YAFLogo

sid1983
  • sid1983
  • 54.8% (Neutral)
  • YAF Forumling Topic Starter
15 years ago
Hi,

I have found a weird issue (at least I think it's an issue) in YAF. Every time a user changes their password and then tries to retrieve their password using the password question and answer, there is an error message that comes up saying that your answer could not be verified.

Following are details of my setup:

- YAF 1.9.301 (source code version; clean install)

- .NET Framework 2.0

- SQL2000

- Windows XP Professional

Is this a known YAF bug? Or maybe even an ASP.NET issue? Please help.

Thanks,

Sid

Sponsor
Jaben
  • Jaben
  • 100% (Exalted)
  • YAF Developer
15 years ago
Could be a bug, yes. What are you membership settings? Can you just post them here?
JoeOuts
  • JoeOuts
  • 97.4% (Exalted)
  • YAF Developer
15 years ago
From what I can tell it looks like there is a method missing in recoverpassword.ascx.cs.

protected void PasswordRecovery1_VerifyingAnswer(object sender, LoginCancelEventArgs e)

{

}

in recoverpassword.ascx add to the PasswordRecovery control:

OnVerifyingUser="PasswordRecovery1_VerifyingUser"

I also don't see a way to change the question/answer or suppress it's use.

Is there a setting somewhere?


KASL Technologies  - Specializing in Custom Web Application Development
sid1983
  • sid1983
  • 54.8% (Neutral)
  • YAF Forumling Topic Starter
15 years ago
Hi, I am using the default membership settings i.e. whatever came with the install. Here it is again anyway...


<roleManager enabled="true" defaultProvider="YafRoleProvider">
			<providers>
				<clear/>
					<add connectionStringName="yafnet" applicationName="YetAnotherForum" name="YafRoleProvider" type="YAF.Providers.Roles.YafRoleProvider"/>
			</providers>
		</roleManager>
		<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">
			<providers>
				<clear/>
				<add connectionStringName="yafnet" applicationName="YetAnotherForum" name="YafMembershipProvider" requiresUniqueEmail="true" useSalt="true" type="YAF.Providers.Membership.YafMembershipProvider"/>
			</providers>
		</membership>
		<profile enabled="true" defaultProvider="YafProfileProvider" inherits="YAF.Classes.Utils.YafUserProfile">
			<providers>
				<clear/>
        		<add connectionStringName="yafnet" applicationName="YetAnotherForum" name="YafProfileProvider" type="YAF.Providers.Profile.YafProfileProvider"/>
			</providers>
		</profile>

Let me know if you need more info. Thank you.

JoeOuts
  • JoeOuts
  • 97.4% (Exalted)
  • YAF Developer
15 years ago
You need to add the method above to your code, recompile and publish
KASL Technologies  - Specializing in Custom Web Application Development
Jaben
  • Jaben
  • 100% (Exalted)
  • YAF Developer
15 years ago

You need to add the method above to your code, recompile and publish

JoeOuts wrote:

Kevin, did you test this solution?

Jaben
  • Jaben
  • 100% (Exalted)
  • YAF Developer
15 years ago

Hi, I am using the default membership settings i.e. whatever came with the install. Here it is again anyway...


<roleManager enabled="true" defaultProvider="YafRoleProvider">
			<providers>
				<clear/>
					<add connectionStringName="yafnet" applicationName="YetAnotherForum" name="YafRoleProvider" type="YAF.Providers.Roles.YafRoleProvider"/>
			</providers>
		</roleManager>
		<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">
			<providers>
				<clear/>
				<add connectionStringName="yafnet" applicationName="YetAnotherForum" name="YafMembershipProvider" requiresUniqueEmail="true" useSalt="true" type="YAF.Providers.Membership.YafMembershipProvider"/>
			</providers>
		</membership>
		<profile enabled="true" defaultProvider="YafProfileProvider" inherits="YAF.Classes.Utils.YafUserProfile">
			<providers>
				<clear/>
        		<add connectionStringName="yafnet" applicationName="YetAnotherForum" name="YafProfileProvider" type="YAF.Providers.Profile.YafProfileProvider"/>
			</providers>
		</profile>

Let me know if you need more info. Thank you.

sid1983 wrote:

SHA1 hasn't been heavily tested. I'll test SHA1 with salt and see if I can get it working.

JoeOuts
  • JoeOuts
  • 97.4% (Exalted)
  • YAF Developer
15 years ago

Kevin, did you test this solution?

Yes, I had the same problem on my site and that fixed it.


KASL Technologies  - Specializing in Custom Web Application Development
Jaben
  • Jaben
  • 100% (Exalted)
  • YAF Developer
15 years ago

Kevin, did you test this solution?

JoeOuts wrote:

Yes, I had the same problem on my site and that fixed it.

Awesome... my bad. Which .NET version is this?

JoeOuts
  • JoeOuts
  • 97.4% (Exalted)
  • YAF Developer
15 years ago
.NET 3.5
KASL Technologies  - Specializing in Custom Web Application Development
sid1983
  • sid1983
  • 54.8% (Neutral)
  • YAF Forumling Topic Starter
15 years ago

You need to add the method above to your code, recompile and publish

JoeOuts wrote:

I forgot to tell you this, but I can recover a password using the question/answer the very first time. I can't recover it anymore once I change the password or have successfully recovered it the first time. It seems to me that if the missing method was the problem, I wouldn't be able to recover at all. Unless of course, there is another method somewhere else that is responsible for retrieving the password the very first time?

SHA1 hasn't been heavily tested. I'll test SHA1 with salt and see if I can get it working.

Jaben wrote:

Jaben, have you been able to test this?

I appreciate all your help guys. Thanks!

sid1983
  • sid1983
  • 54.8% (Neutral)
  • YAF Forumling Topic Starter
15 years ago
Hey guys,

Any suggestions on how to fix this problem? Please let me know...

Thanks,

Sid

sid1983
  • sid1983
  • 54.8% (Neutral)
  • YAF Forumling Topic Starter
15 years ago

From what I can tell it looks like there is a method missing in recoverpassword.ascx.cs.

protected void PasswordRecovery1_VerifyingAnswer(object sender, LoginCancelEventArgs e)

{

}

in recoverpassword.ascx add to the PasswordRecovery control:

OnVerifyingUser="PasswordRecovery1_VerifyingUser"

I also don't see a way to change the question/answer or suppress it's use.

Is there a setting somewhere?

JoeOuts wrote:

This method is NOT missing for me. My recoverpassword.ascx.cs already has this method and the PasswordRecovery control already has OnVerifyingUser="PasswordRecovery1_VerifyingUser"

Please advise...

Jaben
  • Jaben
  • 100% (Exalted)
  • YAF Developer
15 years ago
Sorry sid, I will test this tomorrow (today). Got busy with other things.
sid1983
  • sid1983
  • 54.8% (Neutral)
  • YAF Forumling Topic Starter
15 years ago
No problems...Thanks for your help!

Sid