ACP Password Change Bug

Forum
Last Post
Threads / Messages
Hwona

Hwona

Member
Member
Joined
Mar 1, 2013
Messages
620
Points
0
Mysidian Dollar
31,589
Hello! I might be the only one, but has anyone else noticed that if you try and change a user's password via the acp, the user later can't log in with the new or the old password? I'm experimenting with v.1.3.3, but when I checked the v.1.3.4 list of fixed bugs, this wasn't mentioned. Does anyone else have this issue or know how to fix it?

PHP: 
<?php

class ACPUserController extends AppController{

	const PARAM = "uid";
    private $view;
	private $subController;
	
	public function __construct(){
	    parent::__construct();
		$mysidia = Registry::get("mysidia");
		if($mysidia->usergroup->getpermission("canmanageusers") != "yes"){
		    throw new NoPermissionException("You do not have permission to manage users.");
		}	
	}
	
	public function index(){
	    parent::index();
	    $mysidia = Registry::get("mysidia");
		$document = $mysidia->frame->getDocument();		
		$stmt = $mysidia->db->select("users", array());		
		$fields = array("uid", "username", "email", "ip", "usergroup", "uid::edit", "uid::delete");
		
		$userTable = new TableBuilder("user");
		$userTable->setAlign(new Align("center", "middle"));
		$userTable->buildHeaders("uid", "Username", "Email", "IP", "Usergroup", "Edit", "Delete");
		$userTable->setHelper(new UserTableHelper);
		$userTable->setMethod($fields[1], "getProfileLink");
		$userTable->setMethod($fields[5], "getEditLink");
        $userTable->setMethod($fields[6], "getDeleteLink");
		$userTable->buildTable($stmt, $fields);
        $document->add($userTable);	
	}
	
	public function add(){
	    throw new InvalidActionException($mysidia->lang->global_action);
	}
	
	public function edit(){
	    $mysidia = Registry::get("mysidia");
		$document = $mysidia->frame->getDocument();
	    if(!$mysidia->input->get("uid")){
		    $this->index();
			return;
		}
		$user = new Member($mysidia->input->get("uid"));		
		
		if($mysidia->input->post("submit")){
		    // A form has been submitted, we will be processing the request.
			if($mysidia->input->post("pass1")){
                $newsalt = codegen(15, 0); 
			    $password = passencr($username, $pass1, $newsalt);
				$mysidia->db->update("users", array("password" => $password), "uid='{$mysidia->input->get("uid")}'");
				if($mysidia->input->post("emailpwchange") == "yes"){
					//SEND THE PASSWORD CHANGE EMAIL...	
                    $systememail = $mysidia->settings->systememail;
					$headers = "From: {$systememail}";
					$message = "Hello {$user->username};\n\nYour password at {$mysidia->settings->sitename} has been changed by the site admin. Your new account details are as follows:\n
						        Username: {$user->username}\nPassword: {$mysidia->input->post("pass1")}\n
						        You can log in to your account at: {$mysidia->path->getAbsolute()}login\n
						        Thank You. The {$mysidia->settings->sitename} team.";
					mail($mysidia->input->post("email"), "{$mysidia->settings->sitename} - Your password has been changed", $message, $headers);					
				}
			}
				
			$mysidia->db->update("users", array("email" => $mysidia->input->post("email")), "uid='{$mysidia->input->get("uid")}'");
			if(is_numeric($mysidia->input->post("level"))) $mysidia->db->update("users", array("usergroup" => $mysidia->input->post("level")), "uid='{$mysidia->input->get("uid")}'");
			
            //Carry out user banning options
			if($mysidia->input->post("canlevel") == "no") $mysidia->db->update("users_status", array("canlevel" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canvm") == "no") $mysidia->db->update("users_status", array("canvm" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canfriend") == "no") $mysidia->db->update("users_status", array("canfriend" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("cantrade") == "no") $mysidia->db->update("users_status", array("cantrade" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canbreed") == "no") $mysidia->db->update("users_status", array("canbreed" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canpound") == "no") $mysidia->db->update("users_status", array("canpound" => 'no'), "uid='{$mysidia->input->get("uid")}'");  
            if($mysidia->input->post("canshop") == "no") $mysidia->db->update("users_status", array("canshop" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("unban") == "yes") unbanuser($user->username);
          
			$document->setTitle($mysidia->lang->edited_title);
		    $document->addLangvar($mysidia->lang->edited);
		}
		else{
		    // Show default form action
			$userForm = new FormBuilder("editform", $mysidia->input->get("uid"), "post");
			$userForm->add(new Comment("<br><br>"));
			$userForm->add(new Image("templates/icons/delete.gif"));
			$userForm->buildCheckBox(" Delete This User. <strong>This cannot be undone!</strong>", "delete", "yes")
					 ->buildComment("Assign New Password: ", FALSE)->buildPasswordField("password", "pass1", "", TRUE)
					 ->buildComment("Passwords may contain letters and numbers only. Leave the box blank to keep the current password.")
		             ->buildCheckBox(" Email the user the new password (Only takes effect if setting a new password) ", "emailpwchange", "yes")
					 ->buildComment("Change Email Address: ", FALSE)->buildTextField("email", $user->getemail())
					 ->buildCheckBox(" Ban this user's rights to click adoptables", "canlevel", "no")
					 ->buildCheckBox(" Ban this user's rights to post profile comments", "canvm", "no")
					 ->buildCheckBox(" Ban this user's rights to make trade offers", "cantrade", "no")
					 ->buildCheckBox(" Ban this user's rights to send friend requests", "canfriend", "no")
					 ->buildCheckBox(" Ban this user's rights to breed adoptables", "canbreed", "no")
					 ->buildCheckBox(" Ban this user's rights to abandon adoptables", "canpound", "no")
					 ->buildCheckBox(" Ban this user's rights to visit Shops", "canshop", "no");
					 
			$userForm->add(new Comment("<u>{$user->username}'s Current Usergroup:</u> Group {$user->usergroup}"));	
            $userForm->add(new Comment("Change {$user->username}'s Usergroup To:", FALSE));
	        $userForm->buildDropdownList("level", "UsergroupList", $user->usergroup->gid)					
			         ->buildButton("Edit User", "submit", "submit");
			$document->add($userForm);
		}
	}
	
	public function delete(){
	 	$mysidia = Registry::get("mysidia");
		$document = $mysidia->frame->getDocument();
	    if(!$mysidia->input->get("uid")){
		    $this->index();
			return;
		}

        $user = new Member($mysidia->input->get("uid"));
		deleteuser($user->username);
		$document->setTitle($mysidia->lang->delete_title);
		$document->addLangvar($mysidia->lang->delete);
		header("Refresh:3; URL='../../index'");
	}
	
	public function merge(){
	    $mysidia = Registry::get("mysidia");
	    throw new InvalidActionException($mysidia->lang->global_action);
	}
	
	public function search(){
	    $mysidia = Registry::get("mysidia");
	    throw new InvalidActionException($mysidia->lang->global_action);
	}
}

?>
 
Password Reset/Password Change Glitch

I also have this issue and my users aren't getting their password resets when they try to reset it. No email, nothing. I've tested this myself, so I know it's indeed a problem. It's always been an issue, just kept forgetting to look for a fix and normally just have them re-register, then I change their username or change the user name in the db, have them re-register, then change the db ID number. T_T Very involved and frustrating.

As I continued reading, I saw the issue with Yahoo, but I'm using mystfell@gmail.com as my admin email and tested it using another gmail to receive the reset.
 
Last edited:
Just looked through that script... it seems to update the password hash in the database but not the salt. Try changing line 39, which looks like:
PHP: 
$mysidia->db->update("users", array("password" => $password), "uid='{$mysidia->input->get("uid")}'");

To this:
PHP: 
$mysidia->db->update("users", array("password" => $password, "salt" => $newsalt), "uid='{$mysidia->input->get("uid")}'");
edit: omg didn't realize op posted this a few months ago ok whoops

@NobodysHero I'm not sure about the email thing, though. ;o; Last time I ran Mysidia the password resets were working fine... Does your host have the mail() function enabled? Some hosting providers disable that function.
 
Last edited:
Just tried that, Pachoo, doesn't seem to work. T_T

Here's mine, in case maybe I did something wrong?


