[SOLVED] Problem with sec_user update

Scriptcase 9 General
#1

Hi

I have a liitle problem with SC7 Security modul. Im using the integrated security with MD5() for passwords. Logging in works fine until i try to change for example the email form the user in app_form_user_edit. After updating the email, i cant log in anymore. So i went to the table on MySQL and found out , that the password in the table was changed from the md5() encrypted password to plain text (the original password).
I tried this behavior in 2 projects.

Im new to scriptcase , so any help would be nice…

Thanks

#2

I have same problem, that is because the browser save passwords, then when the user enter to users application and modify a record, the browser assign automatically the values to the fields type password.

I whish that SC team fix this bug.

#3

What i dont understand is, that password fields are “disabled” for update. is the whole Update procedure not working correctlys or just in this case of the security app ?

#4

This has been an issue since I bought Scriptcase back in sept of 12

Here is the issue and fix

Look at the code in the onbefore insert
It sets the md5
Copy that and paste it into the onbefore update

Kevin

#5

Thanks , this worked, but i think that`s a bigger problem, since it does update where it should not do No Update at all.

#6

No the update is disabled on the form if you check disable from update
If you uncheck the disable from update on the form
You have to add the code into beforeupdate

Kev

#7

I think that is not correct put md5 into the onbefore update, because some browsers do not changes the value for the password, so the new password would be md5 of field encrpryted.

#8

if i select Disable Field to “update mode”, SC anyway update the passowd .

secu_users.JPG

#9

Hello,

Issue reported to our bugs team.

regards,
Bernhard Bernsmann

#10

bartho,

any update available from your bugs team ?
I have 200 users in my DB !

#11

Gerd,
I dont use the reset password functionality through email, but I decided that I would verify the issue…
When I posted before I was thinking you were changing passwords manually for the users.
So Here is what I did…

I tested in both version 6 and version 7 and I cannot make what you are seeing happen.
Both tests showed that the the activation code was sent via email, the password change came up and the password had MD5 applied to the password.

Be aware that the edit users form is not used in the resetting of the password. this is done completely through the two applications.
xxx_sec_retrieve_pswd
xxx_sec_change_pswd

Let me know if I can help…

Kevin

#12

Be also aware that this is a generated application. Any update in SC will not affect your current generated module. To my experience sometimes bugs are repaired without notice, so it might be corrected already. To find out you need to regenerate the module or apply the needed corrections yourself.

#13

[QUOTE=Kdriscoll;16023]Gerd,
I dont use the reset password functionality through email, but I decided that I would verify the issue…
When I posted before I was thinking you were changing passwords manually for the users.
So Here is what I did…

I tested in both version 6 and version 7 and I cannot make what you are seeing happen.
Both tests showed that the the activation code was sent via email, the password change came up and the password had MD5 applied to the password.

Be aware that the edit users form is not used in the resetting of the password. this is done completely through the two applications.
xxx_sec_retrieve_pswd
xxx_sec_change_pswd

Let me know if I can help…

Kevin[/QUOTE]

Hello Kevin, works this way
Thx

#14

Why I am still lurking in SC V6 :wink:

#15

You ain’t the only one!!

I’ll still be on 6 when 8 comes out

#16

Hello,

This problem still persists?

#17

Hello all,

this problem was solved. Case has problems later simply contact.

Thank you!