phpBB Smith: password not correct error

Author	Message
Mikecp421 Member
Sun Aug 14, 2005 6:07 pm Post subject: password not correct error
I thought I had this issue fixed but someone alerted me to it again. When I or anyone tries to change their profile and confirms the password the error message comes up that the stored password is not correct. WHere would I look to begin to hunt this down? Thanks.

Thoul Administrator
Sun Aug 14, 2005 11:09 pm Post subject: re: password not correct error
The places to look will be in usercp_register.php and profile_add_body.tpl. For profile_add_body.tpl file, you can concentrate on the password fields, which look like this in subSilver: Code: <tr> <td class="row1"><span class="gen">{L_CURRENT_PASSWORD}: </span><br /> <span class="gensmall">{L_CONFIRM_PASSWORD_EXPLAIN}</span></td> <td class="row2"> <input type="password" class="post" style="width: 200px" name="cur_password" size="25" maxlength="32" value="{CUR_PASSWORD}" /> </td> </tr> <!-- END switch_edit_profile --> <tr> <td class="row1"><span class="gen">{L_NEW_PASSWORD}: </span><br /> <span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td> <td class="row2"> <input type="password" class="post" style="width: 200px" name="new_password" size="25" maxlength="32" value="{NEW_PASSWORD}" /> </td> </tr> <tr> <td class="row1"><span class="gen">{L_CONFIRM_PASSWORD}: * </span><br /> <span class="gensmall">{L_PASSWORD_CONFIRM_IF_CHANGED}</span></td> <td class="row2"> <input type="password" class="post" style="width: 200px" name="password_confirm" size="25" maxlength="32" value="{PASSWORD_CONFIRM}" /> </td> </tr> The problem is more likely to be in usercp_register.php. About all I can recommend there is going through the file line by line, comparing it to an unmodified version. The problem should be somewhere in the top half of the file. This is the area where the error would be most likely to occur, again from an unmodified file. Code: $passwd_sql = ''; if ( !empty($new_password) && !empty($password_confirm) ) { if ( $new_password != $password_confirm ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch']; } else if ( strlen($new_password) > 32 ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_long']; } else { if ( $mode == 'editprofile' ) { $sql = "SELECT user_password FROM " . USERS_TABLE . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( $row['user_password'] != md5($cur_password) ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch']; } } if ( !$error ) { $new_password = md5($new_password); $passwd_sql = "user_password = '$new_password', "; } } } else if ( ( empty($new_password) && !empty($password_confirm) ) \|\| ( !empty($new_password) && empty($password_confirm) ) ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch']; }

Mikecp421 Member
Sun Aug 14, 2005 11:45 pm Post subject: re: password not correct error
here is what that area of my usercp_register.php in MorpheusXtreme steelblue Code: $passwd_sql = ''; if ( $mode == 'editprofile' ) { if ( $user_id != $userdata['user_id'] ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile']; } } else if ( $mode == 'register' ) { $avatar_register = isset($HTTP_POST_VARS['avatar_select']) ? str_replace("\'", "''", htmlspecialchars(trim($HTTP_POST_VARS['avatar_select']))) : ''; if ( empty($username) \|\| empty($new_password) \|\| empty($password_confirm) \|\| empty($email) \|\| empty($avatar_register) ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty']; } } if ($board_config['enable_confirm'] && $mode == 'register') { if (empty($HTTP_POST_VARS['confirm_id'])) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong']; } else { $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']); if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id)) { $confirm_id = ''; } $sql = 'SELECT code FROM ' . CONFIRM_TABLE . " WHERE confirm_id = '$confirm_id' AND session_id = '" . $userdata['session_id'] . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { if ($row['code'] != $confirm_code) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong']; } else { $sql = 'DELETE FROM ' . CONFIRM_TABLE . " WHERE confirm_id = '$confirm_id' AND session_id = '" . $userdata['session_id'] . "'"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); } } } else { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong']; } $db->sql_freeresult($result); } } $passwd_sql = ''; if ( !empty($new_password) && !empty($password_confirm) ) { if ( $new_password != $password_confirm ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch']; } else if ( strlen($new_password) > 32 ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_long']; } else { if ( $mode == 'editprofile' ) { $sql = "SELECT user_password FROM " . USERS_TABLE . " WHERE user_id = $user_id"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql); } $row = $db->sql_fetchrow($result); if ( $row['user_password'] != md5($cur_password) ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch']; } } if ( !$error ) { $new_password = md5($new_password); $passwd_sql = "user_password = '$new_password', "; } } } else if ( ( empty($new_password) && !empty($password_confirm) ) \|\| ( !empty($new_password) && empty($password_confirm) ) ) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch']; }

Sun Aug 14, 2005 6:07 pm Post subject: password not correct error

I thought I had this issue fixed but someone alerted me to it again. When I or anyone tries to change their profile and confirms the password the error message comes up that the stored password is not correct. WHere would I look to begin to hunt this down? Thanks.

