| passwords [message #1062] |
Mon, 20 August 2007 15:11  |
interop
Messages: 45
Registered: October 2006
|
Member |
|
|
I'm having a couple problems but related to the same thing.
1. The interface allows you to include the characters deemed invalid by encryption_class (', ", \) when you change your password.
2. I changed a test user's password to testtest\ and testtest' but then couldn't log in due to the sql error produced by: user_password='testtest\' and user_password='testtest''
3. If you change Encrypt Passwords from no to yes in the menu control, the post update record fails when it encounters a password with one of the invalid characters (', ", \) but doesn't return the error to the screen. All passwords processed before the password with the invalid character are encrypted and the rest are not.
version 1.27.0, php5, mysql5
[Updated on: Mon, 20 August 2007 15:32] Report message to a moderator |
|
|
|
| Re: passwords [message #1063 is a reply to message #1062] |
Mon, 20 August 2007 19:16  |
AJM
Messages: 2368
Registered: April 2006
Location: Surrey, UK
|
Senior Member |
|
|
You forgot to say that you started with 'Password Encryption' set to NO in the control screen.
This is really a bug, so should have been reported as a bug and not a "How to" topic.
I have changed the code so that it will test for invalid characters even when the passwords are not encrypted. Please see attached file.
I will make a more permanent fix later which tests all the password changes before it updates the database.
Tony Marston
http://www.tonymarston.net
http://www.radicore.org
|
|
|
|
Radicore Forum
Search
Help
Members
Register
Login
Home
