ACP Password Change Bug

[Hwona]

Hello! I might be the only one, but has anyone else noticed that if you try and change a user's password via the acp, the user later can't log in with the new or the old password? I'm experimenting with v.1.3.3, but when I checked the v.1.3.4 list of fixed bugs, this wasn't mentioned. Does anyone else have this issue or know how to fix it?

PHP Code:

<?php

class ACPUserController extends AppController{

    const PARAM = "uid";
    private $view;
    private $subController;
    
    public function __construct(){
        parent::__construct();
        $mysidia = Registry::get("mysidia");
        if($mysidia->usergroup->getpermission("canmanageusers") != "yes"){
            throw new NoPermissionException("You do not have permission to manage users.");
        }    
    }
    
    public function index(){
        parent::index();
        $mysidia = Registry::get("mysidia");
        $document = $mysidia->frame->getDocument();        
        $stmt = $mysidia->db->select("users", array());        
        $fields = array("uid", "username", "email", "ip", "usergroup", "uid::edit", "uid::delete");
        
        $userTable = new TableBuilder("user");
        $userTable->setAlign(new Align("center", "middle"));
        $userTable->buildHeaders("uid", "Username", "Email", "IP", "Usergroup", "Edit", "Delete");
        $userTable->setHelper(new UserTableHelper);
        $userTable->setMethod($fields[1], "getProfileLink");
        $userTable->setMethod($fields[5], "getEditLink");
        $userTable->setMethod($fields[6], "getDeleteLink");
        $userTable->buildTable($stmt, $fields);
        $document->add($userTable);    
    }
    
    public function add(){
        throw new InvalidActionException($mysidia->lang->global_action);
    }
    
    public function edit(){
        $mysidia = Registry::get("mysidia");
        $document = $mysidia->frame->getDocument();
        if(!$mysidia->input->get("uid")){
            $this->index();
            return;
        }
        $user = new Member($mysidia->input->get("uid"));        
        
        if($mysidia->input->post("submit")){
            // A form has been submitted, we will be processing the request.
            if($mysidia->input->post("pass1")){
                $newsalt = codegen(15, 0); 
                $password = passencr($username, $pass1, $newsalt);
                $mysidia->db->update("users", array("password" => $password), "uid='{$mysidia->input->get("uid")}'");
                if($mysidia->input->post("emailpwchange") == "yes"){
                    //SEND THE PASSWORD CHANGE EMAIL...    
                    $systememail = $mysidia->settings->systememail;
                    $headers = "From: {$systememail}";
                    $message = "Hello {$user->username};\n\nYour password at {$mysidia->settings->sitename} has been changed by the site admin. Your new account details are as follows:\n
                                Username: {$user->username}\nPassword: {$mysidia->input->post("pass1")}\n
                                You can log in to your account at: {$mysidia->path->getAbsolute()}login\n
                                Thank You. The {$mysidia->settings->sitename} team.";
                    mail($mysidia->input->post("email"), "{$mysidia->settings->sitename} - Your password has been changed", $message, $headers);                    
                }
            }
                
            $mysidia->db->update("users", array("email" => $mysidia->input->post("email")), "uid='{$mysidia->input->get("uid")}'");
            if(is_numeric($mysidia->input->post("level"))) $mysidia->db->update("users", array("usergroup" => $mysidia->input->post("level")), "uid='{$mysidia->input->get("uid")}'");
            
            //Carry out user banning options
            if($mysidia->input->post("canlevel") == "no") $mysidia->db->update("users_status", array("canlevel" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canvm") == "no") $mysidia->db->update("users_status", array("canvm" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canfriend") == "no") $mysidia->db->update("users_status", array("canfriend" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("cantrade") == "no") $mysidia->db->update("users_status", array("cantrade" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canbreed") == "no") $mysidia->db->update("users_status", array("canbreed" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canpound") == "no") $mysidia->db->update("users_status", array("canpound" => 'no'), "uid='{$mysidia->input->get("uid")}'");  
            if($mysidia->input->post("canshop") == "no") $mysidia->db->update("users_status", array("canshop" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("unban") == "yes") unbanuser($user->username);
          
