YAFLogo

herman_herman
16 years ago
The security answer in password retrieval section does not work and keep saying "Your answer could not be verified. Please try again."

Regards

Touradg

Sponsor
Jaben
  • Jaben
  • 100% (Exalted)
  • YAF Developer
16 years ago
Do you know what your answer is?
herman_herman
16 years ago
:cheesy: kidding me..?:wink:

Jaben
  • Jaben
  • 100% (Exalted)
  • YAF Developer
16 years ago
You are using the YAF provider?

And I'm not trying to be obvious -- but maybe verify the exact answer in your database and copy and paste to see if it still fails.

Mek
  • Mek
  • 100% (Exalted)
  • YAF Developer
16 years ago
If its using our provider or MS's it'll be hashed. But please provide which provider you are using (pun intended)? :-)


UserPostedImage

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

herman_herman
16 years ago
Hi

Everythings default and untouched from package.I cheched the database as Jaben said and here is its screenshot.but stii it fails.as you can see only the last one (admin) is hashed!

UserPostedImage

Mek
  • Mek
  • 100% (Exalted)
  • YAF Developer
16 years ago
Ok now I'm confused... I'll look into it 🙂 You didn't change the web.config provider hash options after you installed did you?


UserPostedImage

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

Ederon
  • Ederon
  • 100% (Exalted)
  • YAF Developer
16 years ago
I can confirm this, it doesn't work for me with out-of-box default settings.
When I post FP:Ederon in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting.
Jaben
  • Jaben
  • 100% (Exalted)
  • YAF Developer
16 years ago
Yeah, I noticed this... it didn't work then it did. Not sure what changed. I think it might be the provider code though.
Mek
  • Mek
  • 100% (Exalted)
  • YAF Developer
16 years ago
okay okay I get the hint 🙂 I'll sort it tomorrow.


UserPostedImage

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

herman_herman
16 years ago

Ok now I'm confused... I'll look into it 🙂 You didn't change the web.config provider hash options after you installed did you?

Mek wrote:

Nop

test2005
16 years ago

DOH!!!!


.....the man in black fled across the desert..........and the gunslinger followed.....

Mek
  • Mek
  • 100% (Exalted)
  • YAF Developer
16 years ago
Yeah twigged this one, it doesn't hash when it creates a user but will hash the security answer when a user changes their own password.... working on a fix but at least we have the why :-)


UserPostedImage

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

Mek
  • Mek
  • 100% (Exalted)
  • YAF Developer
16 years ago
k this was easy, on YafMembershipProvider.cs line 498 it called the DB.CreateUser with the unencrypted version of the passwordanswer string.. subsituting for the correct one solves the problem.

Comitted to SVN.



// Encode Password Answer
			string encodedPasswordAnswer = YafMembershipProvider.EncodeString( passwordAnswer, ( int )this.PasswordFormat, salt, this.UseSalt );
			// Process database user creation request
            DB.CreateUser(this.ApplicationName, username, pass, salt, (int)this.PasswordFormat, email, passwordQuestion, passwordAnswer, isApproved, providerUserKey);

changed to:



// Encode Password Answer
			string encodedPasswordAnswer = YafMembershipProvider.EncodeString( passwordAnswer, ( int )this.PasswordFormat, salt, this.UseSalt );
			// Process database user creation request
            DB.CreateUser(this.ApplicationName, username, pass, salt, (int)this.PasswordFormat, email, passwordQuestion, encodedPasswordAnswer, isApproved, providerUserKey);


UserPostedImage

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

herman_herman
16 years ago
Mek,

Thanks for fix.I will apply it to mine.