From 7dfe5d0be3322756fe0207e3fbc27f5424de1d3d Mon Sep 17 00:00:00 2001
From: Platonides <platonides@gmail.com>
Date: Wed, 19 Sep 2018 00:27:12 +0200
Subject: [PATCH] Adjust database access and password check

---
 AuthWMESbyDB.php | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/AuthWMESbyDB.php b/AuthWMESbyDB.php
index 64c24e6..df2ab9c 100644
--- a/AuthWMESbyDB.php
+++ b/AuthWMESbyDB.php
@@ -132,7 +132,7 @@ class AuthWMESbyDB extends \ls\pluginmanager\AuthPluginBase
         $sUserName = $this->getUserName();
         $sUserPass = $this->getPassword();
 
-        $aWpUser=$this->getWpDbUser($sUserName,$sUserPass);
+        $aWpUser=$this->getWmesDbUser($sUserName,$sUserPass);
         if(!$aWpUser){
             $this->setAuthFailure(self::ERROR_USERNAME_INVALID);
             return;
@@ -142,8 +142,8 @@ class AuthWMESbyDB extends \ls\pluginmanager\AuthPluginBase
         {
             $oUser=new User;
             $oUser->users_name=$aWpUser['user_login'];
-            $oUser->full_name=$aWpUser['display_name'];
-            $oUser->password=substr(md5(rand()),0,20);;
+            $oUser->full_name=$aWpUser['user_login'];
+            $oUser->password=createPassword();
             $oUser->parent_id=1;
             $oUser->lang='auto';
             $oUser->email=$aWpUser['user_email'];
@@ -185,28 +185,24 @@ class AuthWMESbyDB extends \ls\pluginmanager\AuthPluginBase
     }
 
     /**
-    * Validate user by username/password from WordPress
+    * Validate user by username/password from WMES
     * @param string $sUserName : the user name
     * @param string $sUserPass : the user pass
     * return array : User information
     **/
-    private function getWpDbUser($sUserName,$sUserPass)
+    private function getWmesDbUser($sUserName,$sUserPass)
     {
         if($this->addWpDb())
         {
             $aUser = Yii::app()->wmesdb->createCommand()
-                                    ->select('user_login,user_pass,user_nicename,user_email,display_name,ul.meta_value as user_level')
+                                    ->select('user_login,user_pass,user_email,user_level')
                                     ->from('{{users}}')
-                                    ->leftJoin('{{usermeta}} ul', 'ID = ul.user_id AND ul.meta_key="wp_user_level"')
                                     ->andWhere("user_login = :user_login")
                                     ->bindParam(':user_login',$sUserName)
                                     ->queryRow();
             if(!$aUser)
                 return;
-            //Yii::import('plugins.AuthWPbyAPI.third_party.phpass.PasswordHash');
-            require_once dirname(__FILE__).'/third_party/phpass/PasswordHash.php';// DIRECTORY_SEPARATOR not needed
-            $oHasher = new PasswordHash(8, TRUE);
-            $bCheck = $oHasher->CheckPassword($sUserPass, $aUser['user_pass']);
+            $bCheck = password_verify($sUserPass, $aUser['user_pass']);
             if($bCheck)
                 return $aUser;
             else
-- 
2.30.2