CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

MAMS-Problem with salted password

https://forum.cmsmadesimple.org/viewtopic.php?t=83978

Page 1 of 1

MAMS-Problem with salted password

Posted: Tue Mar 26, 2024 4:44 pm
by reinhardmohr
Hi,
I hope anybody can help – thanks!
I have upgraded an older installation to 2.2.19 and php 8.1. Everything worked except FrontEndUsers and the internal pages.
So I installed MAMS and imported all the groups and users – this worked.
BIG THANKS TO THE MAKERS OF MAMS!!!!
But: We don't have a self registration. And when I add a new user manually this new user cannot login to the protected MAMS pages.
I tried all the settings and combinations and added many test users – nothing worked. Until I had a look into the MySQL database.
There clearly was a difference between the old imported users. And the new ones: A problem with salt and password:
Bildschirmfoto 2024-03-26 um 17.26.13.png
So I copied my old users salt and password to my new user (second row in the database screenshot). And now I could access the protected pages using the newly added user.
But now I am lost – am I doing something wrong?
Or is there a bug in MAMS?
We only have one additional user property (the regular name of the user). But no email. And email is not required.
Could someone help? I am really glad with the developers efforts to transform old modules to new ones – thank you!
But here I am lost …

Thanks
Reinhard

Re: MAMS-Problem with salted password

Posted: Mon Oct 14, 2024 3:29 am
by pestobullet
When you add a new user manually, ensure that the password is hashed properly. If the hashing algorithm used for passwords has changed in the upgrade, this could explain the discrepancies you're observing. It’s crucial to verify the hashing method used in both the old and new installations.

Re: MAMS-Problem with salted password

Posted: Mon Oct 21, 2024 2:38 pm
by Jo Morg
The above reply, not being wrong, is not complete.
MAMS should be able to retain and re-use FEU's settings. So, 'manually' adding users, I assume using MAMS backend interface should work fine.
So that brings to mind an issue with some older installations of FEU where some upgrades silently failed to complete but looked like they did complete. MAMS assumes a number of FEU settings being set on migration and if not found it will use default ones.
So I'm assuming that the password is salted by default with the username (being an email or otherwise). You should be able to set or unset it either on MAMS or on the preferences table of the database (I can't remind if it's still part of the user interface...) . The setting has to affect all users so, worst case scenario, once you set it all users will have to reset their passwords IIRC.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited