CMS MADE SIMPLE FORGE

Self Registration

 
Back Back to List

[#11716] Password validation fails because of method used

avatar
Created By: Ruud van der Velden (ruudvdvelden)
Date Submitted: Sat Jan 27 19:35:08 -0500 2018

Assigned To:
Version: 1.12
CMSMS Version: 2.2.5
Severity: Major
Resolution: Fixed
State: Closed
Summary:
Password validation fails because of method used
Detailed Description:
Selfreg uses CGE's encrypt function to generate the temp user's password and
uses the same function when verifying it. Though the function 'encrypt' returns
unique values on every subsequent request using the same input parameters.

So at this point it is not possible to verify a FEU account by the user itself
using Selfreg. The passwords will never match.

action.verify.php:

// and verify the password too
        $e_key = $this->get_encryption_key($username);
        $e_pw = base64_encode($this->encrypt($e_key,$password));
debug_display($e_pw);  <-- this will show a unique value on every
resubmit of the verification form


History

Comments
avatar 
Date: 2018-01-28 09:53
Posted By: Robert Campbell (calguy1000)

this is a duplicate
Updates

Updated: 2018-09-22 11:14
state: Open => Closed

Updated: 2018-01-28 09:53
resolution_id: 5 => 7

Updated: 2018-01-27 19:36
description: Selfreg uses CGE's encrypt function to store the temp user's password and uses the same function when verifying it. Though the function 'encrypt' returns unique values on every subsequent request using the same input parameters. So at this point it is => Selfreg uses CGE's encrypt function to generate the temp user's password and uses the same function when verifying it. Though the function 'encrypt' returns unique values on every subsequent request using the same input parameters. So at this point it
resolution_id: => 5