OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Must Change Password Problem - OJS 2.3.0

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

Must Change Password Problem - OJS 2.3.0

Postby davidsorfa » Sun Nov 22, 2009 2:35 am

I have found that if I use the "Forgot Your Password" function everything works perfectly (a confirmation email is sent; a new password is assigned) until logging in with the reset password, OJS attaches a must_change_password flag to that login but the next "change login" page refuses to accept the old password (sent via email) and also gives an error stating that the new passwords do not match each other (when they do).

(I thought I'd locked myself out of the system but realised that I could go into the MySQL database and change the flag on must_change_password from 1 to 0 - a bit scary for a database novice!).

I think I've isolated the problem to the loginChangePassword files - but really can't figure out what the problem is. Is there a way of disabling the "must change password" function? Or a fix for the general problem?

Thanks
David

http://www.film-philosophy.com/index.php/f-p
davidsorfa
 
Posts: 19
Joined: Thu Nov 05, 2009 3:00 am

Re: Must Change Password Problem - OJS 2.3.0

Postby davidsorfa » Mon Nov 23, 2009 5:42 pm

Is this error just me?

In any case, any suggestions on how I can turn off the forced password change after reset?

Thanks
David
davidsorfa
 
Posts: 19
Joined: Thu Nov 05, 2009 3:00 am

Re: Must Change Password Problem - OJS 2.3.0

Postby davidsorfa » Fri Nov 27, 2009 2:52 am

Managed to sort this out finally. Just involved commenting out one line of code in the end.
davidsorfa
 
Posts: 19
Joined: Thu Nov 05, 2009 3:00 am

Re: Must Change Password Problem - OJS 2.3.0

Postby mcrider » Fri Nov 27, 2009 2:49 pm

Hi David,

Would you mind letting us know what line you commented out? I'll do some investigation to see if this is an actual bug.

Cheers,
Matt
mcrider
 
Posts: 952
Joined: Mon May 05, 2008 10:29 am
Location: Vancouver, BC

Re: Must Change Password Problem - OJS 2.3.0

Postby davidsorfa » Wed Dec 09, 2009 4:54 am

Yes, sorry:

The file in question is:

/lib/pkp/pages/login/PKPLoginHandler.inc.php

I commented out line 111:

// } else if ($user->getMustChangePassword()) {

Even if a user has a "must change password" tag attached to them, this just skips them through to User Home. The User is then able to use "Reset Password" to change their password as usual.

I can't say whether this is a system bug or whether it is just due to my own ISP's database set up (or whatever - sorry, I realised there that I don't really know what I'm talking about!).
davidsorfa
 
Posts: 19
Joined: Thu Nov 05, 2009 3:00 am

Re: Must Change Password Problem - OJS 2.3.0

Postby aliasmohd » Wed May 26, 2010 11:57 pm

I can't find the line in the said file?
Version 2.3.1.1

mport('pages.login.PKPLoginHandler');

class LoginHandler extends PKPLoginHandler {
/**
* Sign in as another user.
* @param $args array ($userId)
*/
function signInAsUser($args) {
$this->addCheck(new HandlerValidatorJournal($this));
// only managers and admins have permission
$this->addCheck(new HandlerValidatorRoles($this, true, null, null, array(ROLE_ID_SITE_ADMIN, ROLE_ID_JOURNAL_MANAGER)));
$this->validate();

if (isset($args[0]) && !empty($args[0])) {
$userId = (int)$args[0];
$journal =& Request::getJournal();

if (!Validation::canAdminister($journal->getJournalId(), $userId)) {
// We don't have administrative rights
// over this user. Display an error.
$templateMgr =& TemplateManager::getManager();
$templateMgr->assign('pageTitle', 'manager.people');
$templateMgr->assign('errorMsg', 'manager.people.noAdministrativeRights');
$templateMgr->assign('backLink', Request::url(null, null, 'people', 'all'));
$templateMgr->assign('backLinkLabel', 'manager.people.allUsers');
return $templateMgr->display('common/error.tpl');

$userDao =& DAORegistry::getDAO('UserDAO');
$newUser =& $userDao->getUser($userId);
$session =& Request::getSession();

// FIXME Support "stack" of signed-in-as user IDs?
if (isset($newUser) && $session->getUserId() != $newUser->getId()) {
$session->setSessionVar('signedInAs', $session->getUserId());
$session->setSessionVar('userId', $userId);
$session->setUserId($userId);
$session->setSessionVar('username', $newUser->getUsername());
Request::redirect(null, 'user');
}
}
Request::redirect(null, Request::getRequestedPage());
}

/**
* Restore original user account after signing in as a user.
*/
function signOutAsUser() {
$this->validate();

$session =& Request::getSession();
$signedInAs = $session->getSessionVar('signedInAs');

if (isset($signedInAs) && !empty($signedInAs)) {
$signedInAs = (int)$signedInAs;

$userDao =& DAORegistry::getDAO('UserDAO');
$oldUser =& $userDao->getUser($signedInAs);

$session->unsetSessionVar('signedInAs');

if (isset($oldUser)) {
$session->setSessionVar('userId', $signedInAs);
$session->setUserId($signedInAs);
$session->setSessionVar('username', $oldUser->getUsername());
}
}

Please help
Alias
aliasmohd
 
Posts: 2
Joined: Wed May 26, 2010 10:27 pm

Re: Must Change Password Problem - OJS 2.3.0

Postby mcrider » Wed Jun 02, 2010 10:47 am

Hi aliasmohd,

It should be at about line 111--Its in the signIn() function, not the signInAsUser() function.

