Password being stored plain text in database - causes failed login after password change

edited August 2014 in Bug Reports
I've just setup a new install of FuelCMS v1.2 and have a problem where the passwords for users are being stored as plain text in the database. This is causing a problem whereby the login screen refuses the login because (I guess) it is trying to unhash a password that isn't hashed.

This means I can't change the default admin password. I've also tried creating new users and have the same issue, so I can't create new users and have them login.

I have set an encryption key in the config.php per the install instructions.

Any ideas?

Thanks.

Comments

  • edited 1:34AM
    This has been fixed in the master branch and retagged for 1.2.
  • edited 1:34AM
    Not sure what's happened there then - I downloaded FuelCMS from Master 9 minutes after that commit (entirely by coincidence, not by design - this is my first try of FuelCMS).

    I'll re-download and let you know what happens.
  • edited 1:34AM
    Great, that's worked! Thanks for the quick fix.

    Now on to trying this thing out for real...
  • edited 1:34AM
    but tbh, i dont think store password plain in a good practice
  • edited 1:34AM
    It's not good practice. That was a regression bug from trying to fix a lockout issue when changing permissions and the fix didn't get properly merged in. It has been fixed for 1.2 and retagged.
  • edited 1:34AM
    Howdy, I've downloaded the Master from the FuelCMS website, I think I might be having the same problem. What exactly is the fix? I can sign in first time, but then after creating a new password I can no longer sign in. And I can also see my password as text in the database. Thank you.
  • edited 1:34AM
    @jamesstar - if you downloaded Master on 26th August, then download it again as there was a bug in the version available on that date. More specifically, I believe the fix is in fuel\modules\fuel\models\fuel_users_model.php (although there are also some other minor bug fixes since the release of 1.2, so may be worth downloading the whole Master again anyway).
  • edited August 2014
    @misterjaytee. Okay thanks, ill give it a go.

    Yes. This fixed it. Thank you.
Sign In or Register to comment.