Closed Bug 309482 Opened 19 years ago Closed 19 years ago

Trying to change the e-mail password and got the message that the old password is not valid

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
2.18.3
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: rogerio.prudente, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705)
Build Identifier: 

I have bugzilla 2.18.3 installed here and when I try to modify the password e-
mailed I get a message telling me that the old password is invalid, althoug I 
just copy and pasted it.

I also noticed that if I comment those following lines on userprefs.cgi it works

        if (crypt($cgi->param('Bugzilla_password'), $oldcryptedpwd) ne 
                  $oldcryptedpwd) 
        {
            ThrowUserError("old_password_incorrect");
        }


Reproducible: Always

Steps to Reproduce:
1.Create an account
2.Login
3.Try to change the password

Actual Results:  
I got a message telling me that the old password is invalid

Expected Results:  
Just change the password
Looks like the parameter on $cgi->param('Bugzilla_password') is empty.

I looked at the code and it seems that the password is "erased" by some 
security reasons from the parameter.

If I replace the 'name="Bugzilla_password"' to, let's say 'xxxpassword' on 
\template\en\custom\account\prefs\account.html.tmpl it works. 

But this is not a solution: is just a way to identify the problem.
Version: unspecified → 2.18.3
(In reply to comment #1)
> \template\en\custom\account\prefs\account.html.tmpl

I cannot reproduce the problem on 2.18.3+. The fact that you are considering a
template in custom/ rather than default/ makes me think you modified the
template in some way which could explain why this doesn't work anymore.

Be sure that your changes do not affect bug 237646 or bug 287436 in some way.
Also, make sure your customised file is consistent with the original one
(customised templates are not updated on an upgrade, you have to report all
changes manually).
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
I am sorry, but I am confused and maybe I understood it wrongly, but if the bug 
287436 removed the bugzill_password from the cgi parameters, how could the 
template make use of it to change the password?

I haven't modified that template: it did not work even on standard 
installation. But, like I mentioned before: if I put another variable name 
(let's say xxxpassword) instead of Bugzilla_password, it works. So I am 
thinking that there must be something that could complement the bug 287436.

What do you think?
Just to be sure, did you fill the "Password" field with the password you get by
email? One reason for the Bugzilla_password variable to remain empty could be
that you only filled the "New password" and "Re-enter new password" fields.
Yes. I just copied and pasted the password I got it.

While testing I could see that the other fields had data (newpassword1 and 
newpassword2) but not the bugzilla_password one.
You need to log in before you can comment on or make changes to this bug.