Login fails if user is registered with group_id != 1

[eellis]

I have a registration form that includes a input for group ID. I currently just use group id 1 and 2.

I can successfully register a user with either group id. 

When I attempt to login a user that was registered with group id 2, I get the error "wrong username or password".

This problem does not occur if I register a user with group id 1.  I can also change the group id after the user is registered with no ill effects. 

The hass_pass function is returning different results for login and register when the user is registered with a group id != 1.  The hash appears to be calculated and stored properly on registration when registered with group_id set to either 1 or 2, as I can register users that have identical passwords (within the timeframe that is used in $pos, I haven't studied the rest of the code around to to see how exactly that works) and the hashes are also identical. 

I can provide a partial dump of the users table if you wish. 

Thanks for this tool. 

[Pablo Tejada]

I'll need as much information as you can give me so i can look into this issue as i cant replicate it.

I just created two users in the live the demo http://crusthq.com/script/uFlexDemo/

tom1 and tom2 with the same password(password), tom1 is group 1, and tom2 2. I was able to login with both without problem.

--
Project's home page http://crusthq.com/projects/uFlex/
---
You received this message because you are subscribed to the Google Groups "uFlex" group.
To post to this group, send email to uf...@googlegroups.com.
To unsubscribe from this group, send email to uflex+un...@googlegroups.com.
Visit this group at http://groups.google.com/group/uflex?hl=en-US.
 
 

[eellis]

Let me set up a simple testing framework and if I'm still having problems I'll zip up the code and post it here.  Thanks for your quick response. 

[eellis]

Pablo,

Can you test registering a user when you're already logged in?  That's the only difference between my test and the code that I'm trying to roll into production.  I'm using uFlex for a site where users can't self register, so I'm ensuring that my currently logged in user belongs to a certain group before I even allow them to fire the register function.

If I have time, I'll set up a second test to test my theory as well.

Thank you for your time. 

[Pablo Tejada]

Ok, i see what you want to do now. You cant register a user if is already logged in with same class instance.

I have not tried this my self, you could try to make a new uFlex instance to allow the logged in user to register another user. In this new object you should use a different "user_session" to avoid polluting the logged in user's session.

if($user->signed and $user->data['group_id'] == 2)
{
$u = clone $user;
$u->opt['user_session'] = "newRegister";
//clear the properties of the current from the clone
$u->logout();
//register new user
$u->register($newUserInfo);

//keep doing what you would do, check for errors, send email and so on....
}

Let me know if you can make this work, if not i'll test it over the weekend.

[Pablo Tejada]

Glad you got it working

On Oct 15, 2012 5:18 AM, "Ondra" <posedly...@gmail.com> wrote:

Hi! I had same problem. After first registration (admin) I moved register form to admin panel (and registering new users while signed). Then I was not able to login as new user except admin. 

Then I changed /uflex/register.php from:

if($user->signed) redirect("/");

//Proccess Registration

if(count($_POST)){

//Register User

$registered = $user->register($_POST);

if(!$registered){

$_SESSION['NoteMsgs'] = $user->error();

$_SESSION["regData"] = $_POST;

redirect();

}else{

$_SESSION['NoteMsgs'][] = "User Registered Successfully";

$_SESSION['NoteMsgs'][] = "You may login now!";

redirect("/administrace");

}

}else{

redirect();

}

TO your code:

if($user->signed and $user->data['group_id'] == 2)

{

//Proccess Registration

if(count($_POST)){

//Register User

$u = clone $user;

$u->opt['user_session'] = "newRegister";

//clear the properties of the current from the clone

$u->logout();

//register new user

$u->register($newUserInfo);

//$registered = $user->register($_POST);

if(!$registered){

$_SESSION['NoteMsgs'] = $user->error();

$_SESSION["regData"] = $_POST;

redirect();

}else{

$_SESSION['NoteMsgs'][] = "User Registered Successfully";

$_SESSION['NoteMsgs'][] = "You may login now!";

redirect("/administrace");

}

}else{

redirect();

}

}

And now It just works ;-)

Thanks Pablo!

Dne středa, 10. října 2012 17:36:12 UTC+2 Pablo napsal(a):

[eellis]

This works as intended.  Thank you very much. 

[Pablo]

I have updated the class so one could simply clone the uFlex instance and get a clean object ready to work with. Ex:

$subUser = clone $user;

https://github.com/ptejada/uFlex