Page 1 of 1

5.1 build 5110 Non-admin users password change not working

Posted: 21 Sep 2014, 07:45
by thebagleguy
on fresh installs of the server (x64) on windows and debian users that change there passwords and go to log back in does nothing with both the old password and the new one it has been changed to by nothing i mean not even a login error message

Re: AW: 5.1 build 5110 Non-admin users password change not w

Posted: 21 Sep 2014, 11:32
by Madsonic
Hi there,

This is tested and shouldn't happen.
Try to cleanup browser cache, cookies and saved form data and passwords.

I have seen this on my testlab with Google chrome.

Best regards

Re: 5.1 build 5110 Non-admin users password change not worki

Posted: 22 Sep 2014, 07:44
by thebagleguy
did some looking at the db and seems to be encoding the password and saving it to the database with the old hex encoding scheme and have tried this from various computers and from IE Firefox and chrome

Re: 5.1 build 5110 Non-admin users password change not worki

Posted: 28 Sep 2014, 07:30
by pr0tagonist
Have the same issue with build 5080 and Win Server 2008 x64. Wheh non-admin users change password it doesn't work. I looked in db and saw that hash of this passwords became very short. It aslo happens when used password reset through "Forgotten your password?". I also tried using clean Internet Explorer instead Chrome, but result was the same. Then I installed 5150 and tried again with different browsers but nothing changed except "Wrong username or password" now appears.

Re: 5.1 build 5110 Non-admin users password change not worki

Posted: 09 Oct 2014, 15:54
by tofuSCHNITZEL
problem still exists even on 5.1.5150. doesn't matter which browser I use. A user can never login after a password change. looking in the DB I see the password is only 6 digits long.

Re: 5.1 build 5110 Non-admin users password change not worki

Posted: 21 Oct 2014, 19:22
by jaszladie
I am also having this issue. I can change the password for my users and they can log in. When they change it themselves, they get locked out.

Code: Select all

[10/21/14 2:20 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:20 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:20 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:20 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user .....
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
[10/21/14 2:19 PM]	INFO	RESTRequestParameterProcessingFilter	Authentication failed for user ...
Version
MADSONIC 5.1.5150.20140927.0919
MADSONIC REST API v1.12.0

Windows 7 64-bit

This did not occur for me until 5.1.5150.

Re: 5.1 build 5110 Non-admin users password change not worki

Posted: 14 Nov 2014, 21:43
by neodawg
Seeing this same error on my Server 2008r2 server running tomcat.

Code: Select all

Exception java.lang.NullPointerException 
Message null 
Java version Oracle Corporation 1.7.0_17 
Operating system Windows Server 2008 R2 6.1 
Server Apache Tomcat/6.0.37 
Memory Used 119 of 225 MB 
Stack trace java.lang.NullPointerException at   
I cant post much of the stack because the forums complain my post is too 'spammy'

That is the error given to the clients browser when entering a username

EDIT: realize this is probably the wrong spot for this now.
I am also running the current stable version, 5.1.5200

Re: 5.1 build 5110 Non-admin users password change not worki

Posted: 22 Nov 2014, 20:43
by pabohoney1
jaszladie wrote:I am also having this issue. I can change the password for my users and they can log in. When they change it themselves, they get locked out.
I can replicate this as well. Setting the password for the user when logged in as 'admin' works. Setting the password while logged in as the regular user does NOT work and neither does the password from using the "Forgotten your password?" link.

Looking at madsonic.scripts, I noticed the following:

After password reset tool, password: Aq3DVWrS
INSERT INTO USER VALUES('test','enc:4171334456577253',0,0,0,FALSE,'emailaddress',0,FALSE,'Test')

After setting password in admin panel, password: DP1FDM8cV2Hv
INSERT INTO USER VALUES('test','enc:36646232633338643564623535323037333534653966363561313630313936353165333234333634',0,0,0,FALSE,'emailaddress',0,FALSE,'Test ')

After setting password in user account, password: Aq3DVWrS
INSERT INTO USER VALUES('test','enc:4171334456577253',0,0,0,FALSE,'emailaddress',0,FALSE,'Test')

The user email address was set correctly, but I couldn't post it here. It looks as though using the password reset link or setting it in the user account encodes the password using an old method.