Page 1 of 1
FEU old hashing mechanism; feuser login not working
Posted: Tue Mar 19, 2019 3:01 pm
by postiffm
Just upgraded to 2.2.10. My one frontend user cannot log in now. I see in FEU Management that the user is marked as "Unsafe" in red. The pop-up "tool tip" warning says this:
Code: Select all
This users password us using an old hashing mechanism. The user should change the password.
(I tried to type that message exactly, so "users" and "us" are typos in the code.)
Anyway, I changed the password and it didn't help. I deleted the user and re-created, and I still can't log in as that user on the front end. I changed "Require strong password" from No to Yes, and then deleted and recreated the user, and still no good.
Is there a way to turn a switch that will update the hashing function, or should I just remove the FEU module and install it fresh?
Re: FEU old hashing mechanism; feuser login not working
Posted: Tue Mar 19, 2019 3:04 pm
by DIGI3
Did you add the csrf tag to the login forms? A lot of people miss that step when upgrading.
Re: FEU old hashing mechanism; feuser login not working
Posted: Tue Mar 19, 2019 3:30 pm
by postiffm
I did not know anything about csrf. Here's my call:
Code: Select all
{FrontEndUsers action="login" logintemplate="FEU login form" returnto="parent-home"}
I see the {cge_form_csrf} several places in an admin search, including in the FEU login form.
Code: Select all
Search Templates (5)
FEU chsettings form
age}</p> {/if}{/if}{$startform}{cge_form_csrf} {if $controlcount > 0} {foreach $contr
FEU forgot password form
rgot password template -->{$startform}{cge_form_csrf}{$title}{if !empty($message) } {if !em
FEU forgot password verify
verification template -->{$startform}{cge_form_csrf}{$title}{if !empty($message)} {if !emp
FEU login form
normallogin')}:</legend> {$startform}{cge_form_csrf} {* * a simple honeypot captcha....i
FEU lost username form
{if $controlcount > 0} {$startform}{cge_form_csrf}{$hidden} <div class="pagerow"> <
What am I missing?
Re: FEU old hashing mechanism; feuser login not working
Posted: Tue Mar 19, 2019 3:40 pm
by DIGI3
Looks like you have them then, assuming those are the login templates you're using. I thought perhaps that was the issue.
Does a newly created user work?
Re: FEU old hashing mechanism; feuser login not working
Posted: Tue Mar 19, 2019 3:44 pm
by postiffm
I have them, but only "by accident" in that I was formerly using whatever the default login template was. I just now specified it explicitly so I would know in the future.
I created a new testuser, and the FEU users list shows this one as "Unsafe" as well, same tool tip reason given as I mentioned before. I cannot log in with this user either.
I'm hoping to avoid uninstalling...I don't think I can until I uninstall CustomContent, then I'd have to reinstall both. Maybe it is not too painful a process...
[SOLVED] FEU old hashing mechanism; feuser login not working
Posted: Tue Mar 19, 2019 6:22 pm
by postiffm
This problem is solved. First, I backed up everything.
Next, I uninstalled CustomContent (this was a VERY old module that I guess has been integrated into CMSMS core functionality with "Protected Content"). I just didn't notice all this time.
Then I uninstalled FrontEndUsers, and reinstalled it fresh, re-created my one user (!) and it seems to be all happy now.