Cheers,
Matt
mcrider
 
Posts: 952
Joined: Mon May 05, 2008 10:29 am
Location: Vancouver, BC

Re: Must Change Password Problem - OJS 2.3.0

Postby aplatanado » Sun May 22, 2011 5:05 pm

We have the same problem in OJS 2.3.1-2 and OJS 2.3.4 (after upgrade from 2.3.1-2).

All user recives two erros when they try to change their password in the form which are redirected after login:

* The current password you entered was incorrect.
* The passwords do not match.

I have done some test and have found that:
* $passwordForm->-data contains the right form values after $passwordForm->readInputData() in PKPLoginHandler->savePassword()
* $form->_data is empty inside the functions setted to validate the form at LoginChangePasswordForm constructor.

I think the custom validation functions are recieving a copy of the LoginChangePasswordForm object before load the form data in it (that is, before readInputData is called). So the problem could be in the last argument passed to FormValidatorCustom constructor.
aplatanado
 
Posts: 5
Joined: Mon May 31, 2010 3:16 pm

Re: Must Change Password Problem - OJS 2.3.0

Postby aplatanado » Wed May 25, 2011 10:23 am

Hello,

Finally, I found that the construction by reference of LoginChangePasswordForm inside savePassword()

$passwordForm =& new LoginChangePasswordForm(); // before the patch of #4772#

was removed

$passwordForm = new LoginChangePasswordForm(); // after the patch of #4772#

to fix the bug

Thanks.
aplatanado
 
Posts: 5
Joined: Mon May 31, 2010 3:16 pm

Re: Must Change Password Problem - OJS 2.3.0

Postby richl » Thu Jul 28, 2011 9:29 am

I've just installed OJS 2.3.6 I have a local copy of the site and everything seems to work fine; however, the live version seems to be suffering from the same problem described above - when resetting a forgotten password, I keep getting two error messages in the Change Password screen: * The current password you entered was incorrect and *The password you entered is not long enough. Even when I correctly enter the password sent from OJS, I still receive both errors.

@aplatanado: I'd like to try the fix you've mentioned above, however I'm not sure exactly where the #4472# patch is within the code.

Ok, thanks.
richl
 
Posts: 3
Joined: Thu Jul 28, 2011 2:22 am

Re: Must Change Password Problem - OJS 2.3.0

Postby jmacgreg » Fri Jul 29, 2011 4:38 pm

Hi richl,

If you've copied an install over to work on locally, you should also double-check that your "encryption" settings in your config.inc.php files are the same. If you installed OJS and registered users using one encryption scheme (eg. md5, sha1) and migrated/copied the DB to another location, you won't be able to log in if the new encryption scheme doesn't match the original.

Cheers,
James
jmacgreg
 
Posts: 4181
Joined: Tue Feb 14, 2006 10:50 am

Re: Must Change Password Problem - OJS 2.3.0

Postby richl » Mon Aug 01, 2011 3:15 am

Thanks for your reply James.

It turns out that the log in issue was being caused by the PHP configuration setting on my cpanel. Once I'd changed the the .php file extension from default to PHP 5, the change password form accepted both my old password and a new passord.
richl
 
Posts: 3
Joined: Thu Jul 28, 2011 2:22 am

Re: Must Change Password Problem - OJS 2.3.0

Postby sweidman » Thu May 10, 2012 1:35 pm

Hi all.

I have exactly this problem with a site running 2.3.6, which was recently upgraded from 2.2.3. I checked our encryption settings in config.inc.php, and we were using sha1 before and after the upgrade, so I don't think that's the problem. I tried to see if the problem could be resolved by removing the & from the call to LogingChangePasswordForm inside savePassword, but in the current version of the code (which was moved into /lib/pkp/pages/login/PKPLoginHandler.inc.php:307) does not have an ampersand in that call. See http://pkp.sfu.ca/support/forum/viewtopic.php?f=8&t=5416#p29282.

Also, the cpanel config change suggested in one of the posts doesn't apply to us either because we run our own server.

Does anyone have any clue as to what might be causing this and how we might fix the problem?

Any assistance would be greatly appreciated.

Regards,
Syd
sweidman
 
Posts: 13
Joined: Wed Apr 25, 2007 3:15 pm
Location: Winnipeg

Re: Must Change Password Problem - OJS 2.3.0

Postby blstzus » Mon Jan 14, 2013 6:23 pm

Hi all,
We have the same problem as above. except that we migrated from 2.2.4 to 2.3.7 (full installation).
No users can login, but using the 'forgot password' function will allow the user to login as usual after that.
Anyway to fix that?

Is it something to do with PKPLoginHandler too? I checked the code, is it somthing related to this lines (line 113 -133)?:

Code: Select all
$user = Validation::login(Request::getUserVar('username'), Request::getUserVar('password'), $reason, Request::getUserVar('remember') == null ? false : true);
      if ($user !== false) {
         if ($user->getMustChangePassword()) {
            // User must change their password in order to log in
            Validation::logout();
            PKPRequest::redirect(null, null, 'changePassword', $user->getUsername());

         } else {
            $source = Request::getUserVar('source');
            $redirectNonSsl = Config::getVar('security', 'force_login_ssl') && !Config::getVar('security', 'force_ssl');
            if (isset($source) && !empty($source)) {
               PKPRequest::redirectUrl(
                  ($redirectNonSsl?'http':Request::getProtocol()) . '://' . Request::getServerHost() . $source,
                  false
               );
            } elseif ($redirectNonSsl) {
               PKPRequest::redirectNonSSL();
            } else {
               Request::redirectHome();
            }
         }
blstzus
 
Posts: 16
Joined: Mon Apr 26, 2010 12:08 am


Return to OJS Technical Support

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot] and 8 guests