Page 1 of 1

When logout the password is lost

Posted: Fri Jan 25, 2008 9:58 am
by vixmoa
After upgrading 1.0.13 to 1.0.14 everything goes fine except one:

When any user log out the password is lost. You have to generaqte a new one. The issue is:

1. You try to login, and fail.
2. Regenerate a new password from the joomla user menu and send to the user email.
3. Log in with the new password is OK.
4. Inmediately you logout
5. Try to log in again with the same pass in the step 3 and fails
6. You have to go again to the step 2

Perhaps the lost of the pass in when the user login, but in any case the same password can be used in different sessions.

???

Re: When logout the password is lost

Posted: Fri Jan 25, 2008 10:22 am
by vixmoa
More

After switch Joomla to verbose error mode:

When I try to log in backend the follow error appears:

Notice: Undefined offset: 1 in /home/s03b5e65/public_html/administrator/index.php on line 109

And the 109 line says:

list($hash, $salt) = explode(':', $my->password);

When I try to log in in fron end the error is:

Notice: Undefined offset: 1 in /home/s03b5e65/public_html/includes/joomla.php on line 1097

And the 1097 line is:
list($hash, $salt) = explode(':', $row->password);

That is the same code.


Also I have notice that in the database my password are save in this format:
9d0682ff6278a656e0d9cca38f47c446

But in other Joomla sites the password is stored with this format:
fe71e70ac87f4502a1ef7652fc28855b:xVJwS3SJoN8z1KOU

Note the lengh and the ":"

???

Re: When logout the password is lost

Posted: Fri Jan 25, 2008 3:53 pm
by infograf768
In my 1.0.14RC1
password is saved as
fe69f7e4ff714bd4fd802425069b58fc:x20DCwFAqQPyaX3f
No issue.

It is on 1.0.12 that passwords were stored as
21232f297a57a5a743894a0e4a801fc3

because a change in mdhash

Re: When logout the password is lost

Posted: Fri Jan 25, 2008 6:19 pm
by vixmoa
Ok, but my J! is:

1.0.12->upgrade 1.0.13->upgrade 1.0.14

And the pass continue in 21232f297a57a5a743894a0e4a801fc format.

:(

Re: When logout the password is lost

Posted: Sat Jan 26, 2008 6:44 am
by infograf768
Hmmm...
Have you upgraded from 1.0.12 via 1.0.13 then 1.0.14RC1 without logging first in 1.0.13?

Re: When logout the password is lost

Posted: Sat Jan 26, 2008 7:55 am
by vixmoa
;D No, I upgraded everytime an upgrade patch was published.