Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

[FIXED] HELP! No users can sign in, password hash incorrect. DB issue?

Andy KAndy K
edited September 2009 in Vanilla 1.0 Help
EDIT: Issue was because of upgrade from 1.1.4 to 1.1.9 (1.1.8 on exhibits this behavior), and the password field on the DB didn't support 1.1.8-length passwords (33 characters; field was 32 chars).

Users can't log in once either they:
1) Log out of their system and log back in, or
2) Log in from another PC (or from there, go back to their old system)
"The requested username and password combination could not be found."
If you go through the "I forgot my password" process, you will get an email with a reset link. You can go in and reset your password. When you use that password right there to log in, you get the "The requested username and password combination could not be found".
This affects ALL users.
If I go into phpMyAdmin to manually change their password in the database (to say "a"), they can use that password to get in, ONCE. Then, even before they go to "Change Password", the Password hash changes (immediately upon login), so if they try to change their password once they log in they can't ("old password is incorrect"), and if they just log out and log back in again right there, they get the same behavior as above.
I believe this is some verification/cookie thing, need help with it.

So, last night was a comedy of errors: Let's just say that because of one accident after another, I performed the worst upgrade of 1.1.4 to 1.1.9 ever. EVER. Including accidentally overwriting my /conf/settings.php file.

I got everything back to normal after what amounts to Overwriting Everything (1.1.4) with 1.1.9 (flushed an install of 1.1.9 over my 1.1.4 files), followed by moving /conf/settings.php from another site on my server (which also had been upgraded from 1.1.4 to 1.1.9, but without incident) to this site, then editing it to line up all the paths, cookie settings etc. Case closed... or so I thought.

Come this AM, I have a few members saying they can't sign in, and in all cases it was a "I am at work therefore using my work PC, not home PC". However, lots of people are still signed in right then (Who's Online shows many), and new posts are happening, including myself which led me to find out that this issue doesn't happen if you use the same PC (and didn't Sign Out) that you were using before The Big Disaster.

In other words, if their password is unchanged they can slip in using the same PC. But if they use a new PC, session, etc where the password hash is compared, they can't get in again.

Figuring out where the issue lies (smells like cookies/verification settings), and how to fix it. By fix it, I mean "so that users can log in again, either using their old password, or by simply clicking the "Lost my password, send me a new one", getting the link, changing it themselves and getting in that way.



  • Options
    Andy KAndy K
    edited September 2009
    EDIT: I did further testing: I completely backed up my DB, and restored it to a new DB hosted on a totally fresh/new install of 1.1.9 (hoping to totally clear all of my app-side settings). However, I get the same behavior as before on the new site as well (when, before the DB restore, it was fine on its own test DB).

    Anyway, this indicates that I can't just restore my DB to a new version of the latest version of Vanilla (which was my fallback plan). Sigh.

    Strange. Any thoughts?
  • Options
    Got it. Answer was here:

    My other DB (which I used for sister-testing) must have been installed at 1.1.6 or something. Anyway, from 1.1.4 to 1.1.8, the password mechanism changed. I went into the DB and moved the LUM_User - Password type from varchar(32) to varchar(40). Thank god for phpMyAdmin and its GUI. Anyway, that cleared it right up!

    Thanks to all those who posted in the above thread, especially karlkatzke
  • Options
    MarkMark Vanilla Staff
    Glad you got it sorted out!
Sign In or Register to comment.