[Solved] First login always fails

Started by blakeburns13, February 01, 2012, 05:49:19 PM

Previous topic - Next topic

blakeburns13

SMF Version: 2.0.2
PHP Version: 5.1.6
MySQL Version:  5.1.58-1ubuntu1

I am currently in the process of integrating my forums database with my companies own products database (quick and dirty right now). I am inserting a copy of the forum user into the application database so there are two identically named users, one for each system (this isn't important as it will change later). Now I have run into a problem. Every time I login, the first attempt fails (function Login) but the second works (function Login2). It says my password is wrong but I know I put it in correctly the first time. It then succeeds after the second attempt.

This forum is currently local only so I cannot link to show you but I will try and throw out some code.

Sub-Members.php was edited and the following was changed (among other small things). This simply changed the encryption scheme from the default to what the application is using so that the people that register with the forum and go and log in to the application system without creating another account.



   // EDIT: bburns 02/01/2012 - Changed to use GUI encryption scheme
   date_default_timezone_set('UTC');
   $timetemp = getdate();
   $timevar = date('Y-m-d h:i:s O');
   $timeusernamesalt = sha1("--" . $timevar . "--" . $regOptions['username'] . "--");
   
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$regOptions['register_vars'] = array(
'member_name' => $regOptions['username'],
'email_address' => $regOptions['email'],
                'password_salt' => $timeusernamesalt,
'passwd' => sha1("--" . $timeusernamesalt . "--" . $regOptions['password'] . "--"),

       // the rest of the regOptions



The following is inside LogInOut.php but it is inside the function Logout2.



   // if (isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40)
   // { ... stuff ... }

   else
      // EDIT: bburns 02/01/2012 - Changed to use GUI encryption scheme
      $sha_passwd = sha1("--" . $user_settings['password_salt'] . "--" . un_htmlspecialchars($_POST['passwrd']) . "--");



I think it may be a problem with my cookies or something. Any ideas? Why would the first login fail?

Sir Osis of Liver


This is a recurring problem in 2.0.1/.2 that is often accompanied by session verification errors.  Seems to affect forums differently - failed first login, users unable to logout, admins unable to access admin section - and it does involve cookies.  Are you experiencing any other problems?

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

blakeburns13

No, just that one.

Is there any way to fix this?


Sir Osis of Liver


Have you tried renaming the forum cookie and clearing cache?

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

blakeburns13

I just did but with no results. I have started getting (before the change) an error along with my password problem.

"You were unable to login. Please check your cookie settings."

Which won't allow me to log in at all on one of my test account but another test account logs in with only the incorrect password problem.

Sir Osis of Liver


Unfortunately, all of the forums I've looked at have been affected differently, so haven't been able to isolate the cause.  Can you put the board up on the net so I can access it?

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

blakeburns13

I actually got it worked out (thankfully). My form was sending a hash_passwrd so "isset($_POST['hash_passwrd']" was true but the test to see if the password was the same as the hash was always false because my new way of encoding the password wasn't the same as the hash.

Advertisement: