Hello,
I got a question regarding the usage of hooks, i need to know how and when hooks are kicked into action, can a admin hook be used if a user isn't logged in? Or do they only work if a super user is recognized with a active session?
Furthermore,
I would like to use the admin_user_users_edit hook within a function called in a file outside mybb to change some user data on the $_POST method.
$plugins->run_hooks('admin_user_users_edit');
How do i reach a specific field, e.g if i only wish to edit the username of a user, how do i do? and what code may i use?
Let me know, i appreciate any help or advice given here.
Thanks.
The the code reaches a run_hook function, the plugin class then cycles through all functions listed as related to that hook (those from all plugins that call add_hook for that hook name).
It is up to the developer to determine if the requested function works for guests or not. A hook can only be run when the code reaches that line. If the user is not logged in and the code is stopped before run_hook is reached, then the hook will never be run.
Why would you want to run an external file? Create a plugin file that uses
$plugins->add_hook('admin_users_users_edit', 'your_function_name_here'); and create a function of the same name and then modify the user content there.
Because i am developing a SSO (single sign-on) system used with mybb, i am halfway through all neccessary functions but i need to update a password of a mybb user after a password reset, as my frontend system only generates a new password after a reset and not for the mybb user, therefore i made a plugin to force users to change their password within the frontend system.
Once the frontend user updates and saves their "new password" it does not update the mybb user's password since the mybb user was not logged in when the password change process was done and therefore the password for mybb was never set.
I am able to update the password for a mybb user when both systems are authenticated at the same time but not when mybb is not authenticated.
Should i update the password with a simple mysql query update function? Because this is the only way that i can think of that works without being logged in since the password change is happening straight through php into mysql and not in mybb into mysql.
Since mybb disagrees the usage of admin hooks while not authenticated as a super user or administrator.
Give me some advice on what to do, I'd appreciate it very much.
Thanks.
in your frontend code where you are forcing the reset and have the plain text password, just replicate the mybb password hash routine from the member.php do_login action and directly update the mybb database directly from your code.
this would be the same password hash routine you are using for SSO authentication
include the mybb config.php file so you have the credentials to the DB and then connect to it and update the user table. be sure to generate a new salt during the reset and update the user table with the new salt and the new password hash.
btw, what i am saying is that you dont need any hooks, just directly manipulate the DB
(2012-07-07, 04:52 PM)pavemen Wrote: [ -> ]in your frontend code where you are forcing the reset and have the plain text password, just replicate the mybb password hash routine from the member.php do_login action and directly update the mybb database directly from your code.
this would be the same password hash routine you are using for SSO authentication
include the mybb config.php file so you have the credentials to the DB and then connect to it and update the user table. be sure to generate a new salt during the reset and update the user table with the new salt and the new password hash.
btw, what i am saying is that you dont need any hooks, just directly manipulate the DB
I have both systems on the same db, however, i am thinking about using the password function for mybb and then use a mysql insert statement to update the password once the external password reset function have generated the new password and the user has activated it through their retrieval mail.
How about using this function within my external password reset function file? (taken from
functions_user.php in
/inc/:
//If there are no mybb authentication
if (!$this->mybb->user['uid'] != 0){
update_password();
}
else{
//If there is a mybb authentication
$userhandler = new UserDataHandler('update');
$data = array(
'uid' => intval($user_id),
'password' => $password
);
$userhandler->set_data($data);
if (!$userhandler->validate_user()){
$errors = $userhandler->get_friendly_errors();
return ($inline_error === true) ? inline_error($errors) : $errors;
}
$userhandler->update_user();
return true;
}
functions_user.php
153 function update_password($uid, $password, $salt="")
154 {
155 global $db, $plugins;
156
157 $newpassword = array();
158
159 // If no salt was specified, check in database first, if still doesn't exist, create one
160 if(!$salt)
161 {
162 $query = $db->simple_select("users", "salt", "uid='$uid'", array('limit' => 1));
163 $user = $db->fetch_array($query);
164 if($user['salt'])
165 {
166 $salt = $user['salt'];
167 }
168 else
169 {
170 $salt = generate_salt();
171 }
172 $newpassword['salt'] = $salt;
173 }
174
175 // Create new password based on salt
176 $saltedpw = salt_password($password, $salt);
177
178 // Generate new login key
179 $loginkey = generate_loginkey();
180
181 // Update password and login key in database
182 $newpassword['password'] = $saltedpw;
183 $newpassword['loginkey'] = $loginkey;
184 $db->update_query("users", $newpassword, "uid='$uid'", 1);
185
186 $plugins->run_hooks("password_changed");
187
188 return $newpassword;
189 }
Remember, i need to update the user's password when the user is not authenticated with mybb. To get the correct user id to be used within the mysql update statement i would need to use the external user id within it.