Support ⇒ Dragonfly CMS v10 ⇒ Issues with a new user ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexDragonfly CMS v10

Issues with a new user Reply to topic


I've had our newest user contact me to tell me he can't log in.
He is also having trouble getting his password reset.

I have verified this by using the forgot password link and entering his username.
His username is showing as the newest user in my info block, but when I try to use that username, I get the following message:
Sorry, no corresponding user info was found

Using his email address finds the user, but when he follows the reset link, he gets the following message:
The provided information was incorrect

Oddly, I can enter my own username in the forgot password username field and it seems to work OK.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


I could be off track here because I don't fully understand the classes, but I see this.
When we're searching by nickname in Poodle\Identity, we need the $user['nickname'] index as below.
else if (!empty($user['nickname'])) { $user['nickname'] = mb_strtolower($user['nickname']); foreach ($users as $row) { if ($user['nickname'] === mb_strtolower($row['nickname'])) { return $row; } } $where = 'user_nickname_lc = '.$SQL->quote($user['nickname']); }

The forgot password form sets the forgot[auth_claimed_id] field.

<input type="text" name="forgot[auth_claimed_id]">

But in the Login module, we do a search by ID.
if (!$identity) { $claimed_id = $_POST->text('forgot', 'auth_claimed_id'); if ($claimed_id && $id = \Poodle\Auth\Detect::identityId(1, $claimed_id)) { $identity = \Poodle\Identity\Search::byID($id); } }

In the Identity search code, "byID" sets the 'id' index, not the 'nickname' index.
public static function byID($id, $any=false) { return static::find(array('id'=>$id), $any); } public static function byEmail($email, $any=false) { return static::find(array('email'=>$email), $any); } public static function byNickname($name, $any=false) { return static::find(array('nickname'=>$name), $any); }

Is that where the problem lies? It doesn't explain why it can find my own username though and not the new user.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Another minor bug with this process.
When the username search is successful and the user sees this message:

Confirmation Code for hybrid Mailed. Go!

The "Go" link uses the following URL:
<website>/login/forgot.html

It results in an error.
It looks like it needs /login/forgot=0.html to work properly.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


\Poodle\Auth\Detect::identityId()
Identity is searched for in the 'auth_identities' table.
This table has the username in 'auth_claimed_id' column.
The value is sha1(mb_strtolower(mb_substr($id, 0, 4096)))

It is hashed, not due to the username but, due to other login methods.

You should look in that table like this:
SELECT user_id, username, user_nickname_lc, auth_provider_id, auth_claimed_id, SHA1(user_nickname_lc) FROM cms_users LEFT JOIN cms_auth_identities ON (identity_id = user_id) WHERE user_nickname_lc = 'username'
There should be a record with auth_provider_id=1 and the auth_claimed_id should match the SHA1

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial

Last edited by DJ Maze on Tue May 29, 2018 12:28 am; edited 3 times in total


I will have to test this further with another new user. I'm pretty sure after I changed the users password manually, the forgot password link started to work properly.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


I just created a new user.

I can't log in with the username/password that I created.
And if I use the forgot password link, I get the same issues that the other user had.

When I first click the activation link, I'm logged in automatically. But if I log out and try to log back in, the password doesn't work. And if I try to retrieve the password, it can't find the username.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


I tried to reset the users password manually, now I see this when I go to the Registration Information link in the edit user page:

The URL that you requested, resulted in a server configuration error. It is possible that the condition causing the problem will be gone by the time you finish reading this. We have logged this error and will correct the problem. CMS Error modules/Your_Account/edit_profile.php line 91: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 6

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Bug found and solved. It was easy to find in the PHP error log
PHP Notice modules/Your_Account/register.php line 305: Undefined index: username

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial

Last edited by DJ Maze on Tue May 29, 2018 12:58 pm; edited 1 time in total


Oh yeah... the log file. The last place I look 😏

Thank you for fixing it.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):

All times are UTC


Jump to: