unable to store hashed password

shahparzsoft · October 23, 2020, 2:31pm

I have just installed PHPMaker 2021.0.3.
i am making a new user, but it is not storing hashed password. Even storing simple text password.
I have checked the following:
Tools, Advance Settings, Use Password hash (checked)
Encrypt username and password (checked)i have also checked :
Security Settings, Advance, User Login Options, Password (Hashed Password checked)But nothing is working.Any advise ?

sticcino · October 23, 2020, 4:44pm

what type of field did you specify and what is the length, hashed and encrypted field types will have very long text

shahparzsoft · October 23, 2020, 8:29pm

The field type is varchar and the length is 100

sticcino · October 23, 2020, 8:43pm

more than enough…after making the changes did you re-generate all the files including the config files.
is the field specified as password as well or regular text

shahparzsoft · October 24, 2020, 9:03am

Yes, i regenerated all the script.
Yes, the field type is password.

mobhar · October 24, 2020, 2:47pm

Beware that if you enable “Use password hash” from “Tools” → “Advanced Settings” and also enabled “Hashed password” from “Security” → “Advanced” → “User Login Options” → “Password”, but the user table is still storing old MD5 passwords or plain text passwords, users will NOT be able to login.

Since MD5 passwords cannot be decrypted, you MUST reset the passwords for the users first, or ask users to reset their passwords themselves.

shahparzsoft · October 25, 2020, 8:40am

The concern is not about the old user’s passwords. The concern is about newly generated user’s passwords.

mobhar · October 26, 2020, 12:12am

The new password will be generated by system based on your settings you already have chosen. As mentioned before, ask your end-users to reset their password by themselves.

arbei · October 26, 2020, 12:30am

The field type is varchar and the length is 100

Try increasing the length (e.g. to 255).

philmills1 · May 24, 2021, 12:21am

I have the same issue
password field is set to 255 characters
hash password is enabled both in Advanced Seppings and in Security SettingsPassword is still being stored in plain text, and I can only login with hard coded admin account

arbei · May 24, 2021, 2:07am

Make sure you generate all scripts again after changing the security settings.
Note that old passwords in the user table will not be changed. You need to update them yourself or ask the users to reset.

philmills1 · May 24, 2021, 2:28pm

I have done that - regenerated ALL scripts, and even with Composer Update.
I just checked another project of mine which IS working, and there under Security > Advanced > User Login Options I have:

Hashed password
Case-sensitive password
both selected.
But under Project advanced settings I have “Use password hash” unchecked

I’ll try this same combination on the other project and post back here later with the result.

mobhar · May 24, 2021, 2:36pm

arbei wrote:

Note that old passwords in the user table will not be changed. You need to update them yourself or ask the users to reset.

mobhar wrote:

As mentioned before, ask your end-users to reset their password by themselves.

philmills1 · May 24, 2021, 5:05pm

OK I got it working - turns out the issue may in fact be with file timestamps
I had already updated all files and uploaded them on FTP using the “overwrite if source is newer” option.
Didn’t work
So I just overwrote all files unconditionally, then it started working…