Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#144 closed bug (fixed)

set new password broken on alpha

Reported by: philipp Owned by: matrixpoint
Priority: blocker Milestone: 0.1-outreach-release
Component: BW General Keywords: hot
Cc:

Description

after setting a new password on alpha neither the old nor the new password a working.

error message after changing the password: (rather not directly related): Missing argument 3 for DisplayMain?(), called in
/var/www/alpha_html/htdocs/bw/changepassword.php on line 60 and
defined in /var/www/alpha_html/htdocs/bw/layout/main.php on line 36

Change History (12)

comment:1 Changed 10 years ago by philipp

  • version changed from alpha to test

same problem on test

comment:2 Changed 10 years ago by philipp

most likely change password still functions on the BW members.password, while for login tb password should be used.
switch to tb based change password could solve the problem

comment:3 Changed 10 years ago by matrixpoint

  • Owner set to matrixpoint
  • Status changed from new to assigned

comment:4 Changed 10 years ago by matrixpoint

The problem was simple, a missing argument in the call to the main display after setting the password. The argument was an array with a list of recent visitors. But instead of a quick fix, I took the opportunity to move this into TB. In case someone uses the old link in the FAQ for password change (which should be updated to ../user/password, but I don't have access to do this on alpha), I just send an empty array to the main display.

The new TB version could use more work, like changing over the words to the new DB word table, and possibly merging with My Settings. But it works now, so no longer is blocking.

Update: this doesn't work yet on test, for unknown reasons. It won't be easy to debug, since I don't have access to test. May need help.

comment:5 Changed 10 years ago by matrixpoint

With help from Felix, I determined the likely cause of the problem.

The new TB version of change password actually does update the members table PassWord? field. But on the next login, after checking the members table PassWord? (which matches) it then computes a TB password and puts it into the user table.

The reason this worked on my localhost is that my DB table hadn't been updated. I still had the handle field of the user table as a unique key. Therefore, the REPLACE mysql command deleted the existing user record for the username=handle that I was using, and created a new one with the correct crypt(password ) based on the new password.

Just recently, when my localhost DB was updated, the handle field of the user table was no longer uniquely keyed. So now, the REPLACE command creates a new user record with a duplicate handle. When I try to login with the new password, the old user record is used with the old password. Incidentally, this new situation results in a large number of duplicate (and useless) records in the user table.

The only way my new change password program will work is if the handle field key is changed back to unique, or the test to see if the BW password (in the members table) which we are using for authentication matches the TB password (in the user table) which I don't know what we're using for.

John

comment:6 Changed 10 years ago by matrixpoint

  • Resolution set to fixed
  • Status changed from assigned to closed

The problem which tied into #24, having to do with two different records for logged in members (in the user table and the member table), seems to be fixed now. At least, the new TB change password is working properly. The FAQ DB entry for password change, and the link that will be put on the preferences page (#138) should be adjusted to point to http://bewelcome.org/user/password.

This is alpha ready.

comment:7 Changed 10 years ago by philipp

currently both changepassword pages seem to work on test but each has its drawbacks

http://bewelcome.org/user/password

  • not translatable
  • probably the action of passwordchange is not logged as in the bw system

http://test.bewelcome.org/bw/changepassword.php?cid=xxx

  • after changing the password you get redirected to the old bw mainpage, this would have to be changed
  • has to be replaced sooner or later

which one should we use for the release?

comment:8 Changed 10 years ago by matrixpoint

The translation could be added, but I was reluctant to because of the long delay in updating the words table on alpha.

I don't know how to add logging under TB. Maybe someone else does?

comment:9 Changed 10 years ago by matrixpoint

I have converted the TB version to use the words table, and updated the words table on the test server.
Here is the list to update on alpha/production:

ChangePasswordNotUpdated?
Your password could not be updated. Please try again later or contact our support.
ChangePasswordUpdated?
Your password was successfully updated and valid from now on.
ChangePasswordMatchError?
The passwords you entered do not match.
ChangePasswordConfirmPasswordError?
Please confirm the password you entered.
ChangePasswordPasswordLengthError?
Your password must consist of at least 8 characters.
ChangePasswordInvalidPasswordError?
The old password is invalid.
ChangePasswordOldPasswordTip?
Enter your current password
ChangePasswordConfirmPasswordTip?
Retype the new password
ChangePasswordNewPasswordTip?
8 characters minimum
ChangePasswordSubmit?
Submit
ChangePasswordConfirmPassword?
Confirm password
ChangePasswordNewPassword?
New password
ChangePasswordOldPassword?
Old password
ChangePasswordTitle?
Change password
ChangePasswordHeading?
My Settings
ChangePasswordNotLoggedIn?
You must be logged in to change your password.

comment:10 Changed 10 years ago by matrixpoint

TB "change password" logging function added.

comment:11 Changed 10 years ago by matrixpoint

All words added to alpha. Final testing on alpha done.

comment:12 Changed 9 years ago by jeanyves

  • follow_up set to none

I have updated the Faq
JeanYves?

Note: See TracTickets for help on using tickets.