            $document->setTitle($mysidia->lang->edited_title);
            $document->addLangvar($mysidia->lang->edited);
        }
        else{
            // Show default form action
            $userForm = new FormBuilder("editform", $mysidia->input->get("uid"), "post");
            $userForm->add(new Comment("<br><br>"));
            $userForm->add(new Image("templates/icons/delete.gif"));
            $userForm->buildCheckBox(" Delete This User. <strong>This cannot be undone!</strong>", "delete", "yes")
                     ->buildComment("Assign New Password: ", FALSE)->buildPasswordField("password", "pass1", "", TRUE)
                     ->buildComment("Passwords may contain letters and numbers only. Leave the box blank to keep the current password.")
                     ->buildCheckBox(" Email the user the new password (Only takes effect if setting a new password) ", "emailpwchange", "yes")
                     ->buildComment("Change Email Address: ", FALSE)->buildTextField("email", $user->getemail())
                     ->buildCheckBox(" Ban this user's rights to click adoptables", "canlevel", "no")
                     ->buildCheckBox(" Ban this user's rights to post profile comments", "canvm", "no")
                     ->buildCheckBox(" Ban this user's rights to make trade offers", "cantrade", "no")
                     ->buildCheckBox(" Ban this user's rights to send friend requests", "canfriend", "no")
                     ->buildCheckBox(" Ban this user's rights to breed adoptables", "canbreed", "no")
                     ->buildCheckBox(" Ban this user's rights to abandon adoptables", "canpound", "no")
                     ->buildCheckBox(" Ban this user's rights to visit Shops", "canshop", "no");
                     
            $userForm->add(new Comment("<u>{$user->username}'s Current Usergroup:</u> Group {$user->usergroup}"));    
            $userForm->add(new Comment("Change {$user->username}'s Usergroup To:", FALSE));
            $userForm->buildDropdownList("level", "UsergroupList", $user->usergroup->gid)                    
                     ->buildButton("Edit User", "submit", "submit");
            $document->add($userForm);
        }
    }
    
    public function delete(){
         $mysidia = Registry::get("mysidia");
        $document = $mysidia->frame->getDocument();
        if(!$mysidia->input->get("uid")){
            $this->index();
            return;
        }

        $user = new Member($mysidia->input->get("uid"));
        deleteuser($user->username);
        $document->setTitle($mysidia->lang->delete_title);
        $document->addLangvar($mysidia->lang->delete);
        header("Refresh:3; URL='../../index'");
    }
    
    public function merge(){
        $mysidia = Registry::get("mysidia");
        throw new InvalidActionException($mysidia->lang->global_action);
    }
    
    public function search(){
        $mysidia = Registry::get("mysidia");
        throw new InvalidActionException($mysidia->lang->global_action);
    }
}

?>

[NobodysHero]

I also have this issue and my users aren't getting their password resets when they try to reset it. No email, nothing. I've tested this myself, so I know it's indeed a problem. It's always been an issue, just kept forgetting to look for a fix and normally just have them re-register, then I change their username or change the user name in the db, have them re-register, then change the db ID number. T_T Very involved and frustrating.

As I continued reading, I saw the issue with Yahoo, but I'm using mystfell@gmail.com as my admin email and tested it using another gmail to receive the reset.

[pachoofoosh]

Just looked through that script... it seems to update the password hash in the database but not the salt. Try changing line 39, which looks like:

PHP Code:

$mysidia->db->update("users", array("password" => $password), "uid='{$mysidia->input->get("uid")}'"); 


To this:

PHP Code:

$mysidia->db->update("users", array("password" => $password, "salt" => $newsalt), "uid='{$mysidia->input->get("uid")}'"); 


edit: omg didn't realize op posted this a few months ago ok whoops

@NobodysHero I'm not sure about the email thing, though. ;o; Last time I ran Mysidia the password resets were working fine... Does your host have the mail() function enabled? Some hosting providers disable that function.

[NobodysHero]

Just tried that, Pachoo, doesn't seem to work. T_T

Here's mine, in case maybe I did something wrong?

