Jump to content
We want to feature your community! ×

Community

Some user passwords are not valid after upgrade


Sonya*
 Share

Recommended Posts

I have upgraded 3.2 to 4.3 on the test server and encounter an issue that some users cannot login with their valid passwords any more. Another users can. I have investigated further and found one dependency: if user's password contains capital letters in it then user cannot login in 4.3 after upgrade. If there are no capital letters in the password the login credentials are still valid.

Has someone encountered the same issue? Is it a bug or works as desired?

I have over 280 000 users and would like to avoid mass changing passwords after upgrade. It is already "difficult" for users to use their display name or email instead of login. And if the passwords do not work either the users will be definitely confused. 

Link to comment
Share on other sites

Сapital latin characters. Meanwhile we have also users that have capital latin characters in their passwords and can login. I have no idea why some users can login and another not. The passwords are definitely correct. I test them on 3.2 and they work and then on upgraded 4.3 and they do not work...

Edited by Sonya*
Link to comment
Share on other sites

19 hours ago, BomAle said:

Try to check if user is listed into the result of this query

SELECT member_id, name, members_pass_hash, members_pass_salt FROM core_members WHERE members_pass_hash <> '' and members_pass_salt = ''

I have 20526 users that match this query :wacko: And indeed the users that cannot login are included. I have applied your fix and now they can login again. Thank you!!!

And now? Should I leave the fix or will it be fixed by IPS in the next version? Or in the upgrade routine? Have you reported it?

Link to comment
Share on other sites

Quote

Hello.

This is unfortunately a very rare issue, and only affects a small number of installs with very old members, so it's unlikely that the software will be changed for this one specific issue, but please feel free to make that suggestion in the Feedback & Ideas sections of our community forum.

Regards,

Mark Higgins
Invision Power Services, Inc.

from #1021485 ticket

I suggest to change the code where you have applied the fix and redirect on reset password with a notice for help understand the issue if user attempt login have a empty salt.

Edited by BomAle
Link to comment
Share on other sites

  • 1 year later...
 Share

×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy