Announcement

Collapse
No announcement yet.

[SOLVED] Problem with sec_user update

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [SOLVED] Problem with sec_user update

    Hi

    I have a liitle problem with SC7 Security modul. I`m using the integrated security with MD5() for passwords.
    Logging in works fine until i try to change for example the email form the user in app_form_user_edit. After updating the email, i can`t log in anymore. So i went to the table on MySQL and found out , that the password in the table was changed from the md5() encrypted password to plain text (the original password).
    I tried this behavior in 2 projects.

    Im new to scriptcase , so any help would be nice..

    Thanks

  • #2
    I have same problem, that is because the browser save passwords, then when the user enter to users application and modify a record, the browser assign automatically the values to the fields type password.

    I whish that SC team fix this bug.

    Comment


    • #3
      What i dont understand is, that password fields are "disabled" for update. is the whole Update procedure not working correctlys or just in this case of the security app ?

      Comment


      • #4
        This has been an issue since I bought Scriptcase back in sept of 12

        Here is the issue and fix

        Look at the code in the onbefore insert
        It sets the md5
        Copy that and paste it into the onbefore update

        Kevin

        Comment


        • #5
          Thanks , this worked, but i think that`s a bigger problem, since it does update where it should not do No Update at all.

          Comment


          • #6
            No the update is disabled on the form if you check disable from update
            If you uncheck the disable from update on the form
            You have to add the code into beforeupdate

            Kev

            Comment


            • #7
              I think that is not correct put md5 into the onbefore update, because some browsers do not changes the value for the password, so the new password would be md5 of field encrpryted.

              Comment


              • #8
                if i select Disable Field to "update mode", SC anyway update the passowd .
                Attached Files

                Comment


                • #9
                  Hello,

                  Issue reported to our bugs team.

                  regards,
                  Bernhard Bernsmann

                  Comment


                  • #10
                    bartho,

                    any update available from your bugs team ?
                    I have 200 users in my DB !

                    Comment


                    • #11
                      Gerd,
                      I dont use the reset password functionality through email, but I decided that I would verify the issue..
                      When I posted before I was thinking you were changing passwords manually for the users.
                      So Here is what I did...

                      I tested in both version 6 and version 7 and I cannot make what you are seeing happen.
                      Both tests showed that the the activation code was sent via email, the password change came up and the password had MD5 applied to the password.

                      Be aware that the edit users form is not used in the resetting of the password. this is done completely through the two applications.
                      xxx_sec_retrieve_pswd
                      xxx_sec_change_pswd

                      Let me know if I can help...

                      Kevin

                      Comment


                      • #12
                        Be also aware that this is a generated application. Any update in SC will not affect your current generated module. To my experience sometimes bugs are repaired without notice, so it might be corrected already. To find out you need to regenerate the module or apply the needed corrections yourself.
                        Albert Drent
                        aducom software netherlands
                        scriptcase partner, reseller, support and (turn-key) development
                        www.scriptcase.eu / www.scriptcase.nl

                        Comment


                        • #13
                          Originally posted by Kdriscoll View Post
                          Gerd,
                          I dont use the reset password functionality through email, but I decided that I would verify the issue..
                          When I posted before I was thinking you were changing passwords manually for the users.
                          So Here is what I did...

                          I tested in both version 6 and version 7 and I cannot make what you are seeing happen.
                          Both tests showed that the the activation code was sent via email, the password change came up and the password had MD5 applied to the password.

                          Be aware that the edit users form is not used in the resetting of the password. this is done completely through the two applications.
                          xxx_sec_retrieve_pswd
                          xxx_sec_change_pswd

                          Let me know if I can help...

                          Kevin
                          Hello Kevin, works this way
                          Thx

                          Comment


                          • #14
                            Why I am still lurking in SC V6

                            Comment


                            • #15
                              You ain't the only one!!

                              I'll still be on 6 when 8 comes out

                              Comment

                              Working...
                              X