Sun Aug 14, 2005 11:09 pm Post subject: re: password not correct error

The places to look will be in usercp_register.php and profile_add_body.tpl. For profile_add_body.tpl file, you can concentrate on the password fields, which look like this in subSilver:

Code:

<tr>
 <td class="row1">{L_CURRENT_PASSWORD}: * 
 {L_CONFIRM_PASSWORD_EXPLAIN}</td>
 <td class="row2">
 <input type="password" class="post" style="width: 200px" name="cur_password" size="25" maxlength="32" value="{CUR_PASSWORD}" />
 </td>
</tr>

<tr>
 <td class="row1">{L_NEW_PASSWORD}: * 
 {L_PASSWORD_IF_CHANGED}</td>
 <td class="row2">
 <input type="password" class="post" style="width: 200px" name="new_password" size="25" maxlength="32" value="{NEW_PASSWORD}" />
 </td>
</tr>
<tr>
 <td class="row1">{L_CONFIRM_PASSWORD}: * 
 {L_PASSWORD_CONFIRM_IF_CHANGED}</td>
 <td class="row2">
 <input type="password" class="post" style="width: 200px" name="password_confirm" size="25" maxlength="32" value="{PASSWORD_CONFIRM}" />
 </td>
</tr>

The problem is more likely to be in usercp_register.php. About all I can recommend there is going through the file line by line, comparing it to an unmodified version. The problem should be somewhere in the top half of the file. This is the area where the error would be most likely to occur, again from an unmodified file.

Code:

$passwd_sql = '';
if ( !empty($new_password) && !empty($password_confirm) )
{
 if ( $new_password != $password_confirm )
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Password_mismatch'];
 }
 else if ( strlen($new_password) > 32 )
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Password_long'];
 }
 else
 {
 if ( $mode == 'editprofile' )
 {
 $sql = "SELECT user_password
 FROM " . USERS_TABLE . "
 WHERE user_id = $user_id";
 if ( !($result = $db->sql_query($sql)) )
 {
 message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
 }

 $row = $db->sql_fetchrow($result);

 if ( $row['user_password'] != md5($cur_password) )
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Current_password_mismatch'];
 }
 }

 if ( !$error )
 {
 $new_password = md5($new_password);
 $passwd_sql = "user_password = '$new_password', ";
 }
 }
}
else if ( ( empty($new_password) && !empty($password_confirm) ) || ( !empty($new_password) && empty($password_confirm) ) )
{
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Password_mismatch'];
}

Sun Aug 14, 2005 11:45 pm Post subject: re: password not correct error

here is what that area of my usercp_register.php in MorpheusXtreme steelblue

Code:

$passwd_sql = '';
if ( $mode == 'editprofile' )
{
 if ( $user_id != $userdata['user_id'] )
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Wrong_Profile'];
 }
}
else if ( $mode == 'register' )
{
$avatar_register = isset($HTTP_POST_VARS['avatar_select']) ? str_replace("\'", "''", htmlspecialchars(trim($HTTP_POST_VARS['avatar_select']))) : '';
if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) || empty($avatar_register) ) {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Fields_empty'];
 }
}

if ($board_config['enable_confirm'] && $mode == 'register')
{
 if (empty($HTTP_POST_VARS['confirm_id']))
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Confirm_code_wrong'];
 }
 else
 {
 $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
 if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
 {
 $confirm_id = '';
 }

 $sql = 'SELECT code
 FROM ' . CONFIRM_TABLE . "
 WHERE confirm_id = '$confirm_id'
 AND session_id = '" . $userdata['session_id'] . "'";
 if (!($result = $db->sql_query($sql)))
 {
 message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
 }

 if ($row = $db->sql_fetchrow($result))
 {
 if ($row['code'] != $confirm_code)
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Confirm_code_wrong'];
 }
 else
 {
 $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
 WHERE confirm_id = '$confirm_id'
 AND session_id = '" . $userdata['session_id'] . "'";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
 }
 }
 }
 else
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Confirm_code_wrong'];
 }
 $db->sql_freeresult($result);
 }
}

$passwd_sql = '';
if ( !empty($new_password) && !empty($password_confirm) )
{
 if ( $new_password != $password_confirm )
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Password_mismatch'];
 }
 else if ( strlen($new_password) > 32 )
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Password_long'];
 }
 else
 {
 if ( $mode == 'editprofile' )
 {
 $sql = "SELECT user_password
 FROM " . USERS_TABLE . "
 WHERE user_id = $user_id";
 if ( !($result = $db->sql_query($sql)) )
 {
 message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
 }

 $row = $db->sql_fetchrow($result);

 if ( $row['user_password'] != md5($cur_password) )
 {
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Current_password_mismatch'];
 }
 }

 if ( !$error )
 {
 $new_password = md5($new_password);
 $passwd_sql = "user_password = '$new_password', ";
 }
 }
}
else if ( ( empty($new_password) && !empty($password_confirm) ) || ( !empty($new_password) && empty($password_confirm) ) )
{
 $error = TRUE;
 $error_msg .= ( ( isset($error_msg) ) ? ' ' : '' ) . $lang['Password_mismatch'];
}