Announcement

Collapse
No announcement yet.

sec_change_pwd

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • sec_change_pwd

    Does any know why I get an error message for a missing old password (Old password: must have at least 8 characters) when I'm in the process of creating a new password after getting the lost password email? The old password field is not even visible.

    I followed the link in the email which contains the act_code as a URL parameter. I've looked at the logic but can't find the issue. Why are licensed users of this product continually QA'ing SC's code? This is a pretty basic feature yet it doesn't work.

  • #2
    There are some issues in the generated application that you might need to fix. There's a minimum length setting in the form which you could disable if you like. The fun part is that if you generate the modules and use a smaller default password (which is allowed funny enough) that you can run into this issue.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development
    www.scriptcase.eu / www.scriptcase.nl

    Comment


    • #3
      Great! I just spent two hours trying to debug their crappy code. This is really starting to tick me off with their poor quality. Thanks I'll see if I can fix it based on your suggestion.

      Comment


      • #4
        Oh this just gets better... I set the minimum size to zero and now I get Old Password Incorrect!

        Any suggestions?

        Comment


        • #5
          Never mind I figured it out. I had to rewrite the old password check code just below the password and confirm password validation. Thanks for the help I appreciate it.
          Last edited by pkrawetzky; 06-15-2016, 09:21 AM.

          Comment


          • #6
            In case you want replace SC's crappy change password code with something that works, here is what I am using now.

            if( (!isset({old_pswd}) || empty({old_pswd}) ) && (!isset([act_code]) || empty([act_code]) ) )
            {
            sc_error_message({lang_error_old_pswd});
            sc_error_exit();
            }

            if({pswd} != {confirm_pswd})
            {
            sc_error_message({lang_error_pswd});
            sc_error_exit();
            }

            $spswd = sc_sql_injection(md5({pswd}));

            if (isset([act_code]) && !empty([act_code]))
            {
            $sold_pswd = "activation_code= ". sc_sql_injection([act_code]) . "AND pswd = ". sc_sql_injection(md5({old_pswd}));
            }
            else
            {
            $sold_pswd = " pswd = ". sc_sql_injection(md5({old_pswd}));
            }
            //$sold_pswd = ( isset([act_code]) && !empty([act_code]) ) ? "activation_code= ". sc_sql_injection([act_code]) : " pswd = ". sc_sql_injection(md5({old_pswd}));

            if((isset({old_pswd}) || !empty({old_pswd})) && (!isset([act_code]) || empty([act_code])))
            {
            $sql = "SELECT count(*) FROM sec_users WHERE ". $sold_pswd ." AND login = '". [usr_login] . "'";
            sc_lookup(rs, $sql);

            if({rs} === FALSE || {rs}[0][0] == 0)
            {
            sc_error_message({lang_error_old_pswd});
            sc_error_exit();
            }
            }
            unset([act_code]);
            Last edited by pkrawetzky; 06-15-2016, 11:41 AM.

            Comment

            Working...
            X