View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003680||OXID eShop (all versions)||1.05. Users||public||2012-03-06 13:43||2012-04-27 14:28|
|Product Version||4.5.2 revision 38481|
|Target Version||Fixed in Version||4.7.0_5.0.0_beta1|
|Summary||0003680: Cant login if password consists special-chars and forgot-password-functionality is used|
|Description||In ForgotPwd::updatePassword() and User_Main::save() raw-values are used for saving passwords while in oxcmp_user::createUser(), oxcmp_user::login() and Account_Password::changePassword() values with replaced special-chars are used(oxConfig::checkSpecialChars()).|
The problem resulting from this is that if ForgotPwd or User_Main are used to change to a password that consists special-chars, you won't be able to login to your account afterwards (Exception here is the Backend wich always uses raw-values).
|Steps To Reproduce||Use forgot-password-functionality and change to a password with special-chars.|
Logout afterwards, and try to login with the new password.
|Tags||No tags attached.|
Reminder sent to: manuel
Sorry we can't reproduce such issue nor on current versions 4.5.8 neither version 4.6. Could you please try to reproduce that on our demo shops:
i was able to reproduce the bug on both of your demo shops.
1. Register a new user with password "o?pXfdKvA=#3K8tQ%
2. Logout and then try to login with the password used for registration. Result is it works.
3. Logout again and use the forgot-password-fuctionality. Use link from the recieved email to change your password to "o?pXfdKvA=#3K8tQ%
4. Logout and then try to login with the password used for forgot-password-functionality. Result is it doesnt work.
Same misbehavior if you use the admin-backend to change the password to "o?pXfdKvA=#3K8tQ%.