Skip to:
Content
Pages
Categories
Search
Top
Bottom

Profile Change resets User PW

  • @nekita

    Member

    I’m having a “small” but rather annoying issue with my bbP install (bbP latest Alpha, WP 2.6.2, non-integrated with kakumei template).

    Now when a user’s Profile data is changed on the Profile Tab (either by the user himself or any Admin/Keymaster), this users PW receives a reset leaving him unable to login with his old PW and he’ll need to request a new one.

    A temporary solution seems to be to let users confirm their old PW on the Profile page everytime even if they only want to change other data like their name.

    However, this is of course only a workaround for the user himself because the Admins/Keymasters don’t know the user’s PW.

    For now I settled on changing privileges etc. directly via the DB which will leave the PW intact, still it’s quite a bit of extra work.

    Is this a known issue with the Alpha release?

    Thanks a lot

    Lars

Viewing 22 replies - 1 through 22 (of 22 total)
  • @sambauers

    Participant

    If the password fields are left blank they should be ignored.

    @nekita

    Member

    Yes I agree they should, but they’re not. I added a warning message for my users for the time being to reenter their original password when making profile changes even if they have no intention to change the pw.

    @sambauers

    Participant

    Well, this isn’t happening for me. Is the problem on this site? http://chocolatebydeath.com/forum/

    @nekita

    Member

    Yes that’s it.

    See, I have this testuser account with it’s own PW. Now when I logon to

    Admin–>Admin Panel–>Users–>Edit testuser

    and change, say, the Custom Title with the PW blank, confirm with ‘Update Profile’ , logout of Admin and try to logon to testuser again, the old PW is no longer valid.

    @chrishajer

    Participant

    Can you check the password hash in the database for a user both before and after making a change to the profile? If the password has changes in the database, does it change to the same thing every time (access the profile page and make an unrelated change, multiple times)? For example, if you access the profile page for one user, and the hash in the database changes after you save their profile, can you access the profile page of another member, and then see if that password changes to the same hash?

    @nekita

    Member

    Ok,

    I assume that would be the shared key under wp_users in the DB (user_pass).

    First I noted the hash for my regular testuser account (1). Then I made a profile change for that with the admin and wrote down the new (now changed) pw hash (2). Then I made another change with the admin to testuser and, again, I get a different pw hash (3).

    However, when I aquire a new PW with testuser and change that to the original pw for testuser (4) from step 1 so that pw (1) and (4) match, the hash is again different even though it’s the same pw.

    Then I made a second testuser account and compared the hash after an admin profile change (5) with the hash from (2) and they differ.

    Hope that makes any sense.

    @sambauers

    Participant

    The password hash is always unique, even when the password is the same, that’s the nature of phpass hashes.

    I joined and logged in to your site. I edited my profile and indeed the password stopped working. First things first, try deactivating the signatures plugin you are using and see if the problem still occurs. If not that’s the culprit and it needs to be modified by the plugin author to stop this behaviour.

    @nekita

    Member

    Hi Sam,

    I just deactivated all my plugins and had another try with the testuser account but it will still change the PW if I do a Profile change (User or Admin induced).

    Best

    Lars

    @sambauers

    Participant

    Another thing left is to try it using the default template instead of the custom one you are using and seeing if that changes the behaviour.

    You can just switch to it temporarily, then test and switch back.

    @nekita

    Member

    The template I’m using is just a color-modified Kakumei.

    I changed it to Kakumei Blue and tried but to no avail.

    @sambauers

    Participant

    Are you loading WordPress inside bbPress?

    @nekita

    Member

    I’m just loading certain components from my WP Blog to give bbPress the same appearance (header and footer graphics, menu etc.). However it’s not a deep integration via bb-config.php.

    I also deleted the entire modified template folder and replaced it with the original Kakumei template for testing reasons but the problem persisted.

    @chrishajer

    Participant

    How are you loading those items from WordPress? Using WordPress functions or just calling the graphics directly?

    @nekita

    Member

    I’m calling the graphics directly via header.php, footer.php and front-page.php

    @sambauers

    Participant

    Does that mean you are including WordPress’ header.php file in bbPress?

    @nekita

    Member

    No, I’m calling certain elements used in the WordPress header in the bbPress header too like the header.jpg and some Java for the menu. Only the things that are needed for a coherent design as is.

    @nekita

    Member

    So I just deleted the entire forum folder (but for bb-config.php) and replaced it with the original content from bbpress-1.0-alpha.zip. Problem persists.

    That means that I can only think of three scenarios:

    1. The problem is a general problem with 1.0-alpha

    2. It has something to do with my DB and it’s implementation with WP/bbP

    3. A problem with bb-config.php? (though unlikely given the nature of the issue)

    @sambauers

    Participant

    Is there anything unusual in your config file?

    @sambauers

    Participant

    I just retested on my local copy.

    Neither editing my own or anyone else’s profile causes a problem. No matter who I am logged in as.

    It has to be something local to your setup.

    @nekita

    Member

    I just wanted to note that the Upgrade to Alpha 2 along with the consequent DB update during the installation process mysteriously solved the issue.

    Profile changes (both user and admin induced) are now possible without altering the pw.

    @chrishajer

    Participant

    Just mentioning this hear in case anyone is having a similar issue. On a new WordPress 2.6.2 installation, I have noticed that when I access the user profile page, the first password field already has a password in it, asterisked out. When I look at what that value is, it appears to be the value of the existing password, in the field for the new password (first field of two.)

    I will check WordPress.org and file a bug there or see if anyone else has had a similar experience. It just seemed somehow related to this weirdness.

    @chrishajer

    Participant

    Sort of like this, but I don’t have any plugins installed:

    https://wordpress.org/support/topic/207654

Viewing 22 replies - 1 through 22 (of 22 total)
  • You must be logged in to reply to this topic.
Skip to toolbar