Advertisement:

View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005001SMF 2.0Generalpublic2012-08-16 15:562014-04-20 16:41
ReporterOwdy 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Summary0005001: Login error with non-ascii charaters
DescriptionIn SMF usernames are not case sensitive when login. But if you give wrong size letter in username with non-ascii characters when login, smf gives password error in first attempt to try login. Second time works.
Steps To Reproduce1. Create user: Ääkkönen

2. Login with "Ääkkönen" and correct password -> works fine.

3. login with "ääkkönen" and correct password -> it gives password error. Try again with same "ääkkönen" with correct password, second time everything works fine. Happends every time.

It does that with usernames with non-ascii characters, like öä etc.
Tags2.1
Attached Filesdiff file icon patches_bug_5001.diff [^] (5,355 bytes) 2012-12-05 15:14 [Show Content]

- Relationships

-  Notes
(0014671)
emanuele (Developer)
2012-08-19 10:34

This seems to be related to the javascript hashing of the password, playing around with it seems that changing the order of the operations fixes the issue, so instead of:
> [value|username].php_to8bit().php_strtolower()
doing:
> [value|username].php_strtolower().php_to8bit()
works.

This should be done in the functions hashLoginPassword, hashAdminPassword and hashModeratePassword.

If you can confirm it works, I'll commit the fix.
(0014674)
Owdy (SMF Friend)
2012-08-21 13:51
edited on: 2012-08-21 13:59

Sorry, i need more details. Where is that function? What file do i edit?

(0014675)
emanuele (Developer)
2012-08-21 14:34

No problem. ;)

The three functions are in script.js (Themes/default/script).
(0014680)
Owdy (SMF Friend)
2012-08-22 08:51

Hello

Attached our file. Didnt fix it.
(0014681)
emanuele (Developer)
2012-08-22 09:42

Did you clean up your browser's cache? (just to be sure ;))
(0014682)
Owdy (SMF Friend)
2012-08-22 11:17

Yes
(0014685)
emanuele (Developer)
2012-08-22 11:46

Disregard my previous comment for a while
(0014688)
emanuele (Developer)
2012-08-25 08:29

Okay, the proposed fix doesn't fix the issue.

If you need a quick workaround you can disable the hashing by default (in any case it doesn't work so it's useless anyway.
To do it just change the above function adding a:
[code]return true;[/code]
just after the first open bracket:
-------->8----------
function hashLoginPassword(doForm, cur_session_id)
{
    return true;
-------->8-----------
(0014690)
emanuele (Developer)
2012-08-25 12:28

I changed all the strtolower to $smcFunc['strtolower'] involved in hashing the password and it *seems* to work with newly registered users, but I don't think there is a way to fix it for already registered users, except updating the password...
(0014691)
Owdy (SMF Friend)
2012-08-26 14:38

Can you attach fixed file?
(0014692)
Owdy (SMF Friend)
2012-09-01 13:42

In wap2 mmode, this works just fine. Solution could be in there :)
(0014693)
emanuele (Developer)
2012-09-01 13:57

In wap2 works because the password is not hashed "client-side" (no javascript).

At the moment I cannot attach changes because I tested it on 2.1 codebase, I'll try next week/s to apply the same changes to a clean 2.0 and attach the files involved.
(0014696)
Owdy (SMF Friend)
2012-10-04 17:00

Did you test this?
(0014701)
emanuele (Developer)
2012-10-12 17:30

Sorry, I didn't have much time to adapt the patch to 2.0... :-[
Well, TBH I didn't even test it on 2.1. ::)
(0014756)
emanuele (Developer)
2012-12-05 15:16

Sorry for the very long time, try the attached patch (if you prefer it in the form of a mod I should be able to provide one, just let me know).

It should fix the issue for newly registered members and hopefully for already registered members after changing their password.

Let me know if it works! ;)
(0015015)
Antes (Team Member)
2014-04-20 16:41

Please track here: https://github.com/SimpleMachines/SMF2.1/issues/1538 [^]
MantisBT 1.2.8 (Modified)[^] Copyright © 2000 - 2010 Mantis Group