Wordpress SQRL login

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

MrObvious

Well-known member
Jan 30, 2019
49
5
Well, I was signed in as user_(numbers). Forgot to write it down. I'm disassociating my SQRL identity now and resetting it to my account.
 

MrObvious

Well-known member
Jan 30, 2019
49
5
Ok reassociated and now it logged in as me, logged out and logged in ok. Can someone still see if they are me?
 

shanedk

Well-known member
May 20, 2018
314
86
@kalaspuffar It works now!

EDIT: Except I can't change my random mess of a username to something sane. I change it and click on Update Profile, but it reverts back to the random mess.
 

kalaspuffar

Well-known member
May 19, 2018
267
91
Sweden
coderinsights.com
@kalaspuffar It works now!

EDIT: Except I can't change my random mess of a username to something sane. I change it and click on Update Profile, but it reverts back to the random mess.
That's a WordPress thing. Not sure if you can change username in WordPress. Would be nice. And if it's just a setting I can change it. Not something I'll focus on at the moment.
 

shanedk

Well-known member
May 20, 2018
314
86
Actually, I was referring to the Nickname, which you're supposed to be able to change.
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
Gang... Just a quick note that the results of THIS EFFORT will be the uncontested SQRL plug-in for Wordpress.

I mentioned on Tuesday's podcast that Rasmus had someone who was interested in tasking him with creating a SQRL plug-in for Wordpress. But in light of the terrific work that's already being done here on this, there seemed to be no point in a redundant effort. So... THIS will be it! :)
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
(Oh!... And I'm sure that Daniel knows that any text/language/explanations he wants to take from here for the description of SQRL for the plug-in is 100% okay and encouraged.)
 

Ashley Cawley

Member
Jun 20, 2019
5
1
A couple of us at work today installed Daniels great WordPress Plugin and gave it a whirl - it worked beautifully for us and made a great demo, I will be demo'ing it to more of my work colleagues tomorrow. I also have a number of ideas for further promoting SQRL. Keep up the great work all.
 
  • Like
Reactions: kalaspuffar

Once set this cannot be

Active member
Jun 27, 2019
38
13
Well, I was signed in as user_(numbers). Forgot to write it down. I'm disassociating my SQRL identity now and resetting it to my account.
I, too, noticed a change in user id at one point when using uhash. I was about to provide the current ID and the original one that was assigned (I commented using the first ID and thus know what it WAS, in addition to knowing what it currently IS since I am still logged in with the new one) for debugging purposes, but now realize is likely a moot point as Daniel apparently fixed it with 0.4.1.

Tusen takk, Daniel. Jeg snakker Svorsk.
 

Once set this cannot be

Active member
Jun 27, 2019
38
13
Gang... Just a quick note that the results of THIS EFFORT will be the uncontested SQRL plug-in for Wordpress.

I mentioned on Tuesday's podcast that Rasmus had someone who was interested in tasking him with creating a SQRL plug-in for Wordpress. But in light of the terrific work that's already being done here on this, there seemed to be no point in a redundant effort. So... THIS will be it! :)
@Steve, I truly hope that any of us who have deploy these test plugins will ensure that we don't use POC code on production servers - that we will use due diligence to ensure that any production code DOESN'T contain any of the issues we keep hearing you talk about on SN about doctoral thesis POC code being widely deployed.

@kalaspuffar, I haven't yet created WP plugins. Do you as plugin creator have access to what sites your code has been installed into using the WP plugin as made available through WP admin backend? What about sites which clone the plugin through git, or those who download the files and manually add the plugin?

I am sure you can search for a unique filename your plugin uses. I am more wondering if WP gives you detailed installation information or just an aggregate number of installs. (I think I must find a way to donate to you köttbullar)
 
Last edited:

jvedman

Member
May 20, 2018
5
2
Atlanta, GA
Logged back in to uhash.com without difficulty. I had previously linked my SQRL identity to a user (jvedman) and the association worked fine today. Yay!
 

alt3rn1ty

Well-known member
Feb 2, 2019
89
4
@kalaspuffar how do we register at uhash.com without giving email ?

When I logged in and registered here at sqrl.grc.com I only needed to provide a user name, the site knows nothing else about me (well apart from the avatar picture I added later)

If I use the Login with sqrl at uhash.com, there is no way to give a username so just logging in and registering I get given a user_1234567890.. ID. which then cannot be changed.


Found in profile, change nickname, and then use the drop down display name to select the nickname ..

.. But then the profile editing also requires an email address and rejects the editing if one is not entered

Personally I dont want to join sites which store information about me which can be reaped by hackers at some point in the future if someone compromises site security, but your site seems to be insisting on an email address. The whole point of SQRL is the site doesn't store anything useful about users for hackers to grab and exploit.

I get that some sites may choose to require an email in future, for those I would create a throwaway email.

But why does this test site require one ?
 
Last edited:

Vela Nanashi

Well-known member
May 19, 2018
625
107
That may be a bit out of the plugin's control inside the wordpress's own pages, I don't know for sure though, might be possible to make a special case for it, but modifying main wordpress pages is probably not something wordpress plugins are allowed to do normally.
 
  • Like
Reactions: kalaspuffar

alt3rn1ty

Well-known member
Feb 2, 2019
89
4
Ah I see, well I cant be bothered creating throwaways for a test site ..

But just using Steve's windows client and logging in without fully registering ( User_nnnnnnnnnnnn ) it seems to be working fine so far (y)
 

Once set this cannot be

Active member
Jun 27, 2019
38
13
@kalaspuffar I see a call to googleapis on line184 of 4.0.1:

Code:
<img src="https://chart.googleapis.com/chart?chs=150x150&cht=qr&chld=M|0&chl=<?php echo urlencode($sqrlURL) ?>"/>
Perhaps I am paranoid or just plain ignorant, but I want to know if it is necessary to rely on certain behemoths to provide functionality to your plugin to service an app/protocol with potentially conflicting interests, since it appears that many whom may be interested in SQRL due to privacy/tracking concerns.
 

kalaspuffar

Well-known member
May 19, 2018
267
91
Sweden
coderinsights.com
Hi @Once set this cannot be

I had a dependency to generate the QRCode before but EVERYTHING in a plugin gets review by the WordPress team for security flaws.

After some reviews back and forth I removed the dependency to keep sane.

In the future I might write my own generator or find a dependency with less code so we can review it against security flaws.

Not a top one priority at the moment but in the pipeline.

https://github.com/kalaspuffar/wordpress-sqrl-login/issues/11

Great catch and input.

Thank you for your time.
 
Last edited:

Gristle

Well-known member
Feb 16, 2019
341
70
Just tested with Jeff's iOS client (same device login) and I was not able to login. The page looks like it's stuck loading.
 
Jun 25, 2018
11
1
Hi @kalaspuffar, I just tried logging in to https://uhash.com/wp-login.php (using Steve's latest client) and got "An error has occurred. Incorrect QR code, try again"

When I read the QRcode with regular QRCode scanner, it seems the domain is missing - decodes as "sqrl://wp-admin/admin-post.php? ......"

Happy to provide additional details or test runs. Cheers, Scott
 
  • Like
Reactions: kalaspuffar