bug in the New Admin Password system
Asked Modified Viewed 1,342 times
asked
in UserFieldsInput.class.php in "Set New Admin Password" system there is a bug.
- New admin password equal Login password
- Current login password is invalid
- Current admin password is invalid
dont check the current passwords.
there can be different passwords or wrong passwords and you can update your profile.
there are no error messages only "Profile was sucessfully updated." is displayed
- New admin password equal Login password
- Current login password is invalid
- Current admin password is invalid
dont check the current passwords.
there can be different passwords or wrong passwords and you can update your profile.
there are no error messages only "Profile was sucessfully updated." is displayed
Edited by chrome511 on 24-11-2015 17:08,
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
New Admin as in the Admin for PHPFusion 9?
The v7 passwords work fine there per default. I just tested Edit Profile for 9. You don´t set admin passwords in administration in 9 either.
When I do something wrong for 9 regardless of edit profile or from the Administration editing a user I get no issues atm
You have been fiddling with core files, I think you need to restore these as well before error reporting for 7 but you got me very confused when typing new admin and not in a 9 forum, please be more specific in what you are doing and what goes wrong.
The v7 passwords work fine there per default. I just tested Edit Profile for 9. You don´t set admin passwords in administration in 9 either.
When I do something wrong for 9 regardless of edit profile or from the Administration editing a user I get no issues atm
You have been fiddling with core files, I think you need to restore these as well before error reporting for 7 but you got me very confused when typing new admin and not in a 9 forum, please be more specific in what you are doing and what goes wrong.
answered
this is in v7.02.07
in the original v7 core
in the original v7 core
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
There are no new systems in 7.02.07. However, from experience I personally feel that the order of the fields can be confusing ( This have been handled in 9 to make more sense ) The first field are for current admin password, the other two is for a new one, these must match.
Admin password
New admin password
Confirm admin password
Below this you have 3 new fields
First you current password and after it the new password, these must also match.
Login password
New login password
Confirm password
If you have any other issues with this it is most likely due to your mods of the system.
Admin password
New admin password
Confirm admin password
Below this you have 3 new fields
First you current password and after it the new password, these must also match.
Login password
New login password
Confirm password
If you have any other issues with this it is most likely due to your mods of the system.
answered
there are no mods installed
its a fresh installed version
i mean this lines
when incorrect login password it update the new admin password
the same with current admin password.
no errors are displayed
its a fresh installed version
i mean this lines
Code Download source
// Set New Admin Password
private function _setNewAdminPassword() {
global $locale;
// Only accept if user is admin, updating his profile (not admin panel)
if (iADMIN && $this->_method == "validate_update" && !$this->isAdminPanel) {
if ($this->_getPasswordInput("user_admin_password") == "") {
if ($this->userData['user_admin_password'] == "") {
$this->_isValidCurrentAdminPassword = true;
$showError = false;
} else {
$this->_isValidCurrentAdminPassword = false;
$showError = true;
}
} else {
$this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false);
$showError = true;
}
//$this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false);
$this->_newUserAdminPassword = $this->_getPasswordInput("user_new_admin_password");
$this->_newUserAdminPassword2 = $this->_getPasswordInput("user_new_admin_password2");
// Require current password
if ($this->_isValidCurrentAdminPassword) {
// Require current admin password
if ($this->_isValidCurrentPassword) {
if ($this->_userAdminPassword != $this->_userPassword) {
// Intialize password auth
$passAuth = new PasswordAuth();
$passAuth->inputPassword = $this->_userAdminPassword;
$passAuth->inputNewPassword = $this->_newUserAdminPassword;
$passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
// Check admin new password
$_isValidNewPassword = $passAuth->isValidNewPassword();
if ($_isValidNewPassword === 0) {
// New password is valid
$this->_setDBValue("user_admin_algo", $passAuth->getNewAlgo());
$this->_setDBValue("user_admin_salt", $passAuth->getNewSalt());
$this->_setDBValue("user_admin_password", $passAuth->getNewHash());
} else {
if ($_isValidNewPassword === 1) {
// New Password equal old password
$this->_setError("user_password", $locale['u144'].$locale['u146'].$locale['u131']);
} elseif ($_isValidNewPassword === 2) {
// The two new passwords are not identical
$this->_setError("user_password", $locale['u148a']);
} elseif ($_isValidNewPassword === 3) {
// New password contains invalid chars / symbols
$this->_setError("user_password", $locale['u144'].$locale['u142']."<br />".$locale['u147']);
}
}
} else {
// New admin password equal Login password
$this->_setError("user_admin_password", $locale['u144'].$locale['u146'].$locale['u133']);
}
} else {
// Current login password is invalid
$this->_setError("user_admin_password", $locale['u149b']);
}
} else {
// Current admin password is invalid
$this->_setError("user_admin_password", $locale['u149a'], $showError);
}
}
}when incorrect login password it update the new admin password
the same with current admin password.
no errors are displayed
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
You don´t need login password to change Admin password. It does work as intended. Have done so for years.
When you first set the admin password you do not need anything but the password. After it has been set, you will need to change it giving the current one. That´s about it. Same with login passwords.
When you first set the admin password you do not need anything but the password. After it has been set, you will need to change it giving the current one. That´s about it. Same with login passwords.
answered
also current login password is needed when change the login password, set admin password for first time and update profile infos?
and current admin password is needed when change the admin password?
and current admin password is needed when change the admin password?
Falk
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
Yes, if you tinker with it you will see how it works, it does however work as it should.
answered
ok thanks
Category Forum
Suspected Bugs and Errors - 8Labels
None yet
Statistics
- Views 0 views
- Posts 8 posts
- Votes 0 votes
- Topic users 2 members
2 participants
Falk 131
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 11 questions
chrome511 10
sorry for my english.
i´m from germany
i´m from germany
- Member, joined since
- Contributed 73 posts on the community forums.
- Started 18 threads in the forums
- Started this discussions
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions