Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-20962

Users cannot login when accounts are created with strong password using csv upload

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.6
    • Fix Version/s: 1.9.7
    • Component/s: Authentication
    • Labels:
      None
    • Database:
      MySQL
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      to recreate:

      Create csv with users
      Passwords in file to conform with default password policy
      Upload to create new accounts.
      attempt to login in as new user.
      login fails

      Additional information:
      Create csv with users
      Passwords in file that does NOT conform with default password policy
      Upload to create new accounts.
      Attempt to login in as new user.
      Login succeeds - user prompted for new password.

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            nakohdo Frank Ralf added a comment -

            I think this is the same problem after today's update via CVS of my local development machine.

            I still can login as admin using my old password (which doesn't confirm to any password policy as this is only a local development installation after all) but are prompted to change my password again and again - to no avail (see screenshot)

            Show
            nakohdo Frank Ralf added a comment - I think this is the same problem after today's update via CVS of my local development machine. I still can login as admin using my old password (which doesn't confirm to any password policy as this is only a local development installation after all) but are prompted to change my password again and again - to no avail (see screenshot)
            Hide
            skodak Petr Skoda added a comment -

            confirming, the code logic is wrong

            Show
            skodak Petr Skoda added a comment - confirming, the code logic is wrong
            Hide
            skodak Petr Skoda added a comment -

            I have found a logic problem in the code, the first weak password was forcing change of all subsequent users in the file.
            the changing of passwords works fine for me, it might be a separate problem

            thanks for the report

            Show
            skodak Petr Skoda added a comment - I have found a logic problem in the code, the first weak password was forcing change of all subsequent users in the file. the changing of passwords works fine for me, it might be a separate problem thanks for the report
            Hide
            ray Ray Lawrence added a comment -

            Petr,

            I started with the strong password.

            Show
            ray Ray Lawrence added a comment - Petr, I started with the strong password.
            Hide
            skodak Petr Skoda added a comment -

            does it work fine for you now? if not, are you able to replicate the problem on another site?

            Show
            skodak Petr Skoda added a comment - does it work fine for you now? if not, are you able to replicate the problem on another site?
            Hide
            ray Ray Lawrence added a comment -

            It works on updated site. Thanks.

            Show
            ray Ray Lawrence added a comment - It works on updated site. Thanks.
            Hide
            nakohdo Frank Ralf added a comment -

            My problem seems to persist even after updating today to 1.9.7 (Build: 20091126).

            Which CVS branch is the most current one I should use for testing:
            19_BETA, 19_CLI, 19_MERGED, 19_STABLE, 19_WEEKLY?

            Can I disable the password policy somehow directly in the database?

            Show
            nakohdo Frank Ralf added a comment - My problem seems to persist even after updating today to 1.9.7 (Build: 20091126). Which CVS branch is the most current one I should use for testing: 19_BETA, 19_CLI, 19_MERGED, 19_STABLE, 19_WEEKLY? Can I disable the password policy somehow directly in the database?
            Hide
            skodak Petr Skoda added a comment -

            MOODLE_19_STABLE is the branch with last code, MOODLE_19_WEEKLY is the recommended tag for updating via CVS.
            You can force most setting by hardcoding values in config.php

            Show
            skodak Petr Skoda added a comment - MOODLE_19_STABLE is the branch with last code, MOODLE_19_WEEKLY is the recommended tag for updating via CVS. You can force most setting by hardcoding values in config.php
            Hide
            nakohdo Frank Ralf added a comment -

            I did a fresh install of Moodle 1.9.7 (Build: 20091126) with an empty database which worked alright.

            The only difference to 1.9.6 I noticed was the $CFG->passwordsaltmain = '3nKMDLHM^<7<z k^c65?TL-&P,.Hfd!6'; entry in config.php.

            And in 1.9.7 Password Policy is enforced by default. I checked manually that passwordpolicy was indeed set to 0 in the old database. I fiddled around a bit with those password settings but to no avail.

            My conclusion is that the code base is OK but there must be some permissions setting in the old database for the admin user which forces him to change his password again and again. But changing the password doesn't seem to work either, even when following the password policy rules. So he's stuck.

            Show
            nakohdo Frank Ralf added a comment - I did a fresh install of Moodle 1.9.7 (Build: 20091126) with an empty database which worked alright. The only difference to 1.9.6 I noticed was the $CFG->passwordsaltmain = '3nKMDLHM^<7<z k^c65?TL-&P,.Hfd!6'; entry in config.php. And in 1.9.7 Password Policy is enforced by default. I checked manually that passwordpolicy was indeed set to 0 in the old database. I fiddled around a bit with those password settings but to no avail. My conclusion is that the code base is OK but there must be some permissions setting in the old database for the admin user which forces him to change his password again and again. But changing the password doesn't seem to work either, even when following the password policy rules. So he's stuck.

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  25/Nov/09