Autofill password incorrect! Need to login twice. Has this ever been solved???

[Mr Cat]

I've been trying to find a solution this and the forums are filled with multiple threads about it - dating back years!
Still no solution, but people tend to end up writing it off as intermittent or a browser problem.
Yes I've tried all the cookie options and combinations etc.
It happens all the time, and seems like a proper 'bug' to me!

Has anybody finally solved it?

[Arantor]

There have been a spate of bots trying to break into accounts lately, if you're on anything below 1.1.13, when a bot tries to log in as you, it will log you off.

(I've never had a problem with this in the 5 years I've been running SMF)

[StarWars Fan]

I've been trying to find a solution this and the forums are filled with multiple threads about it - dating back years!
Still no solution, but people tend to end up writing it off as intermittent or a browser problem.
Yes I've tried all the cookie options and combinations etc.
It happens all the time, and seems like a proper 'bug' to me!

Has anybody finally solved it?

Nope - I know what you're talking about - it's not the latest brute-force attack bot he's talking about... It's another all together different thing... It is where regular users enter their correct password, but, are told their "password is incorrect"... VERY irritating and never fixed...

[Arantor]

Like I said, I've never encountered that in the last 5 years of running SMF...

[Illori]

please open a separate topic for your issue

[Jessica R]

My problem is similiar when logging in says incorrect username  lol and I know it is correct, I usually have to try it about 3 or 4 times till it takes? Is it a buglette?

[Mr Cat]

Well I thought I must have entered it incorrectly at some stage and the browser (IE8) had remembered that, but no - if you enter the correct password and the auto complete stores it, SMF will tell you it's incorrect the next time you try to log in. It then asks you to re-enter and it accepts it.

If you clear the 'dots' and enter manually it accepts it straight away. It seems SMF has trouble reading data only from a stored password.
Technically, what's the difference?
Is there something that PHP does differently between the two methods maybe?

Some people claim it's IE's fault but there are reports of it happening across all browsers.

It was only a nuisance until now but my logs are starting to fill with password incorrect errors and I don't want to annoy my members!

[Jessica R]

I solved my login multiple times problem by downloading the mod to use your email addy instead of username. Works Great on first try. ty mods

[Mr Cat]

Thanks for that suggestion - I appreciate it
I'd rather not have to add a mod if possible though. Surely this is something fundamental that needs solving?

I've been looking at the code and I'm wondering if the accept-charset="ISO-8859-1" attribute has any part in this...?

[Arantor]

I suspect it's related to the field being saved with the wrong value; the value is encrypted normally before it's sent to SMF...

[Mr Cat]

Hmmm...
I've been playing with an IE autocomplete password cracker. It can read the dots in forms from other websites but not my forum!
Somehow the password is not getting stored correctly. I still wonder if that charset encoding thing is involved?

[Hj Ahmad Rasyid Hj Ismail]

First of all, it may not be safe to use autocomplete.

Second, the only way I know to make it work, for myself that is, is to uninstall the browser software and delete all of its folder in windows program files (if you are using windows). Install it back and try again. Work for me but... I have to do all autocomplete over again 

[Arantor]

I still wonder if that charset encoding thing is involved?

It isn't, no. The way the password is hashed is done specifically to ignore charset type.

Somehow the password is not getting stored correctly.

Did I mention the password was encrypted before it's sent to SMF?

[Mr Cat]

Why does autocomplete work for other sites and not SMF? Why does the password reader work on other sites and not SMF?
I'm trying to work out why SMF is different.
To me, it's logical to assume the problem is in the SMF coding...?

[Arantor]

For the third time: SMF takes your password, and encrypts it.

The original password is NOT sent to the server. So it never gets put into the autocomplete, because it's taken away by Javascript before auto complete can save it.


I mean, if you want your password being sent to the server unencrypted, turn off Javascript, go nuts. Doesn't change the fact that this is done for your security, at the cost of a little inconvenience.

[Hj Ahmad Rasyid Hj Ismail]

Why does autocomplete work for other sites and not SMF? Why does the password reader work on other sites and not SMF?
I'm trying to work out why SMF is different.
To me, it's logical to assume the problem is in the SMF coding...?

To tell you the truth, it works just fine with somebody, and not for others. So basically, it's your PC and how you managed it and the relevant browser you are using. It got nothing to do with SMF IMO. (It's working fine for me in FF and Chrome).

[Mr Cat]

OK you're right - I just tried Firefox and that's OK.
I'll assume it's just IE for now. Other reports (and I've read a lot on here but no fix) say other browsers have problems too.
My PC works fine on other sites, plus IE is still very popular so I'd still like to get to the bottom of it.

[Arantor]

Even though I already told you what the core of the problem is?

Do me a favour, disable Javascript and try it again. Now you'll find you have no login issues, password logged via auto complete and password attackable by password breaking tools.

Or you could continue to ignore what I've been saying...

[Mr Cat]

Sorry - I'm not intentionally ignoring you.

Check this out: It comes close to solving it...
http://www.simplemachines.org/community/index.php?topic=76172.0

[Arantor]

And that talks about doing exactly what I said: disabling the hashing.