Sonya* Posted November 6, 2018 Posted November 6, 2018 I have upgraded 3.2 to 4.3 on the test server and encounter an issue that some users cannot login with their valid passwords any more. Another users can. I have investigated further and found one dependency: if user's password contains capital letters in it then user cannot login in 4.3 after upgrade. If there are no capital letters in the password the login credentials are still valid. Has someone encountered the same issue? Is it a bug or works as desired? I have over 280 000 users and would like to avoid mass changing passwords after upgrade. It is already "difficult" for users to use their display name or email instead of login. And if the passwords do not work either the users will be definitely confused.
bfarber Posted November 6, 2018 Posted November 6, 2018 Are we talking capital latin characters, or capital letters in another language?
Sonya* Posted November 6, 2018 Author Posted November 6, 2018 (edited) Сapital latin characters. Meanwhile we have also users that have capital latin characters in their passwords and can login. I have no idea why some users can login and another not. The passwords are definitely correct. I test them on 3.2 and they work and then on upgraded 4.3 and they do not work... Edited November 6, 2018 by Sonya*
BomAle Posted November 6, 2018 Posted November 6, 2018 (edited) Try to check if user is listed into the result of this query SELECT member_id, name, members_pass_hash, members_pass_salt FROM core_members WHERE members_pass_hash <> '' and members_pass_salt = '' Edited November 6, 2018 by BomAle Sonya* 1
Sonya* Posted November 7, 2018 Author Posted November 7, 2018 19 hours ago, BomAle said: Try to check if user is listed into the result of this query SELECT member_id, name, members_pass_hash, members_pass_salt FROM core_members WHERE members_pass_hash <> '' and members_pass_salt = '' I have 20526 users that match this query And indeed the users that cannot login are included. I have applied your fix and now they can login again. Thank you!!! And now? Should I leave the fix or will it be fixed by IPS in the next version? Or in the upgrade routine? Have you reported it?
BomAle Posted November 7, 2018 Posted November 7, 2018 (edited) Quote Hello. This is unfortunately a very rare issue, and only affects a small number of installs with very old members, so it's unlikely that the software will be changed for this one specific issue, but please feel free to make that suggestion in the Feedback & Ideas sections of our community forum. Regards, Mark Higgins Invision Power Services, Inc. from #1021485 ticket I suggest to change the code where you have applied the fix and redirect on reset password with a notice for help understand the issue if user attempt login have a empty salt. Edited November 7, 2018 by BomAle Sonya* 1
Zhana Posted March 20, 2020 Posted March 20, 2020 Hello, I recently upgraded from 3.x to 4.x and members on my forum are also reporting problems with logging in. I ran the SQL query and got 14984 results. What is the best course of action from here, should I ask IPS support for help in this matter? BomAle 1
Recommended Posts