Version 0.94 Password Check Fails
35 views
Skip to first unread message
Hassan Shirzad
Jun 17, 2013, 7:22:49 AM6/17/13
to uf...@googlegroups.com
Hi there,
First of all thank you very much for your script, I have been using it for a long time now. But recently I just tried to upgrade to the 0.94 version but it seems like in this version you simply have deleted the password checking mechanism for logging in. No matter what password I try after I create an account it keeps saying Wrong username or password. I tested it on your demo on your server. Created a test account and tried to login and it does the same thing. I checked the login function in your script and there isn't anywhere that it checks for the actual posted credentials in the function, it just checks cookie's saved credentials and if there is nothing there it automatically goes to error(10) which is the Wrong username or password.
I think this is a bug, since even your demo doesn't work, unless I am missing something? I was surprised no one else hasn't mentioned it.
First of all thank you very much for your script, I have been using it for a long time now. But recently I just tried to upgrade to the 0.94 version but it seems like in this version you simply have deleted the password checking mechanism for logging in. No matter what password I try after I create an account it keeps saying Wrong username or password. I tested it on your demo on your server. Created a test account and tried to login and it does the same thing. I checked the login function in your script and there isn't anywhere that it checks for the actual posted credentials in the function, it just checks cookie's saved credentials and if there is nothing there it automatically goes to error(10) which is the Wrong username or password.
I think this is a bug, since even your demo doesn't work, unless I am missing something? I was surprised no one else hasn't mentioned it.
Pablo
Jun 17, 2013, 11:14:22 AM6/17/13
to uf...@googlegroups.com
Thanks for the feedback,
You are correct, the block of code removed when deprecating the legacy password hasher broke the login proccess, here is the commit reference
Pablo
Jun 17, 2013, 2:07:12 PM6/17/13
to uf...@googlegroups.com
I pushed a new update that fixes this bug
On Monday, June 17, 2013 7:22:49 AM UTC-4, Hassan Shirzad wrote:
Thanks for writing about it.
On Monday, June 17, 2013 7:22:49 AM UTC-4, Hassan Shirzad wrote:
Hassan Shirzad
Jun 20, 2013, 7:23:18 AM6/20/13
to uf...@googlegroups.com
Thanks very much! Great as usual.
Reply all
Reply to author
Forward
0 new messages