Hi Blair.. Its hard to say what happened . these particular users "forget" their passwords all the time, so I dump them for an admin person to easily pull up... the user in this case was trying to use the last known password, which I confirmed.. it is possible it has changed... Could be an isolated incident... If this comes up again I'll repost here.
On Tuesday, March 26, 2013 1:48:42 PM UTC-7, Blair McK wrote: > > In 6.2 we have switched to hashing user passwords by default. The prefix > you mentioned indicates which hashing algorithm was used. FarCry uses that > prefix to determine whether a user's password is still in plaintext and > needs to be updated. That check is automatic when a user logs in, but you > can kick of a full database update as Sean mentions. > > When you say the user is unable to login, does that mean they forgot their > password or something else? As an admin you can reset passwords in the > webtop. You can also update the database with a plaintext password, and > FarCry should handle that fine. > > Blair > > > On Wed, Mar 27, 2013 at 7:02 AM, Sean Coyne <[email protected]<javascript:> > > wrote: > >> Strange. I have updated several sites to 6.2.x w/o running the password >> update utility and have no issues with users being unable to login. >> Perhaps some one from Daemon can shed some light. >> >> >> On Tuesday, March 26, 2013 3:42:53 PM UTC-4, Might Aswell wrote: >>> >>> Hi Sean, >>> >>> No.. I dont believe so.. I checked farUser and don't see lastupdated set >>> to passwordfix... however... Idid just notice that this seems to happen >>> AUTOMATICALLY when a user logs in??? >>> >>> I picked a random user that had an old style password, logged in and >>> refreshed the farUser table and the pw was changed... >>> >>> >>> On Tuesday, March 26, 2013 12:29:03 PM UTC-7, Sean Coyne wrote: >>>> >>>> Did you run the upgrade password security utility? >>>> >>>> On Tuesday, March 26, 2013 3:09:12 PM UTC-4, Might Aswell wrote: >>>>> >>>>> I have noticed after upgrading to 6-2-7, that some of my farUser's >>>>> passwords have 'changed' >>>>> >>>>> They appear to be some sort of hash value now instead of a plain text >>>>> password... all of them are prefixed with $2a$10$ >>>>> >>>>> I discovered this when a user reported being unable to login to a >>>>> protected section of the web site using a last known working password. I >>>>> confirmed the issue and then reset it (to itself) via the web top. >>>>> >>>>> Can someone tell me what changed and why, and why only "some" of these >>>>> users seem to have the new "strange' password in the password column >>>>> (forgotpasswordhash) is NULL for all these users. >>>>> >>>>> Thanks, >>>>> >>>>> Chris >>>>> >>>> -- >> You received this message cos you are subscribed to "farcry-dev" Google >> group. >> To post, email: [email protected] <javascript:> >> To unsubscribe, email: [email protected] <javascript:> >> For more options: http://groups.google.com/group/farcry-dev >> -------------------------------- >> Follow us on Twitter: http://twitter.com/farcry >> --- >> You received this message because you are subscribed to the Google Groups >> "farcry-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry --- You received this message because you are subscribed to the Google Groups "farcry-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
