encrypted password mismatch!

xyelox · Post by **xyelox** » Thu Feb 18, 2010 2:23 am

I have download the forgotpassword plugin. The problem is that after a user enter desired password on the confirmation link, it stated that the password successfully changed.

But when i login using the new password the system said that i entered an invalid userame or password.
and when i checked at the database, the password 'pass' (without quotes) appear as 1a1dc91c907325c69271ddf0c944bc72 while the other user with 'pass' as the password can login (in database appear as c35ec367e2d81189e7856e2f0486951bf8e1847f)

when i use md5 to decrypt the password, 1a1dc91c907325c69271ddf0c944bc72 turns into 'pass' and it fails to decrypt c35ec367e2d81189e7856e2f0486951bf8e1847f!!

what is wrong here? I'm quite new in php and I know nothing much. Hope you can help!

Post by **Don Chambers** » Thu Feb 18, 2010 6:23 am

What version of serendipity?

xyelox · Post by **xyelox** » Thu Feb 18, 2010 8:49 am

its 1.5.1

Post by **garvinhicking** » Thu Feb 18, 2010 9:33 am

Hi!

Thanks a lot for brining this to our attention! Serendipity 1.5 changed the way we hash passwords fmro md5 to salted sha1. It seems the forgotpassword plugin was not adapted for compatibility to this new hash method.

I just upgraded the plugin to version 0.10 which should appear soon on spartacus. If you want to try it out earlier, you can download the current version of that file here:

http://php-blog.cvs.sourceforge.net/vie ... ision=1.14

Best regards,
Garvin

xyelox · Post by **xyelox** » Fri Feb 19, 2010 2:37 am

wow! thanx guys!! it works! thanks alot..

encrypted password mismatch!

encrypted password mismatch!

Re: encrypted password mismatch!

Re: encrypted password mismatch!

Re: encrypted password mismatch!

Re: encrypted password mismatch!