| Author |
 Topic  |
|
|
simflex
Starting Member
22 Posts |
 Posted - 26 September 2006 : 08:15:42
|
Greetings all.
We are trying to set up this great tool for our students as a communication tool between them.
As we continue to test it, we have discovered that all the students who have registered so far, have not been able to log into the forum to make posts. They kept getting invalid username/password.
Any ideas why this is happening. Surely, all of them cannot be wrong.
Second, I looked at the database to see if I can determine whether the username/password they said they used is correct or not but all the passwords are different from what the students registered with.
They seem long. I am sure this was intentional but how do interpret or decode that?
I tried using the forgotten password feature but so far, I have not been able to receive an email even though I was told to check my email for username/password.
If anyone can shed some light on this, I would greatly appreciate it. |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 26 September 2006 : 08:32:10
|
The reason the passwords seem long is because they are encrypted using the SHA256 one-way hash. As the name would imply, there is no way to reverse the encryption short of a rainbow table and a good guessing algorithm.
As soon as I get back from this meeting I'll try to process a little more of your request.  |
 |
|
|
simflex
Starting Member
22 Posts |
Posted - 26 September 2006 : 08:47:39
|
Thanks, AnonJr for the quick reply.
What is mystifying to me is that even though I don't necessarily have any problem with the encription mechanism, there is got to be a way for the admin to decript the password so we can tell a student what his password is from looking at the db.
At the very least, we need to be able to have the student request a password using the forgotten password feature and have that emailed to him/her.
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 26 September 2006 : 09:12:14
|
Do your students do know that the password is case-sensitive? I know I've had that issue with other forums in the past...
As to the problem with the "Forgot Password" not working, are your other e-mail functions working? Can you send an e-mail to another person through the forum? If not it may indicate a problem with your e-mail server...
The one-way encryption helps stop less-than-trustworthy admins from abusing their position. I whole-heartedly agree with the use of one-way hashes for this. Like Rui said, if it comes down to it, you can re-set their password to something and have them change it when they log in. |
|
|
|
simflex
Starting Member
22 Posts |
Posted - 26 September 2006 : 09:15:24
|
How do you define a new password for a member?
*and*
can you imagine having over 5 hundred students. Do you define a new password for each?
Isn't the system supposed to allow you to just register and start using the system without someone re-defining your password?
Obviously, there is something missing in the way the sytem is supposed to work and that is what I am asking help for to resolve.
This way, once the forum tells a user, "successfully registered", you won't have to contact the admin about your passord being incorrect.
Thanks for your assistance. |
|
|
|
HuwR
Forum Admin
United Kingdom
20595 Posts |
Posted - 26 September 2006 : 11:24:20
|
quote:
Isn't the system supposed to allow you to just register and start using the system without someone re-defining your password?
Yes, that is the way it works
quote:
Obviously, there is something missing in the way the sytem is supposed to work and that is what I am asking help for to resolve.
obviously there isn't, otherwise how do you explain how you managed to register and start posting here ?
Have you added any MODS or changed any of the code ?
|
|
|
|
Podge
Support Moderator
Ireland
3776 Posts |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 26 September 2006 : 13:09:33
|
Just for clarification, is this an accurate summation of the problem:
Users are registering for the forum, and receiving a message stating that they have now been registered. When they go to log in, they are getting a message stating that it is an invalid username/password. This is universal in that it is happening to all of the users for your forum. The "Forgot Password" feature is showing a message stating that an e-mail has been sent, but no e-mail is being received.
Couple follow-up questions:
- Are your users aware that passwords are case-sensitive?
- Are the forum's other e-mailing features working? Can you send an e-mail via the forum? Is all of the e-mail server information correct?
- Do you have e-mail validation turned on? If so, are they receiving the confirmation e-mail? Do they know that some services put it in the Junk Mail folder automatically?
- Have you made any changes to the code? Added any MODs or updates? If so, what has been done?
- Is this a recent problem or did this start happening after some indeterminate time?
- Which version of the forum are you using? What type of database? Which connection string? What server OS/version? |
|
|
|
simflex
Starting Member
22 Posts |
Posted - 26 September 2006 : 14:18:57
|
Thank you all for the overwhelming response to this thread.
First, let me say a word about HuwR's response.
HuwR said, "obviously there isn't, otherwise how do you explain how you managed to register and start posting here ?"
When I said there was something wrong with the system, I wasn't critizing the system I downloaded. I was basically suggesting that I may have left unconfigured, a very important element of the system.
Now on to AnonJr's good questions, yes, to the first paragraph of your question.
-Yes, users have been told that passwords are case-sensitive.
-No, the forum's other email feature is not working. I am looking into that. I configured it based on my isp since it is still running on my local server and we are just making a series of test runs.
-No, by default, the email validation is turned off. I believe the email validation you are talking about is the one that sends them an email after initial registration, no?
If yes, by default, it is turned off and I decided to leave it off so that they don't have to have their emails validated before using the forum. I guess this affects the use of the forgotten password feature?
No, I have not made any changes to the code, neither did I make a MOD updates.
-No one has used it until I asked a few students to register and post to the forum as part of the test run.
- I am using the current cersion (v3.4.xx)
Thanks again, all for the assistance. |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 26 September 2006 : 14:56:11
|
Yes, when I asked about the e-mail validation, I was referring to the one that gets sent when you initially submit your registration.
The "Forgot Password" feature is very dependent on the e-mail systems working properly. You might want to get that sorted first, since there are a number of features that depend on the e-mail server being configured properly.
Are you using the previous 3.4.05 or the newly minted 3.4.06? Hovering your mouse over the "Powered By" bit will give you the full version number.
Random thought: you wouldn't happen to have the forum set so that an admin must approve all pending members? |
|
|
|
HuwR
Forum Admin
United Kingdom
20595 Posts |
Posted - 26 September 2006 : 17:35:01
|
quote:
-No, by default, the email validation is turned off. I believe the email validation you are talking about is the one that sends them an email after initial registration, no?
If yes, by default, it is turned off and I decided to leave it off so that they don't have to have their emails validated before using the forum. I guess this affects the use of the forgotten password feature?
Yes, that is correct, email validation is what sends them an email when they register, it does not affect the forgotten password feature, unless of course they didn't register with the correct email, in which case they won't get any emails.
As anonjr suggests, 1) you need to ensure the mail features are working correctly, and 2) check that you have not enabled "restrict registrations" which would mean you must approve all the pending ones |
|
|
|
simflex
Starting Member
22 Posts |
Posted - 27 September 2006 : 07:49:06
|
| thanks everyone for your assistance with this issue. |
|
|
|
HuwR
Forum Admin
United Kingdom
20595 Posts |
Posted - 27 September 2006 : 08:20:22
|
| have you managed to get it sorted out ? |
|
|
| |
Topic |
|
Topic Locked
