Due to a user's account being compromised recently [the User ID #2 issue reported elsewhere], I have been wanting to tighten up my password procedures. I have tried to implement both the Security Tweaks and Salting MODS.
I am using Snitz 3.4.05 - all security patches installed - and my database resides on a MS-SQL server.
A couple of questions first:
Can the two of them be installed together without problems?
Does the Salting MOD work on a SQL server?
Also, a couple of issues:
I get the following error when I tried to install the Salting MOD:
A couple of users reported to me over the past week that they can no longer access their profile for editing purposes. I tested it this morning, and sure enough. One can log in to the forum normally, but if they try to log-in to their profile page, the message received is: Invalid UserName or Password
I checked the changes I made to pop_profile.asp and it looks ok.
Just thought I would let you know that I have the same issue as well. Muzishun is aware of it and is working on it I'm sure he will get back to us with the fix soon.<
I expect muzishun will have a proper fix soon, I've had a quick look at the code and rustled up a possible fix for you, keep in mind I don't have the means to test it so you might want to avoid trying it live and do backup your file first... (i only did it cos i was bored, I'll be honest )
the change is in pop_profile at line 793 on. find the code that looks similar to this and make the changes in red (or just c&p)
if strAuthType = "db" then if strDBNTUserName = "" then strDBNTUserName = Request.Form("Name") end if end if
Jez, I have not tried this (hopefully it helps someone) but I know Muzishun tried something similiar. His patch did help me log into my site, edit my own profile as well as others, unfortunately it did not help the few members I have be able to log in, (including my test accounts). We still get an error for login.asp. And there is probably something going on with the register.asp that needs a fix as well...
I am indeed working on this right now. Though campinmom's forum is based on the SHN build, I plan to test my changes against a base Snitz and update the whole MOD once I have tracked down all of the issues.
Thanks everybody for your patience and interest. Hopefully I'll have good news soon.<
Bill Parrott Senior Web Programmer, University of Kansas Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com) Personal Website (www.chimericdream.com)
I was thinking of removing all the code for these two mods and going back to where I was before, but then it dawned on me that the passwords are now stored with salt and EVERYONE who has logged in since I installed it will be locked out. Myself included. Is this a correct assumption?
Can anyone assist on fixing this problem with no access to pop_profile.asp?<