Matt
Okay, you can remove the code that I told you before. After removing the code from functions.php, download and install this plugin: https://www.hightail.com/download/bXBiV0p6MGNRR2V2eE1UQw
Thanks Josh. That worked for me. It did raise something i hadnt previously spotted though in terms of resetting passwords. For the members i have on an external DB i can set up a redirect for this link as password resets have to happen outside of wordpress. However i have an eCommerce setup (woocommerce platform) that allows customers to create an account when paying at the checkout page. This works fine and they can register, become “customers” and login from a separate “My Account” section of Woocommerce (so away from the main login that EDAR authenticates against). To reset passwords for Woocommerce i can get as far as a /my-account/lost-password/ page, but on entering an email to send reset confirmation the page goes white. So i’m unable to enable password reset for this group only within Worpress. Is that as expected? And if so, is there any type of workaround to allow this group (the “customers” who sit on WordPress DB only) to reset their passwords locally within WordPress? Hope that makes sense? Cheers Matt
Hello Matt, Try this solution: function donot_send_password_change_email($t,$old,$new) {return false;} add_filter( ‘send_password_change_email’, ‘donot_send_password_change_email’, 1, 3 ); Regards, Tom Miletics
Hi there, I’d like to weigh in on this issue. It seems that the plugin is calling wp_update_user() with a ‘password’ argument *every* *time* a user logs in. This is what is causing the notification emails to go out. It is described in detail here: https://wordpress.org/support/topic/read-this-first-%E2%80%93-wordpress-43-master-list?replies=4#post-7314894 I am going to use the add_filter() temporary fix, but it would be nice if the plugin could do a password check before trying to update it 🙂 Cheers — Romain
I will test this out. It seems that it may be either a conflict with another plugin, or maybe with the recent change in WordPress with regards to secure passwords.
Hi Josh Thanks for looking into it. To help i deactivated all plugins (including your EDAR plugin) and logged in/out directly from WP (as my details are stored now locally as well as externally). When i reactivated EDAR the ‘changed password’ message was received again. No other plugins active, and i’ve not changed my Theme. So maybe an issue with the latest WP version (which is version 4.3 on my site). Welcome further thoughts. Cheers Matt
i’m using MD5 password encryption method if that helps.
Hi Josh, Any update on this as yet? Thanks
@mattboden , I tested it with a database that uses the same encryption method. I don’t get the error message you are seeing. Actually, I forgot to do one other thing. I will post again once I’ve done another test.
Ok. What the plugin does is updates the wp_users table each time the user logs in including the password. So, because the password is updated on each log in, the admin receives an email alerting him/her that a user has changed/updated his/her password. I am hesitant in overriding this in a plugin update, so I think I have to leave this to the discretion of each person using this plugin. I am going to assume it is calling the action hook ‘password_reset’: https://core.trac.wordpress.org/browser/tags/4.3/src/wp-includes/user.php#L2520 So, adding this code in your theme’s function.php file might work, but I have not tested it. remove_action('password_reset','__return_false');
Thanks for further support Josh! Okay, so i’m a bit confused. I’ll check theme and plugins again. I’ve another WP website also using the database auth plugin, and updated this site to WordPress 4.3 yesterday. And now that one is doing the same thing on that site too. I’ve not tested your code above yet, but it has prompted a thought. The original site that had this problem is an eCommerce site (woocommerce), and whilst “members” reside on an external DB and can login via your plugin, there are also “customers” who can create an account locally on the website. Wondering how this will affect password reseting for this user group? What should it be doing in this scenario? Currently I can register and login as a “customer” directly onto my WP site/database (woocommerce) no problem, but I can’t reset the password for that customer using “password reset” /my-account/lost-password/ – just getting a blank white screen when EDAR is activated). Again should this work and bypass EDAR plugin? Does that make sense? I’ll do some testing again my end by deactivating plugins & theme. Cheers Matt
Hi Josh The function code you provided doesn’t seem to work either (i know you said it was untested). Thanks for ongoing help with this. Cheers Matt
Okay, you can remove the code that I told you before. After removing the code from functions.php, download and install this plugin: https://www.hightail.com/download/bXBiV0p6MGNRR2V2eE1UQw
Thanks Josh. That worked for me. It did raise something i hadnt previously spotted though in terms of resetting passwords. For the members i have on an external DB i can set up a redirect for this link as password resets have to happen outside of wordpress. However i have an eCommerce setup (woocommerce platform) that allows customers to create an account when paying at the checkout page. This works fine and they can register, become “customers” and login from a separate “My Account” section of Woocommerce (so away from the main login that EDAR authenticates against). To reset passwords for Woocommerce i can get as far as a /my-account/lost-password/ page, but on entering an email to send reset confirmation the page goes white. So i’m unable to enable password reset for this group only within Worpress. Is that as expected? And if so, is there any type of workaround to allow this group (the “customers” who sit on WordPress DB only) to reset their passwords locally within WordPress? Hope that makes sense? Cheers Matt
Hello Matt, Try this solution: function donot_send_password_change_email($t,$old,$new) {return false;} add_filter( ‘send_password_change_email’, ‘donot_send_password_change_email’, 1, 3 ); Regards, Tom Miletics
Hi there, I’d like to weigh in on this issue. It seems that the plugin is calling wp_update_user() with a ‘password’ argument *every* *time* a user logs in. This is what is causing the notification emails to go out. It is described in detail here: https://wordpress.org/support/topic/read-this-first-%E2%80%93-wordpress-43-master-list?replies=4#post-7314894 I am going to use the add_filter() temporary fix, but it would be nice if the plugin could do a password check before trying to update it 🙂 Cheers — Romain