View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003680 | OXID eShop (all versions) | 1.05. Users | public | 2012-03-06 13:43 | 2012-04-27 14:28 |
| Reporter | manuel | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.5.2 revision 38481 | ||||
| Fixed in Version | 4.7.0_5.0.0_beta1 | ||||
| Summary | 0003680: Cant login if password consists special-chars and forgot-password-functionality is used | ||||
| Description | In ForgotPwd::updatePassword() and User_Main::save() raw-values are used for saving passwords while in oxcmp_user::createUser(), oxcmp_user::login() and Account_Password::changePassword() values with replaced special-chars are used(oxConfig::checkSpecialChars()). The problem resulting from this is that if ForgotPwd or User_Main are used to change to a password that consists special-chars, you won't be able to login to your account afterwards (Exception here is the Backend wich always uses raw-values). | ||||
| Steps To Reproduce | Use forgot-password-functionality and change to a password with special-chars. Logout afterwards, and try to login with the new password. | ||||
| Tags | No tags attached. | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | 5.3 | ||||
| Database Version | any | ||||
|
|
Reminder sent to: manuel Hi Sorry we can't reproduce such issue nor on current versions 4.5.8 neither version 4.6. Could you please try to reproduce that on our demo shops: 4.5.8: http://demoshop.oxid-esales.com/enterprise-edition/ 4.6.0: http://demoshop.oxid-esales.com/beta/enterprise-edition/ ? |
|
|
Hi, i was able to reproduce the bug on both of your demo shops. 1. Register a new user with password "o?p[]XfdKvA=#3K8tQ% 2. Logout and then try to login with the password used for registration. Result is it works. 3. Logout again and use the forgot-password-fuctionality. Use link from the recieved email to change your password to "o?p[]XfdKvA=#3K8tQ% 4. Logout and then try to login with the password used for forgot-password-functionality. Result is it doesnt work. Same misbehavior if you use the admin-backend to change the password to "o?p[]XfdKvA=#3K8tQ%. Greetings |
