FEU old hashing mechanism; feuser login not working

[postiffm]

Just upgraded to 2.2.10. My one frontend user cannot log in now. I see in FEU Management that the user is marked as "Unsafe" in red. The pop-up "tool tip" warning says this:

Code: Select all

This users password us using an old hashing mechanism. The user should change the password.

(I tried to type that message exactly, so "users" and "us" are typos in the code.)

Anyway, I changed the password and it didn't help. I deleted the user and re-created, and I still can't log in as that user on the front end. I changed "Require strong password" from No to Yes, and then deleted and recreated the user, and still no good.

Is there a way to turn a switch that will update the hashing function, or should I just remove the FEU module and install it fresh?

[DIGI3]

Did you add the csrf tag to the login forms? A lot of people miss that step when upgrading.

[postiffm]

I did not know anything about csrf. Here's my call:

Code: Select all

{FrontEndUsers action="login" logintemplate="FEU login form" returnto="parent-home"}

I see the {cge_form_csrf} several places in an admin search, including in the FEU login form.

Code: Select all

Search Templates (5)
FEU chsettings form
age}</p> {/if}{/if}{$startform}{cge_form_csrf} {if $controlcount > 0} {foreach $contr

FEU forgot password form
rgot password template -->{$startform}{cge_form_csrf}{$title}{if !empty($message) } {if !em

FEU forgot password verify
verification template -->{$startform}{cge_form_csrf}{$title}{if !empty($message)} {if !emp

FEU login form
normallogin')}:</legend> {$startform}{cge_form_csrf} {* * a simple honeypot captcha....i

FEU lost username form
{if $controlcount > 0} {$startform}{cge_form_csrf}{$hidden} <div class="pagerow"> <

What am I missing?

[DIGI3]

Looks like you have them then, assuming those are the login templates you're using. I thought perhaps that was the issue.

Does a newly created user work?

[postiffm]

I have them, but only "by accident" in that I was formerly using whatever the default login template was. I just now specified it explicitly so I would know in the future.

I created a new testuser, and the FEU users list shows this one as "Unsafe" as well, same tool tip reason given as I mentioned before. I cannot log in with this user either.

I'm hoping to avoid uninstalling...I don't think I can until I uninstall CustomContent, then I'd have to reinstall both. Maybe it is not too painful a process...

[postiffm]

This problem is solved. First, I backed up everything.

Next, I uninstalled CustomContent (this was a VERY old module that I guess has been integrated into CMSMS core functionality with "Protected Content"). I just didn't notice all this time.

Then I uninstalled FrontEndUsers, and reinstalled it fresh, re-created my one user (!) and it seems to be all happy now.