PHP: 
<?php

class ACPUserController extends AppController{

	const PARAM = "uid";
	
	public function __construct(){
	    parent::__construct();
		$mysidia = Registry::get("mysidia");
		if($mysidia->usergroup->getpermission("canmanageusers") != "yes"){
		    throw new NoPermissionException("You do not have permission to manage users.");
		}	
	}
	
	public function index(){
	    parent::index();
	    $mysidia = Registry::get("mysidia");	
		$stmt = $mysidia->db->select("users");		
        $this->setField("stmt", new DatabaseStatement($stmt));
	}
	
	public function add(){
	    throw new InvalidActionException("global_action");
	}
	
	public function edit(){
	    $mysidia = Registry::get("mysidia");
	    if(!$mysidia->input->get("uid")){
		    $this->index();
			return;
		}
		$user = new Member($mysidia->input->get("uid"));		
		
		if($mysidia->input->post("submit")){
		    // A form has been submitted, we will be processing the request.
			if($mysidia->input->post("pass1")){
                $newsalt = codegen(15, 0); 
			    $password = passencr($username, $pass1, $newsalt);
				$mysidia->db->update("users", array("password" => $password, "salt" => $newsalt), "uid='{$mysidia->input->get("uid")}'");  
				if($mysidia->input->post("emailpwchange") == "yes"){
					//SEND THE PASSWORD CHANGE EMAIL...	
                    $systememail = $mysidia->settings->systememail;
					$headers = "From: {$systememail}";
					$message = "Hello {$user->username};\n\nYour password at {$mysidia->settings->sitename} has been changed by the site admin. Your new account details are as follows:\n
						        Username: {$user->username}\nPassword: {$mysidia->input->post("pass1")}\n
						        You can log in to your account at: {$mysidia->path->getAbsolute()}login\n
						        Thank You. The {$mysidia->settings->sitename} team.";
					mail($mysidia->input->post("email"), "{$mysidia->settings->sitename} - Your password has been changed", $message, $headers);					
				}
			}
				
			$mysidia->db->update("users", array("email" => $mysidia->input->post("email")), "uid='{$mysidia->input->get("uid")}'");
			if(is_numeric($mysidia->input->post("level"))) $mysidia->db->update("users", array("usergroup" => $mysidia->input->post("level")), "uid='{$mysidia->input->get("uid")}'");
			
            //Carry out user banning options
			if($mysidia->input->post("canlevel") == "no") $mysidia->db->update("users_status", array("canlevel" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canvm") == "no") $mysidia->db->update("users_status", array("canvm" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canfriend") == "no") $mysidia->db->update("users_status", array("canfriend" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("cantrade") == "no") $mysidia->db->update("users_status", array("cantrade" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canbreed") == "no") $mysidia->db->update("users_status", array("canbreed" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canpound") == "no") $mysidia->db->update("users_status", array("canpound" => 'no'), "uid='{$mysidia->input->get("uid")}'");  
            if($mysidia->input->post("canshop") == "no") $mysidia->db->update("users_status", array("canshop" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("unban") == "yes") unbanuser($user->username);
		}
	}
	
	public function delete(){
	 	$mysidia = Registry::get("mysidia");
	    if(!$mysidia->input->get("uid")){
		    $this->index();
			return;
		}

        $user = new Member($mysidia->input->get("uid"));
		deleteuser($user->username);
	}
	
	public function merge(){
	    throw new InvalidActionException("global_action");
	}
	
	public function search(){
	    throw new InvalidActionException("global_action");
	}
}
?>
 
Everything looks fine in the file. :'o If your site's users are not getting emails, it could be possible that your host has PHP's mail() function disabled. Try submitting a support ticket to your host to find out if PHP's mail() function is enabled?
 
Ditto to what Pachoofoosh said, some webhosts have disabled php's mail function for shared hosting accounts. On MysidiaHost we dont have this problem, but I cant speak for other webhosts.
 
OH! YES RIGHT! I also forgot to mention, replaced that line that was suggested by Pachoo, but it's still not changing the password successfully. x.x I tried to log in using the password I made and it didn't let me in. T_T If either of you are willing to give it a good poke around, I'd appreciate it.

PS:And I did send in a ticket, just waiting for a response from the host.
 
