I am attempting to authenticate from the user db of this site (Content management systems based) also it utilizes a slightly different approach at storing hashed passwords. It utilizes a at random produced salt for every user. The salt is saved within the user db together with the hashed passwords. Hence, direct area-planned authentication (because the Exterior DB wordpress plugin does) will not work with me.

To begin, I simply shown the DB wordpress plugin and modified the user_login() procedure to see the hashed password and also the salt in the database after which hash the joined password again using the salt and match it up with using the password within the database. Here's the code for my user_login() function

function user_login($username, $password) {

    global $CFG;

    $textlib = textlib_get_instance();
    $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
    $extpassword = $textlib->convert(stripslashes($password), 'utf-8', $this->config->extencoding);

    $authdb = $this->db_init();

    // normal case: use external db for passwords

    // Get user data
    $sql = "SELECT 
    		FROM {$this->config->table} 
    		WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ";


    // No DB Connection
    if ( !$rs = $authdb->Execute( $sql ) ) {
        return false;

    // No records returned
    if( $rs->EOF ) {
        return false;

    // Get password
    $db_password = $rs->fields['user_password'];
    $salt = $rs->fields['user_salt'];

    // Close DB Conn

    // Return match
    return sha1( $extpassword . $salt ) == $db_password;


However when I attempt to login, username / passwords akin to the web site (Content management systems) database are failing. However, the password (for the similar user) which was saved in Moodle previously (before I attempted by using this custom wordpress plugin) gets me through.

Which means, either my authentication routine is failing or moodle's internal db based auth mechanism takes priority regarding this.

I have enabled ADODB debug mode - but that is not helping either. After I let the debug output from Server configurations, the mistake messages are now being sent just before the page headers. Thus the login page will not display whatsoever.

I've other types of authentication switched off (aside from Manual which can not be switched off) and my very own.

Any tips on how to solve this problem?

Thanks, m^e

Are you able to read the order the authentication pluggins are displayed? This can determine an order by which they are utilised. See..


In either case, the behavior you are seeing indicates that the code is coming back false and also the fall through logic referred to here...


... and here...


... is kicking in.

Perhaps you have attempted coming back "true" always out of your wordpress plugin to make sure that it's being known as. Then, you can begin coming back "true" based on other activities (hard coded usernames etc). This method will help you to become so terrible where you stand either ongoing to fail or seeing more targetted failures. Are you certain, for instance, it's the consumer_login function and never the following call to update_user_record that's failing?

Finally, are you certain you are producing the salted password within the identical method in which it had been produced to begin with? This is, for me personally, probably the most likely reason for the issue. Are you able to seize control of the development of the salted password to ensure that you have both development of new customers and authentication of customers - this could make sure that you were synchronized with the way the salted password and hash were produced.