HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

users added via sql cannot log in

meridienmeridien New
edited March 2020 in Vanilla 3.x Help

We add rows the the GDN_User and GDN_UserRole tables when approving a new user in our intranet. We use sso for a seamless log in to the vanilla forums from the intranet.

The sql to add a user row is: insert ignore into vanilla32.GDN_User (UserID, Name, Password, Email, DateInserted) values (...); The sql to add a user role row is: insert ignore into vanilla32.GDN_UserRole (UserID, RoleID) values (...). The UserID is the userid in our intranet, and the password field is hashed using php's md5 function.

Users added prior to the update to v3.2 can log into the forums, but users added since the upgrade cannot. There is no error message, the user receives this:

Clicking on the Connect button shows the loading image to the right of the button, but does not reveal a dialog to enter login information.

Any help would be appreciated.

Comments

  • I may have resolved the issue when inserting user rows from outside the vanilla world.

    To generate the password hash to populate the GDN_User.Password column in a php program, this seems to work:

    password_hash($cPassword, PASSWORD_BCRYPT);

    where $cPassword is the cleartext password. I also set the GDN_User.HashMethod column to 'Vanilla", but this may not be required.

    The newly-added users now get a dialog to enter their password, but this only needs to be done once.

    Again, to be clear, we are using sso to handle logins from our intranet, and users cannot sign up except by being approved on our intranet.

Sign In or Register to comment.