Bug #21504
closed
Password change in User tools -> User setup impossible if rsaauth and saltedpassword are installed
0%
Description
Interface tells a pw change was successful ("New password
Password was updated."), but new password doesn't work on BE login, login with old password is still possible.
(issue imported from #M12517)
Files
Updated by Steffen Gebert about 15 years ago
Is this true? Then this is a blocker!
Updated by
Updated by Jeff Segars about 15 years ago
Just ran into the problem here as well.
Updated by Jeff Segars about 15 years ago
After a little more investigation, it looks like this is just a saltedpasswords / user setup issue and rsaauth isn't involved at all.
In EXT:setup/mod/index.php, the storeIncomingData() method calls the $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals'] hooks directly, These hooks are also called as part of the normal TCE main processing later in the method when the form data is saved. Since the hook is called twice, I guess we end up with an invalid password that cannot be saved.
Passing the raw password along to tcemain seems to work fine for me.
Updated by Oliver Hader about 15 years ago
The attached patch solves this issue.
There was a hardcoded check wheter a stored password has the length of 32 (and thus is a MD5-hash). I could not determine, why this was there at all since updating password should work in any case.
The mentioned check has been there since rev. 347 when user settings have been integrated to the Core.