[SOLVED] Reset / Retrieve password issue... not working.

Scriptcase 7 Bugs
, , ,
#1

After creating a very simple one-table, one-grid project I selected the ‘module’ -> ‘security’ option. followed (very carefully -several times) the ‘set-up’ process to insure the all of the options were selected carefully. One of the options is related to the user retrieving / resetting the password. I have spend many hours on this problem and the retrieve password does not work. Without fail, I always get the same error… The error references the ‘OLD PASSWORD’.

I thought the purpose of resetting the old password was for the system to send the user an email link so they can enter a new password. No matter what options I select, or how careful I am to insure I’m following the security setup, I always get the same error -when the user is trying to reset the password there is always and error regarding the “old Password” (users sometimes forget their passwords and the password need to be reset. Even using the ADMIN access to the data and/or the admin sending the ‘reset password’ to the user resetting the password does not work).

I have attached an image file that shows the option I selected as well as the error message I get when trying to reset the password.

Thank you to anyone who can help me understand if I doing something wrong or is this a “bug” with the security module.

http://www.scriptcase.net/forum/attachment.php?attachmentid=390&d=1372522699&thumb=1&stc=1

resetPWD.jpg

#2

The problem is that you are changing the default ‘admin’ password aren’t you? This has 5 characters. You need to go into the form and change this value of 6 to 5. Then you’ll be able to change it. It’s not actually a bug, but a bit sloppy.

#3

retrieve reset password

First, Thank You for replying.

However, because of the necessity to allow the end user to reset his/her password AND to determine if it is something I am doing wrong (entirely possible since I’m somewhat of a beginner), I setup one database with one table. Next, I setup a new project and created a very simple grid (fields are fname, lname, city, state). The next step of the process was (from the Scriptcase menu) modules -->> Security and went through the process of setting up the security.

Once security was setup, I did some dry runs on my localhost. Next, deployed the system on the internet. Created a new user (using the new user link from the login form). New user can log in just fine. NEXT… select the retrieve password from the login form… Link is sent to my email. Click on the link sent to me from the system, CANNOT enter the new password without the error.

IF you’d like to give it a go… here is the url dmpgc.com/agsec The system currently has two users… (un) admin (pwd) admin and (un) stubuck
Go ahead and create a new user, check to make sure it works, then log out. Next, from the login form select the link to “retrieve password”… and here is where the fun begins…

By the way, I just attempted to use the “Change password” from within the program… same error… referring to old password.

Thanks Again!!

#4

Hello stubuck,

I was able to change the admin’s password to adminadmin.

Also I have reported this flaw to our team.

regards,
Bernhard Bernsmann

#5

Reset / Retrieve password

[QUOTE=bartho;15431]Hello stubuck,

I was able to change the admin’s password to adminadmin.

Also I have reported this flaw to our team.

regards,
Bernhard Bernsmann[/QUOTE]

Thank you very much Bartho! Your help is very much appreciated (especially by this newbie).

Do you know of any “work-around” I can use in the mean time? I have no idea what to tell my client if one of their users happen to forget their password and try to used the retrieve / reset. I have not been able to figure out a way to reset the user password from the admin account (passwords are encrypted MD5). Currently, the only thing I’ve been able to do is delete the user from the user table and have the user select the ‘register as a new user’ option.

http://www.youtube.com/watch?v=NzLzhUxOUeE

the above link will show a video related to the issue of resetting the password. (go to 2:00 min marker to bypass the intro and setup -> 2:00 right to the problem)

#6

I have had no issues with this actually. As long as the password is >= 6 chars. Are there other things not working?

#7

Hello,

How many chars did your admin account password had? Was it 5?

My recommendation to you is to have a rule for registering new users that any new user registered, should have a password with at least 6 chars (or any other number of chars - as long as it is the same number of chars you have set on the retrieve password application).

If you have any difficulties please contact our support.

regards,
Bernhard Bernsmann

#8

Hi Bartho, the point is that when you generate the security apps it will set the fields for passwords for a minimum of 6 characters. While creating the app you are asked to define a default user/psw. Here there’s not such a check so you can enter admin/admin for instance. Then you will run into trouble if you want to change your password.
The most easy way to change it is to modify the generated application as the field length definition must be changed from 6 to 5. Then it will work. Bottom line is that there’s no need to check for length as it is the -old- password. I think that should be changed by your devs.

This will be my final reaction for this user, I had a pretty nasty pm. Let’s leave it that way.

#9

[QUOTE=aducom;15461]Hi Bartho, the point is that when you generate the security apps it will set the fields for passwords for a minimum of 6 characters. While creating the app you are asked to define a default user/psw. Here there’s not such a check so you can enter admin/admin for instance. Then you will run into trouble if you want to change your password.
The most easy way to change it is to modify the generated application as the field length definition must be changed from 6 to 5. Then it will work. Bottom line is that there’s no need to check for length as it is the -old- password. I think that should be changed by your devs.

This will be my final reaction for this user, I had a pretty nasty pm. Let’s leave it that way.[/QUOTE]

Aducom,

Agreed! I was just telling him what he could do to prevent the issue.

regards,
Bernhard Bernsmann

#10

aducom… just stating facts. Let’s leave it that way.

#11

Reset / Retrieve password has been fixed!
Just finished downloading the most recent update to SC7… First thing I did was to check the Reset / Retrieve password option within the security module. Everything is working just as expected!! Very pleased with the response from the SC Team!!

Thank You!
Stu Buck