Moodle
  1. Moodle
  2. MDL-20962

Users cannot login when accounts are created with strong password using csv upload

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.6
    • Fix Version/s: 1.9.7
    • Component/s: Authentication
    • Labels:
      None
    • Database:
      MySQL
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE
    • Rank:
      24665

      Description

      to recreate:

      Create csv with users
      Passwords in file to conform with default password policy
      Upload to create new accounts.
      attempt to login in as new user.
      login fails

      Additional information:
      Create csv with users
      Passwords in file that does NOT conform with default password policy
      Upload to create new accounts.
      Attempt to login in as new user.
      Login succeeds - user prompted for new password.

        Activity

        Hide
        Frank Ralf added a comment -

        I think this is the same problem after today's update via CVS of my local development machine.

        I still can login as admin using my old password (which doesn't confirm to any password policy as this is only a local development installation after all) but are prompted to change my password again and again - to no avail (see screenshot)

        Show
        Frank Ralf added a comment - I think this is the same problem after today's update via CVS of my local development machine. I still can login as admin using my old password (which doesn't confirm to any password policy as this is only a local development installation after all) but are prompted to change my password again and again - to no avail (see screenshot)
        Hide
        Petr Škoda added a comment -

        confirming, the code logic is wrong

        Show
        Petr Škoda added a comment - confirming, the code logic is wrong
        Hide
        Petr Škoda added a comment -

        I have found a logic problem in the code, the first weak password was forcing change of all subsequent users in the file.
        the changing of passwords works fine for me, it might be a separate problem

        thanks for the report

        Show
        Petr Škoda added a comment - I have found a logic problem in the code, the first weak password was forcing change of all subsequent users in the file. the changing of passwords works fine for me, it might be a separate problem thanks for the report
        Hide
        Ray Lawrence added a comment -

        Petr,

        I started with the strong password.

        Show
        Ray Lawrence added a comment - Petr, I started with the strong password.
        Hide
        Petr Škoda added a comment -

        does it work fine for you now? if not, are you able to replicate the problem on another site?

        Show
        Petr Škoda added a comment - does it work fine for you now? if not, are you able to replicate the problem on another site?
        Hide
        Ray Lawrence added a comment -

        It works on updated site. Thanks.

        Show
        Ray Lawrence added a comment - It works on updated site. Thanks.
        Hide
        Frank Ralf added a comment -

        My problem seems to persist even after updating today to 1.9.7 (Build: 20091126).

        Which CVS branch is the most current one I should use for testing:
        19_BETA, 19_CLI, 19_MERGED, 19_STABLE, 19_WEEKLY?

        Can I disable the password policy somehow directly in the database?

        Show
        Frank Ralf added a comment - My problem seems to persist even after updating today to 1.9.7 (Build: 20091126). Which CVS branch is the most current one I should use for testing: 19_BETA, 19_CLI, 19_MERGED, 19_STABLE, 19_WEEKLY? Can I disable the password policy somehow directly in the database?
        Hide
        Petr Škoda added a comment -

        MOODLE_19_STABLE is the branch with last code, MOODLE_19_WEEKLY is the recommended tag for updating via CVS.
        You can force most setting by hardcoding values in config.php

        Show
        Petr Škoda added a comment - MOODLE_19_STABLE is the branch with last code, MOODLE_19_WEEKLY is the recommended tag for updating via CVS. You can force most setting by hardcoding values in config.php
        Hide
        Frank Ralf added a comment -

        I did a fresh install of Moodle 1.9.7 (Build: 20091126) with an empty database which worked alright.

        The only difference to 1.9.6 I noticed was the $CFG->passwordsaltmain = '3nKMDLHM^<7<z k^c65?TL-&P,.Hfd!6'; entry in config.php.

        And in 1.9.7 Password Policy is enforced by default. I checked manually that passwordpolicy was indeed set to 0 in the old database. I fiddled around a bit with those password settings but to no avail.

        My conclusion is that the code base is OK but there must be some permissions setting in the old database for the admin user which forces him to change his password again and again. But changing the password doesn't seem to work either, even when following the password policy rules. So he's stuck.

        Show
        Frank Ralf added a comment - I did a fresh install of Moodle 1.9.7 (Build: 20091126) with an empty database which worked alright. The only difference to 1.9.6 I noticed was the $CFG->passwordsaltmain = '3nKMDLHM^<7<z k^c65?TL-&P,.Hfd!6'; entry in config.php. And in 1.9.7 Password Policy is enforced by default. I checked manually that passwordpolicy was indeed set to 0 in the old database. I fiddled around a bit with those password settings but to no avail. My conclusion is that the code base is OK but there must be some permissions setting in the old database for the admin user which forces him to change his password again and again. But changing the password doesn't seem to work either, even when following the password policy rules. So he's stuck.

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: