Topic: Converting to UTF8 locks out people with non-English passwords

[Forumtastic]

When I convert my forum to use UTF8 and then change the language appropriately, users who have non-English characters in their password can no longer log in.

Upon further investigation, I noticed it is because the SHA checksum in the database was created using a different character set.

Can anyone help me with this? I'd rather not use an ASCII character set for the very large and active forum I maintain. I was not the person who originally set it up using the current encoding.

Thank you so much in advance.

[Oldiesmann]

What character set were you originally using? It should be fairly easy to hack the code slightly to convert whatever they entered to the old character set if the initial password check fails.

[Forumtastic]

The original character set was Windows-1255.

I did think about this. I haven't had much luck finding Javascript code that could convert a string from UTF-8 to Windows-1255.

[Forumtastic]

And thank you for the quick response!

In the file script.js, I found this line:

doForm.hash_passwrd.value = hex_sha1(hex_sha1(doForm.user.value.php_to8bit().php_strtolower() + doForm.passwrd.value.php_to8bit()) + cur_session_id);

I originally thought if I could just convert to the old character set before the php_to8bit(), then it might work. Do you have an idea how I could do this?

[Oldiesmann]

Looking at script.js, it looks like we may be able to fool that function into thinking you're still using Windows-1255.

Try this and see what happens...

Find

Code: [Select]

if (smf_charset == 'UTF-8')
Add before that

Code: [Select]

smf_charset = 'Windows-1255';
That should fool it for now, but again, I can't guarantee this will work, so let me know if it doesn't and we'll figure something else out.

[Forumtastic]

That was a very good idea. I put that line in the Themes/core/script.js file on line 143 right before that line inside the php_to8bit function just as you had specified and, unfortunately, it did not appear to work. Perhaps it didn't work because the password page itself is in UTF8?

[Aleksi "Lex" Kilpinen]

Any updates on this? When I converted my forum to UTF-8, I never really heard of any problems like this to be honest.