Changing profile says password incorrect

Ðyєgσv · January 22, 2008, 11:26:46 AM

I have been trying to change my own profile in my board, and in order to save the changes I need to input my password. I do so, but it says that the password is incorrect. I have tried it multiple times but always get the same response. I know the password is correct because I logged out and back in plenty of times, and the password works normally for both logging in and the ACP, but doesn't work when I want to edit my account. What can I do?

greyknight17 · January 22, 2008, 10:29:39 PM

Try clearing your cookies and temp files. Close the browser and login. See if that helps.

If not, try the below to see if there is any progress:

Go to Admin->Server Settings->Feature Configuration and see if you have the following options set:

Enable local storage of cookies -> Unchecked
Use subdomain independent cookies -> Checked
Use database driven sessions -> Checked

Ðyєgσv · January 22, 2008, 11:10:32 PM

I have deleted all cookies pertaining to my board, along with the cache, and that didn't work. I checked the configurations you told me and everything is exactly as you said it should be

What else can I do?

greyknight17 · January 23, 2008, 08:01:51 PM

Give this a try to see if it helps...

Go into phpMyAdmin and click on your database. Then click on the SQL tab and copy paste the following code and run it:

Code Select

TRUNCATE smf_sessions;
TRUNCATE smf_log_online;

If that doesn't do it either, do you have another administrator there? If not, create a test account and grant it admin rights. Then login to that account to see if it has the same issue. If not, use that admin account and change your password on this problematic account. Then logout and login as that account to test it out...

Ðyєgσv · January 24, 2008, 12:12:42 AM

1st Thing didn't work, so I asked another admin to change my password to something really simple. I could make changes with that and get back to my last password, but then it didn't work again, so the problem is directly with my password.

I have a 13 characters long pass, with uppercase, lowercase, numbers, punctuation and some signs such as ~. Could that be the problem?

greyknight17 · January 25, 2008, 02:02:43 PM

Take away the tilde ~ first. See if that fixes the issue. If not, try the other punctuations and see which one is causing the problem.

Ðyєgσv · January 27, 2008, 07:35:21 PM

No, I havre tried changing all the simbols what a a time and it didn't work with any. This is so frustrating. I thought that part of being secure was having symbols in your password, but it seems like it won't let me at all. Here the symbols Y was using:

# " ~ . @ '

The weird thing is that the same password with all those characters work perfectly in this forum . . .

Ðyєgσv · January 30, 2008, 07:18:50 PM

Sorry to bump, but I still need help with this.

greyknight17 · January 31, 2008, 10:11:23 PM

Do you have another computer that you can use to go to your forum? If so, try using that to change the password back with the special characters. Then try changing something in your profile and see if it will accept your password this time around.

Ðyєgσv · January 31, 2008, 10:36:17 PM

I tried in another computer and the same error happened...

greyknight17 · February 01, 2008, 10:51:48 PM

I'm asking other staff members to lend a hand on this one...I'm stumped

Ðyєgσv · February 02, 2008, 09:20:29 AM

Ok, thanks for your concern. If it's of any help, the board where the error is happening is the one on my signature

Rumbaar · February 08, 2008, 04:52:36 PM

You have no issues inputing your password in other sections of the forum? An other admin can reset your password, but still in that profile area it doesn't allow you to input even with a more simple password?

Are you the only account that is affected this way? Have you installed any mods that have affect that profile template file? Does it occur when using the default theme?

Ðyєgσv · February 08, 2008, 10:24:01 PM

No, my password works pretty fine in all other areas of the board
It allows me to input my password, but when I try to save the changes, it says that my password is incorrect. And it works with a simpler password
As far as I know I'm the only one affected, since nobody has made any complaint about it
I still have to try with the default theme, but I'm pretty sure it's not it

Here are my mods:

Modification Packages
   Mod Name    Version
1.    View Single PM    1.3    [ Uninstall ] [ List Files ] [ Delete ]
2.    Member Color Link    2.0.5    [ Uninstall ] [ List Files ] [ Delete ]
3.    Signature Settings Mod    1.1    [ Uninstall ] [ List Files ] [ Delete ]
4.    vReportBoard Mod    1.03    [ Uninstall ] [ List Files ] [ Delete ]
5.    Custom BBCode    2.00    [ Uninstall ] [ List Files ] [ Delete ]
6.    Auto Embed Video Clips    2.0    [ Uninstall ] [ List Files ] [ Delete ]
7.    Karma Description Mod    2.3    [ Uninstall ] [ List Files ] [ Delete ]
8.    Ad Managment    2.3    [ Uninstall ] [ List Files ] [ Delete ]

Rumbaar · February 09, 2008, 04:01:47 AM

Well looking at the source files for Profile.php and others that you can use, say LogInOut.php can see the difference in the code used to check the passwords. This could be the issue.

Profile.php

Code Select

		// Bad password!!!
		if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd']))
			$post_errors[] = 'bad_password';

LogInOut.php

Code Select

	else
		$sha_passwd = sha1(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd'])));

The fact the profile doesn't seem to un_htmlspecialchars or stripslashes could be the reason. It looks like this is an issue even with SMF 2.0. I'll have to try and get a developer in on this as I'm not sure of the implication of a difference action.

Ðyєgσv · February 09, 2008, 10:16:58 AM

Ok, so I guess there's nothing I can do other than to wait. Thanks for bringing the problem up to the devs, and I hope they can fix it

Rumbaar · February 09, 2008, 07:12:29 PM

Well we can actually try an experiment.

In your sources/Profile.php
Find:

Code Select

		// Bad password!!!
		if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd']))
			$post_errors[] = 'bad_password';

Replace with:

Code Select

		// Bad password!!!
		if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])))
			$post_errors[] = 'bad_password';

Then try to change your details with the same 'special' character password and see how you goes this time.

anboni · April 12, 2008, 10:57:11 AM

Apologies for bumping this rather old thread, but since no feedback was given on the final suggestion by Rumbaar I figured it made sense so this bug can get squashed.

I was having the same problem, with a password containing ',}> and some letters and numbers, so I've modified the Profile.php as suggested (adding one more closing bracket at the end of the if-line) and this seems to work fine. My forum is still running SMF 1.1.4.

Rumbaar · April 12, 2008, 06:29:19 PM

Yeah the person having the issue never got back

Can you post the exact code changes you made, before and after so others might try it as well if they ever get the same issue.

anboni · April 13, 2008, 06:05:25 AM

Apart from the one ) the code is exactly as you posted.

The code is in Source/Profile.php at line 443.

Before:

Code Select


                // Bad password!!!
                if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd']))
                $post_errors[] = 'bad_password';

After:

Code Select


                // Bad password!!!
               if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['oldpasswrd']))))
                        $post_errors[] = 'bad_password';

News:

Changing profile says password incorrect