I have upgraded 3.2 to 4.3 on the test server and encounter an issue that some users cannot login with their valid passwords any more. Another users can. I have investigated further and found one dependency: if user's password contains capital letters in it then user cannot login in 4.3 after upgrade. If there are no capital letters in the password the login credentials are still valid.

Has someone encountered the same issue? Is it a bug or works as desired?

I have over 280 000 users and would like to avoid mass changing passwords after upgrade. It is already "difficult" for users to use their display name or email instead of login. And if the passwords do not work either the users will be definitely confused. 

Are we talking capital latin characters, or capital letters in another language?

 

Сapital latin characters. Meanwhile we have also users that have capital latin characters in their passwords and can login. I have no idea why some users can login and another not. The passwords are definitely correct. I test them on 3.2 and they work and then on upgraded 4.3 and they do not work...

Try to check if user is listed into the result of this query

SELECT member_id, name, members_pass_hash, members_pass_salt FROM core_members WHERE members_pass_hash <> '' and members_pass_salt = ''

 

Try to check if user is listed into the result of this query

SELECT member_id, name, members_pass_hash, members_pass_salt FROM core_members WHERE members_pass_hash <> '' and members_pass_salt = ''

I have 20526 users that match this query  And indeed the users that cannot login are included. I have applied your fix and now they can login again. Thank you!!!

And now? Should I leave the fix or will it be fixed by IPS in the next version? Or in the upgrade routine? Have you reported it?

  Quote

Hello.

This is unfortunately a very rare issue, and only affects a small number of installs with very old members, so it's unlikely that the software will be changed for this one specific issue, but please feel free to make that suggestion in the Feedback & Ideas sections of our community forum.

Regards,

Mark Higgins
Invision Power Services, Inc.

from #1021485 ticket

I suggest to change the code where you have applied the fix and redirect on reset password with a notice for help understand the issue if user attempt login have a empty salt.

Hello,

 

I recently upgraded from 3.x to 4.x and members on my forum are also reporting problems with logging in. I ran the SQL query and got 14984  results. What is the best course of action from here, should I ask IPS support for help in this matter?