Forgot Password option sending as MD5 encypted

ace67 · November 26th, 2006, 11:07 PM

I just had a user tell me about a problem she encountered in when using the "forgot password" option. It seems RP is sending the new password in MD5 encrypted form and that does not work when they try to log in. I tried it myself and sure enough, the new password sent is like "ef8fc36f7294dc71ecd02e4b002e5e1f".

What do I need to look for and/or change to fix this?

Chuck S · November 26th, 2006, 11:12 PM

what version are you using try downloading the build and uploading the language and main php files. sounds like a bug with an older version

ace67 · November 26th, 2006, 11:15 PM

3.32. What are the main files?

Chuck S · November 26th, 2006, 11:23 PM

The main core php files like member.php etc

Just reupload those and the language directory

ace67 · November 27th, 2006, 08:05 AM

Did as you suggested with newly downloaded copy of 3.32. Didn't help. So I started troubleshooting and found the problem. In emails.php, line 123 says:

Your new password is: {$newpass}

I changed that $newpass which had been MD5 encrypted by member.php line 250 -" $newpass = md5($genpass); "- to $genpass and now it's working properly.

The script did all the processing of the temporary password correctly. It was just being told to send the wrong one to the user. The above change has taken care of that.

Chuck S · November 27th, 2006, 08:31 AM

I show in the reviewpost source we have available for download that is correctly says this

Your username is: {$dbuser}
Your new password is: {$genpass}