Hmm.... Try pasting this on line 2, under the <?php line:
PHP: 
include('../functions/functions.php');
 
Last edited:
That gives me:

The mystfell.com page isn’t working

mystfell.com is currently unable to handle this request.
500
Click to expand...

Just for that page. Taking it out returned access to the page. x.x
 
Dang, sorry, i'm not quote sure what's going on with the code then. :c Maybe HoF can help? Seems to be there might be some hidden bug in the page's password updating code.
 
As for the emails not being sent issue, I think I switched to using my host's email (mysidia, thank you HoF!) and they started going through. I think that's all I did.. So yea, you should look into seeing which email hosts work.
 
Well another possibility is that you are using yahoo email, to my understanding yahoo does not allow you to send emails to users massively from a third party script like Mysidia. You need to switch to gmail, hotmail, or mysidia's own email system instead. Read this post I made earlier for references:

http://mysidiaadoptables.com/forum/showpost.php?p=32919&postcount=2
 
Okay, so I got the reply from tech support for my web host and they said it's enabled, but I still can't do anything with passwords, sending resets or setting a new one on my own. I even tried to send the email using the form in the ACP and that didn't work.

Here is my forgotpass.php file:
PHP: 
<?php

use Resource\Native\String as String;

class ForgotpassController extends AppController{

    public function __construct(){
        parent::__construct("guest");
    }
	
	public function index(){
		$mysidia = Registry::get("mysidia");		
		if($mysidia->input->post("submit")){
		    $user = $mysidia->db->select("users", array("username", "email", "ip"), "username = '{$mysidia->input->post("username")}' and email = '{$mysidia->input->post("email")}'")->fetchObject();
	        if(!is_object($user)) throw new PasswordException("match");			 
	        else{
	            $rand = codegen(10);
		        $date = new DateTime;
	            $mysidia->db->insert("passwordresets", array("id" => NULL, "username" => $mysidia->input->post("username"), "email" => $mysidia->input->post("email"), "code" => $rand, "ip" => $_SERVER['REMOTE_ADDR'], "date" => $date->format('Y-m-d')));

                $headers = "From: {$mysidia->settings->systememail}";	
                $message = "Hello there {$mysidia->input->post("username")}:\n\nOur records indicate that you requested a password reset for your account.  Below is your reset code:\n
                              Reset Code: {$rand}\n\nTo have your password changed please visit the following URL:\n
                              {$mysidia->path->getAbsolute()}forgotpass/reset 
                              \n\nIf you did NOT request a password reset then please ignore this email to keep your current password.\n\n
                              Thanks,\nThe {$sitename} team.";
		        mail($mysidia->input->post("email"), "Password Reset Request for {$mysidia->input->post("username")}", $message, $headers);
	        }
            return;
		}		  
	}
	
	public function reset(){
	    $mysidia = Registry::get("mysidia");		
	    if($mysidia->input->post("submit")){
		    $passwordResets = $mysidia->db->select("passwordresets", array(), "username = '{$mysidia->input->post("username")}' and email = '{$mysidia->input->post("email")}' and code='{$mysidia->input->post("resetcode")}' ORDER BY id DESC LIMIT 1")->fetchObject();	
		    if(!is_object($passwordResets)) throw new InvalidCodeException("invalidcode");		
	        else{		
		        $newPass = $mysidia->user->reset($passwordResets->username, $passwordResets->email); 
                $this->setField("newPass", new String($newPass));				
	        }		 	    
			return;
		}
	}
}
?>

That I'm aware of, none of the code has been changed from install. I'm at a total loss here and I have a few members who currently can't access their accounts. Any and all help is, was, and will always be appreciated.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
Hall of Famer What is new in Mys v1.3.6: Forum integration in ACP News & Updates 1
Dinocanid Fatal errors in ACP Questions and Supports 10
S Hearty Mysidia [ACP THEME] Templates and Themes 1
shoucchi No class_page.php in 1.3.4, can't access ACP Questions and Supports 3
S Editing Adoptables Description ACP Questions and Supports 1

Similar threads

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
  • Forum Contains New Posts
  • Forum Contains No New Posts

Forum statistics

Threads
4,278
Messages
33,125
Members
1,602
Latest member
BerrieMilk
BETA

Latest Threads

Latest Posts

Share

Top