PHP Code:

<?php

class ACPUserController extends AppController{

    const PARAM = "uid";
    
    public function __construct(){
        parent::__construct();
        $mysidia = Registry::get("mysidia");
        if($mysidia->usergroup->getpermission("canmanageusers") != "yes"){
            throw new NoPermissionException("You do not have permission to manage users.");
        }    
    }
    
    public function index(){
        parent::index();
        $mysidia = Registry::get("mysidia");    
        $stmt = $mysidia->db->select("users");        
        $this->setField("stmt", new DatabaseStatement($stmt));
    }
    
    public function add(){
        throw new InvalidActionException("global_action");
    }
    
    public function edit(){
        $mysidia = Registry::get("mysidia");
        if(!$mysidia->input->get("uid")){
            $this->index();
            return;
        }
        $user = new Member($mysidia->input->get("uid"));        
        
        if($mysidia->input->post("submit")){
            // A form has been submitted, we will be processing the request.
            if($mysidia->input->post("pass1")){
                $newsalt = codegen(15, 0); 
                $password = passencr($username, $pass1, $newsalt);
                $mysidia->db->update("users", array("password" => $password, "salt" => $newsalt), "uid='{$mysidia->input->get("uid")}'");  
                if($mysidia->input->post("emailpwchange") == "yes"){
                    //SEND THE PASSWORD CHANGE EMAIL...    
                    $systememail = $mysidia->settings->systememail;
                    $headers = "From: {$systememail}";
                    $message = "Hello {$user->username};\n\nYour password at {$mysidia->settings->sitename} has been changed by the site admin. Your new account details are as follows:\n
                                Username: {$user->username}\nPassword: {$mysidia->input->post("pass1")}\n
                                You can log in to your account at: {$mysidia->path->getAbsolute()}login\n
                                Thank You. The {$mysidia->settings->sitename} team.";
                    mail($mysidia->input->post("email"), "{$mysidia->settings->sitename} - Your password has been changed", $message, $headers);                    
                }
            }
                
            $mysidia->db->update("users", array("email" => $mysidia->input->post("email")), "uid='{$mysidia->input->get("uid")}'");
            if(is_numeric($mysidia->input->post("level"))) $mysidia->db->update("users", array("usergroup" => $mysidia->input->post("level")), "uid='{$mysidia->input->get("uid")}'");
            
            //Carry out user banning options
            if($mysidia->input->post("canlevel") == "no") $mysidia->db->update("users_status", array("canlevel" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canvm") == "no") $mysidia->db->update("users_status", array("canvm" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canfriend") == "no") $mysidia->db->update("users_status", array("canfriend" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("cantrade") == "no") $mysidia->db->update("users_status", array("cantrade" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canbreed") == "no") $mysidia->db->update("users_status", array("canbreed" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("canpound") == "no") $mysidia->db->update("users_status", array("canpound" => 'no'), "uid='{$mysidia->input->get("uid")}'");  
            if($mysidia->input->post("canshop") == "no") $mysidia->db->update("users_status", array("canshop" => 'no'), "uid='{$mysidia->input->get("uid")}'");
            if($mysidia->input->post("unban") == "yes") unbanuser($user->username);
        }
    }
    
    public function delete(){
         $mysidia = Registry::get("mysidia");
        if(!$mysidia->input->get("uid")){
            $this->index();
            return;
        }

        $user = new Member($mysidia->input->get("uid"));
        deleteuser($user->username);
    }
    
    public function merge(){
        throw new InvalidActionException("global_action");
    }
    
    public function search(){
        throw new InvalidActionException("global_action");
    }
}
?>

[pachoofoosh]

Everything looks fine in the file. :'o If your site's users are not getting emails, it could be possible that your host has PHP's mail() function disabled. Try submitting a support ticket to your host to find out if PHP's mail() function is enabled?

[Hall of Famer]

Ditto to what Pachoofoosh said, some webhosts have disabled php's mail function for shared hosting accounts. On MysidiaHost we dont have this problem, but I cant speak for other webhosts.

[NobodysHero]

OH! YES RIGHT! I also forgot to mention, replaced that line that was suggested by Pachoo, but it's still not changing the password successfully. x.x I tried to log in using the password I made and it didn't let me in. T_T If either of you are willing to give it a good poke around, I'd appreciate it.

PS:And I did send in a ticket, just waiting for a response from the host.

[pachoofoosh]

Hmm.... Try pasting this on line 2, under the <?php line:

PHP Code:

include('../functions/functions.php'); 


[NobodysHero]

That gives me:

Quote:

The mystfell.com page isn’t working

mystfell.com is currently unable to handle this request.
500

Just for that page. Taking it out returned access to the page. x.x

[pachoofoosh]

Dang, sorry, i'm not quote sure what's going on with the code then. :c Maybe HoF can help? Seems to be there might be some hidden bug in the page's password updating code.