View Issue Details

IDProjectCategoryView StatusLast Update
0003680OXID eShop (all versions)1.05. Userspublic2012-04-27 14:28
Reportermanuel 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.5.2 revision 38481 
Target VersionFixed in Version4.7.0_5.0.0_beta1 
Summary0003680: Cant login if password consists special-chars and forgot-password-functionality is used
DescriptionIn ForgotPwd::updatePassword() and User_Main::save() raw-values are used for saving passwords while in oxcmp_user::createUser(), oxcmp_user::login() and Account_Password::changePassword() values with replaced special-chars are used(oxConfig::checkSpecialChars()).
The problem resulting from this is that if ForgotPwd or User_Main are used to change to a password that consists special-chars, you won't be able to login to your account afterwards (Exception here is the Backend wich always uses raw-values).
Steps To ReproduceUse forgot-password-functionality and change to a password with special-chars.
Logout afterwards, and try to login with the new password.
TagsNo tags attached.
ThemeBoth
BrowserAll
PHP Version5.3
MySQL Versionany

Activities

jurate.baseviciene

2012-03-09 13:36

reporter   ~0005926

Reminder sent to: manuel

Hi

Sorry we can't reproduce such issue nor on current versions 4.5.8 neither version 4.6. Could you please try to reproduce that on our demo shops:
4.5.8: http://demoshop.oxid-esales.com/enterprise-edition/
4.6.0: http://demoshop.oxid-esales.com/beta/enterprise-edition/
?

manuel

2012-03-14 08:46

reporter   ~0005980

Last edited: 2012-03-14 09:05

View 2 revisions

Hi,

i was able to reproduce the bug on both of your demo shops.
1. Register a new user with password "o?p[]XfdKvA=#3K8tQ%
2. Logout and then try to login with the password used for registration. Result is it works.
3. Logout again and use the forgot-password-fuctionality. Use link from the recieved email to change your password to "o?p[]XfdKvA=#3K8tQ%
4. Logout and then try to login with the password used for forgot-password-functionality. Result is it doesnt work.

Same misbehavior if you use the admin-backend to change the password to "o?p[]XfdKvA=#3K8tQ%.

Greetings