FEU old hashing mechanism; feuser login not working

Have a question or a suggestion about a 3rd party addon module or plugin?
Let us know here.
Post Reply
postiffm
Forum Members
Forum Members
Posts: 118
Joined: Tue Nov 30, 2010 12:16 am

FEU old hashing mechanism; feuser login not working

Post by postiffm »

Just upgraded to 2.2.10. My one frontend user cannot log in now. I see in FEU Management that the user is marked as "Unsafe" in red. The pop-up "tool tip" warning says this:

Code: Select all

This users password us using an old hashing mechanism. The user should change the password.
(I tried to type that message exactly, so "users" and "us" are typos in the code.)

Anyway, I changed the password and it didn't help. I deleted the user and re-created, and I still can't log in as that user on the front end. I changed "Require strong password" from No to Yes, and then deleted and recreated the user, and still no good.

Is there a way to turn a switch that will update the hashing function, or should I just remove the FEU module and install it fresh?
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1151
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: FEU old hashing mechanism; feuser login not working

Post by DIGI3 »

Did you add the csrf tag to the login forms? A lot of people miss that step when upgrading.
Not getting the answer you need? CMSMS support options
postiffm
Forum Members
Forum Members
Posts: 118
Joined: Tue Nov 30, 2010 12:16 am

Re: FEU old hashing mechanism; feuser login not working

Post by postiffm »

I did not know anything about csrf. Here's my call:

Code: Select all

{FrontEndUsers action="login" logintemplate="FEU login form" returnto="parent-home"}
I see the {cge_form_csrf} several places in an admin search, including in the FEU login form.

Code: Select all

Search Templates (5)
FEU chsettings form
age}</p> {/if}{/if}{$startform}{cge_form_csrf} {if $controlcount > 0} {foreach $contr

FEU forgot password form
rgot password template -->{$startform}{cge_form_csrf}{$title}{if !empty($message) } {if !em

FEU forgot password verify
verification template -->{$startform}{cge_form_csrf}{$title}{if !empty($message)} {if !emp

FEU login form
normallogin')}:</legend> {$startform}{cge_form_csrf} {* * a simple honeypot captcha....i

FEU lost username form
{if $controlcount > 0} {$startform}{cge_form_csrf}{$hidden} <div class="pagerow"> <
What am I missing?
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1151
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

Re: FEU old hashing mechanism; feuser login not working

Post by DIGI3 »

Looks like you have them then, assuming those are the login templates you're using. I thought perhaps that was the issue.

Does a newly created user work?
Not getting the answer you need? CMSMS support options
postiffm
Forum Members
Forum Members
Posts: 118
Joined: Tue Nov 30, 2010 12:16 am

Re: FEU old hashing mechanism; feuser login not working

Post by postiffm »

I have them, but only "by accident" in that I was formerly using whatever the default login template was. I just now specified it explicitly so I would know in the future.

I created a new testuser, and the FEU users list shows this one as "Unsafe" as well, same tool tip reason given as I mentioned before. I cannot log in with this user either.

I'm hoping to avoid uninstalling...I don't think I can until I uninstall CustomContent, then I'd have to reinstall both. Maybe it is not too painful a process...
postiffm
Forum Members
Forum Members
Posts: 118
Joined: Tue Nov 30, 2010 12:16 am

[SOLVED] FEU old hashing mechanism; feuser login not working

Post by postiffm »

This problem is solved. First, I backed up everything.

Next, I uninstalled CustomContent (this was a VERY old module that I guess has been integrated into CMSMS core functionality with "Protected Content"). I just didn't notice all this time.

Then I uninstalled FrontEndUsers, and reinstalled it fresh, re-created my one user (!) and it seems to be all happy now.
Post Reply

Return to “Modules/Add-Ons”