Title: MSSQL & Authentication Hook Problem Last modified: January 10, 2020 --- # MSSQL & Authentication Hook Problem * [bradmkjr](https://wordpress.org/support/users/bradmkjr/) * (@bradmkjr) * [6 years, 5 months ago](https://wordpress.org/support/topic/mssql-authentication-hook-problem/) * After careful review of the code, I found that currently when using a Microsoft SQL Server, the exlog_hook_filter_authenticate_hash will never run because the authentication method is hardcoded in to the MSSQL if statement. If the $dbtype is ‘mssql’ then it runs exlog_validate_password() without checking to see if the filter is set. I have had to modify my local copy to include the filter check inside of the if statement to ensure that when I’m using a custom hashing function with a mssql database it will allow users to authenticate properly. * Current Code: * ``` if ($dbType == "mssql") { $query_string = 'SELECT *' . ' FROM ' . esc_sql($db_data["dbstructure_table"]) . ' WHERE ' . esc_sql($db_data["dbstructure_username"]) . '=\'' . esc_sql($username) . '\''; $stmt = sqlsrv_query($db_data["db_instance"], $query_string); if (sqlsrv_has_rows($stmt) != true) { return array("valid" => false); } while( $userData = sqlsrv_fetch_array($stmt)) { $user_specific_salt = false; if (exlog_get_option('external_login_option_db_salting_method') == 'all') { $user_specific_salt = $userData[$db_data["dbstructure_salt"]]; } $valid_credentials = exlog_validate_password($password, $userData[$db_data["dbstructure_password"]], $user_specific_salt); if ($valid_credentials) { $wp_user_data = exlog_build_wp_user_data($db_data, $userData); $wp_user_data["exlog_authenticated"] = true; return $wp_user_data; } } return array("valid" => false); } ``` * My quick and dirty solution: * ``` if ($dbType == "mssql") { $query_string = 'SELECT *' . ' FROM ' . esc_sql($db_data["dbstructure_table"]) . ' WHERE ' . esc_sql($db_data["dbstructure_username"]) . '=\'' . esc_sql($username) . '\''; $stmt = sqlsrv_query($db_data["db_instance"], $query_string); if (sqlsrv_has_rows($stmt) != true) { return array("valid" => false); } while( $userData = sqlsrv_fetch_array($stmt)) { $user_specific_salt = false; if (exlog_get_option('external_login_option_db_salting_method') == 'all') { $user_specific_salt = $userData[$db_data["dbstructure_salt"]]; } if ($userData) { $user_specific_salt = false; if (exlog_get_option('external_login_option_db_salting_method') == 'all') { $user_specific_salt = $userData[$db_data["dbstructure_salt"]]; } $hashFromDatabase = $userData[$db_data["dbstructure_password"]]; if (has_filter(EXLOG_HOOK_FILTER_AUTHENTICATE_HASH)) { $valid_credentials = apply_filters( EXLOG_HOOK_FILTER_AUTHENTICATE_HASH, $password, $hashFromDatabase, $username, $userData ); } else { $valid_credentials = exlog_validate_password($password, $hashFromDatabase, $user_specific_salt); } if ($valid_credentials) { $wp_user_data = exlog_build_wp_user_data($db_data, $userData); $wp_user_data["exlog_authenticated"] = true; return $wp_user_data; } else { $user_data["exlog_authenticated"] = false; return $userData; } } else { return false; } $valid_credentials = exlog_validate_password($password, $userData[$db_data["dbstructure_password"]], $user_specific_salt); if ($valid_credentials) { $wp_user_data = exlog_build_wp_user_data($db_data, $userData); $wp_user_data["exlog_authenticated"] = true; return $wp_user_data; } } return array("valid" => false); } ``` * I would love to see a version of the plugin updated to check for the exlog_hook_filter_authenticate_hash filter when using Microsoft SQL Server. * Thanks for the great plugin, Brad Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [tbenyon](https://wordpress.org/support/users/tbenyon/) * (@tbenyon) * [6 years, 5 months ago](https://wordpress.org/support/topic/mssql-authentication-hook-problem/#post-12314659) * Hey Brad, * GREAT SPOT! * Apologies for my mistake. Really appreciate you taking the time to diagnose the problem yourself. 🙂 * I’ll get the fix in and deployed within a week for you, I’m hoping it’ll be this weekend but just can’t promise that. * Will keep you posted with updates and if you haven’t heard from me I won’t be offended if you chase. * Thanks again, * Tom * [blazer380](https://wordpress.org/support/users/blazer380/) * (@blazer380) * [6 years, 4 months ago](https://wordpress.org/support/topic/mssql-authentication-hook-problem/#post-12378203) * Hi Brad, * I have a client that has an existing user database hosted on their MS Azure Cloud server. I’m building them a WordPress site that will need to query that external DB to check for login credentials and give access to content that is behind a login on the WP site. My understanding is that as of right now this plugin doesn’t support Azure Cloud connections. Were you able to get a workaround? If so, could you please reach out to me: [alex@mrwebsitedesigner.com](https://wordpress.org/support/topic/mssql-authentication-hook-problem/alex@mrwebsitedesigner.com?output_format=md) * Much appreciated, Alex Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘MSSQL & Authentication Hook Problem’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/external-login_fbebd6.svg) * [External Login](https://wordpress.org/plugins/external-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/external-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/external-login/) * [Active Topics](https://wordpress.org/support/plugin/external-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/external-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/external-login/reviews/) ## Tags * [microsoft-sql-server](https://wordpress.org/support/topic-tag/microsoft-sql-server/) * [mssql](https://wordpress.org/support/topic-tag/mssql/) * 2 replies * 3 participants * Last reply from: [blazer380](https://wordpress.org/support/users/blazer380/) * Last activity: [6 years, 4 months ago](https://wordpress.org/support/topic/mssql-authentication-hook-problem/#post-12378203) * Status: not resolved