|
Re: FUDforum 3.0.1RC1 released [message #162175 is a reply to message #162122] |
Mon, 29 March 2010 19:25 |
|
upgrade adds the 'salt' field to the user table,
but sets the salt value to 'NULL' rather than NULL
(string rather than... well the absences of anything)
this results in no one being able to log in
setting to '' or to NULL fixes it
also, the reseting passwords doesnt work. new users passwords work fine. but if an existing user (who is broken from the above) resets their password, they cannot log in. their password field is updated and salt is set to some hex values.
sorry if this isnt the right place to post this
there is no errors in the apache logs
i suspect the upgrade.php script is faulty, and that the reset password section isnt using the updated password algorithm in the same way that the login is
|
|
|
|
|
|
|
|
Re: FUDforum 3.0.1RC1 released [message #162204 is a reply to message #162122] |
Sun, 04 April 2010 06:44 |
|
when a person changes their password, it works, when a person forgets their password and requests their password be reset it seems to send them the encrypted version if their password rather than the unencrypted version.
|
|
|
Re: FUDforum 3.0.1RC1 released [message #162205 is a reply to message #162204] |
Sun, 04 April 2010 12:25 |
The Witcher
Messages: 675 Registered: May 2009 Location: USA
Karma: 3
|
Senior Member |
add to buddy list ignore all messages by this user
|
|
djzort wrote on Sun, 04 April 2010 05:44when a person changes their password, it works, when a person forgets their password and requests their password be reset it seems to send them the encrypted version if their password rather than the unencrypted version.
I double checked and you are correct! I had the same problem with installations upgraded with both versions of the 3.0.1RC1 upgrade.
"I'm a Witcher, I solve human problems; not always using a sword!"
|
|
|
|
|
Re: FUDforum 3.0.1RC1 released [message #162212 is a reply to message #162211] |
Tue, 06 April 2010 23:38 |
The Witcher
Messages: 675 Registered: May 2009 Location: USA
Karma: 3
|
Senior Member |
add to buddy list ignore all messages by this user
|
|
naudefj wrote on Tue, 06 April 2010 15:02Thanks for testing and reporting problems like this. It would be ugly if bugs like this make it into a final release.
Agreed! However it is rough for people like me who are confused about what/how to use the fix provided!
In my case after unzipping the file, it left me with a "trunk" directory folder and a few subfolders ( /trunk/install/forum_data/src/) with a "reset.php.t" file in the last one.
I decided that "reset.php.t" needed to be uploaded to the non-browsable "forum_data/src/" section to replace the previous "reset.php.t" already there.
That did NOT work (even after clearing cache, and running Forum Consistency checker) I'm still sent the Hash 5 encryption.
Could this be the result of my already resetting the "salt" fields to "null" or am I missing something important?
"I'm a Witcher, I solve human problems; not always using a sword!"
|
|
|
|
|
|
|