5.1 build 5110 Non-admin users password change not working

Post your Server Bug Report
thebagleguy
Posts: 2
Joined: 29 Jul 2014, 14:47
Has thanked: 0
Been thanked: 0

5.1 build 5110 Non-admin users password change not working

Unread post by thebagleguy » 21 Sep 2014, 07:45

on fresh installs of the server (x64) on windows and debian users that change there passwords and go to log back in does nothing with both the old password and the new one it has been changed to by nothing i mean not even a login error message

User avatar
Madsonic
Administrator
Administrator
Posts: 961
Joined: 07 Dec 2012, 03:58
Has thanked: 1153 times
Been thanked: 450 times

Re: AW: 5.1 build 5110 Non-admin users password change not w

Unread post by Madsonic » 21 Sep 2014, 11:32

Hi there,

This is tested and shouldn't happen.
Try to cleanup browser cache, cookies and saved form data and passwords.

I have seen this on my testlab with Google chrome.

Best regards

thebagleguy
Posts: 2
Joined: 29 Jul 2014, 14:47
Has thanked: 0
Been thanked: 0

Re: 5.1 build 5110 Non-admin users password change not worki

Unread post by thebagleguy » 22 Sep 2014, 07:44

did some looking at the db and seems to be encoding the password and saving it to the database with the old hex encoding scheme and have tried this from various computers and from IE Firefox and chrome

pr0tagonist
Posts: 6
Joined: 27 May 2014, 13:42
Has thanked: 0
Been thanked: 4 times

Re: 5.1 build 5110 Non-admin users password change not worki

Unread post by pr0tagonist » 28 Sep 2014, 07:30

Have the same issue with build 5080 and Win Server 2008 x64. Wheh non-admin users change password it doesn't work. I looked in db and saw that hash of this passwords became very short. It aslo happens when used password reset through "Forgotten your password?". I also tried using clean Internet Explorer instead Chrome, but result was the same. Then I installed 5150 and tried again with different browsers but nothing changed except "Wrong username or password" now appears.

tofuSCHNITZEL
Posts: 9
Joined: 25 Oct 2013, 12:07
Has thanked: 0
Been thanked: 1 time

Re: 5.1 build 5110 Non-admin users password change not worki

Unread post by tofuSCHNITZEL » 09 Oct 2014, 15:54

problem still exists even on 5.1.5150. doesn't matter which browser I use. A user can never login after a password change. looking in the DB I see the password is only 6 digits long.
These users thanked the author tofuSCHNITZEL for the post:
jaszladie

jaszladie
Posts: 15
Joined: 31 Oct 2013, 17:16
Has thanked: 15 times
Been thanked: 2 times

Re: 5.1 build 5110 Non-admin users password change not worki

Unread post by jaszladie » 21 Oct 2014, 19:22

I am also having this issue. I can change the password for my users and they can log in. When they change it themselves, they get locked out.

Code: Select all

[10/21/14 2:20 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:20 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:20 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:20 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user .....
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
Version
MADSONIC 5.1.5150.20140927.0919
MADSONIC REST API v1.12.0

Windows 7 64-bit

This did not occur for me until 5.1.5150.

neodawg
Posts: 9
Joined: 11 Jan 2013, 06:32
Has thanked: 1 time
Been thanked: 3 times

Re: 5.1 build 5110 Non-admin users password change not worki

Unread post by neodawg » 14 Nov 2014, 21:43

Seeing this same error on my Server 2008r2 server running tomcat.

Code: Select all

Exception java.lang.NullPointerException 
Message null 
Java version Oracle Corporation 1.7.0_17 
Operating system Windows Server 2008 R2 6.1 
Server Apache Tomcat/6.0.37 
Memory Used 119 of 225 MB 
Stack trace java.lang.NullPointerException at   
I cant post much of the stack because the forums complain my post is too 'spammy'

That is the error given to the clients browser when entering a username

EDIT: realize this is probably the wrong spot for this now.
I am also running the current stable version, 5.1.5200

pabohoney1
Posts: 2
Joined: 22 May 2013, 15:58
Has thanked: 0
Been thanked: 0

Re: 5.1 build 5110 Non-admin users password change not worki

Unread post by pabohoney1 » 22 Nov 2014, 20:43

jaszladie wrote:I am also having this issue. I can change the password for my users and they can log in. When they change it themselves, they get locked out.
I can replicate this as well. Setting the password for the user when logged in as 'admin' works. Setting the password while logged in as the regular user does NOT work and neither does the password from using the "Forgotten your password?" link.

Looking at madsonic.scripts, I noticed the following:

After password reset tool, password: Aq3DVWrS
INSERT INTO USER VALUES('test','enc:4171334456577253',0,0,0,FALSE,'emailaddress',0,FALSE,'Test')

After setting password in admin panel, password: DP1FDM8cV2Hv
INSERT INTO USER VALUES('test','enc:36646232633338643564623535323037333534653966363561313630313936353165333234333634',0,0,0,FALSE,'emailaddress',0,FALSE,'Test ')

After setting password in user account, password: Aq3DVWrS
INSERT INTO USER VALUES('test','enc:4171334456577253',0,0,0,FALSE,'emailaddress',0,FALSE,'Test')

The user email address was set correctly, but I couldn't post it here. It looks as though using the password reset link or setting it in the user account encodes the password using an old method.

Post Reply