2. PHPRunner General questions
  3. [SOLVED]  Lost Password No Longer Working
This topic is locked
[SOLVED]

 Lost Password No Longer Working

 		3/7/2013 11:15:39 AM
PHPRunner General questions
W
 wfcentral author

For some reason I just noticed that the lost password feature in my project is no longer working. My client reported that one of his workers was having trouble retrieving a forgotten password.
I have my passwords set to "encrypted" in the registration form.
Here is what happens.
Let's say my password is "football"
I look in the database and see the encrypted string there that looks LIKE "e2298603d12a5d039870bd4da4d2bf3e" - so, it appears to be working.
I click the "forgot password link and entered my username. It emails me the following info...

-----------------------------------------------------

Password reminder

You asked to remind your username and password at http://www.mysite.net/dashboard/remind.php

Username: myusername

Password: 0ys29928qo

-----------------------------------------------------
The email says this is a "reminder" This is not really a REMINDER - since checking the database I can see that the encrypted data has changed. So, it is really a "reset" of the password.
Also, if I try to enter the username/password that it just emailed me I get "Invalid Login"
I have updated to the latest version this morning and done a full rebuild and reupload. No change. Still does not work. Cannot log into my product.
Admin 3/7/2013

According to what I see - you use md5 password encryption (PHPRunner 6.1 or PHPRunner 6.2 standard). md5 is a one way hash function, passwords cannot be decryption. Password reminder function creates a new password and sends it you. So this is in fact a password reset.
If something doesn't work as expected post your application to Demo Account and open a ticket at http://support.xlinesoft.com sending your Demo Account URL. 'Demo Account' button can be found on the last screen in the program.
W
 		wfcentral author 3/7/2013



According to what I see - you use md5 password encryption (PHPRunner 6.1 or PHPRunner 6.2 standard). md5 is a one way hash function, passwords cannot be decryption. Password reminder function creates a new password and sends it you. So this is in fact a password reset.
If something doesn't work as expected post your application to Demo Account and open a ticket at http://support.xlinesoft.com sending your Demo Account URL. 'Demo Account' button can be found on the last screen in the program.


The problem is that the password it is sending does not work - so, whether it resets it or not I do not care...
I don't know about posting it in the demo account - it is a huge project with client sensitive data.
Admin 3/7/2013

Without seeing your project and data we can only guess and my guess is that something is not right with project or server configuration.
W
 		wfcentral author 3/7/2013



Without seeing your project and data we can only guess and my guess is that something is not right with project or server configuration.


Well - this has only gotten worse.
To back-track all my changes I have done the following. CHECKING SYSTEM with each step to see if it resolved the problem.
turned off the registration page

turned off the encrypted password option

created a new field called password2 and set that up to be the login password.
For some weird reason the 20 people that were in the system before this went weird - can still login. All NEW users I try to create get an "invalid login" error.
It's like there is something else in the system that is not set.
I have done a FULL rebuild and FULL upload.
Admin 3/7/2013

How do you want us to help you?
W
 		wfcentral author 3/8/2013



How do you want us to help you?


I have solved the issue. I will try to explain for others to benefit. However, I could write several pages on what happened.
The original project was an employee database - so, I created a table called "employees" that I stored the username/password in.
Later (after lots of custom code and 50 employees were added to the system) the client asked to have the ability for some customers to login and view some of the data.
Since I cannot create two login tables I decided to just add them to the "employee table" but create a new field called "userlevel" - in that field I would mark them as employee, customer or admin.
Then, I could set permissions for them. Next, I set my search query to only display employees on the employee tab and to show customers on another tab called customers (a view of the employee table).
The login was still pointed to the employee table.
So, the problem I was having is that these new customers could not login. Well, it was because the query for the employee list page excluded customers and as such, their logins were excluded from the login search.
Admin 3/8/2013

Makes sense. Thank you for the update.