Bug #21504
closed
Password change in User tools -> User setup impossible if rsaauth and saltedpassword are installed
Added by Christian Kuhn about 15 years ago.
Updated over 14 years ago.
Description
Interface tells a pw change was successful ("New password
Password was updated."), but new password doesn't work on BE login, login with old password is still possible.
(issue imported from #M12517)
Files
Is this true? Then this is a blocker!
Just ran into the problem here as well.
After a little more investigation, it looks like this is just a saltedpasswords / user setup issue and rsaauth isn't involved at all.
In EXT:setup/mod/index.php, the storeIncomingData() method calls the $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals'] hooks directly, These hooks are also called as part of the normal TCE main processing later in the method when the form data is saved. Since the hook is called twice, I guess we end up with an invalid password that cannot be saved.
Passing the raw password along to tcemain seems to work fine for me.
The attached patch solves this issue.
There was a hardcoded check wheter a stored password has the length of 32 (and thus is a MD5-hash). I could not determine, why this was there at all since updating password should work in any case.
The mentioned check has been there since rev. 347 when user settings have been integrated to the Core.
Committed to SVN Trunk (rev. 6452)
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by