password problem

[jlmurillo]

Hello. Thank WebChess 2.1.1. We have installed in our school (http://craaltaribagorza.educa.aragon.es/saladeajedrez) and is going great, but do not let us change user passwords and password fails when trying to play on the same computer. Are you think we can solve it? Thank you

[benjamw]

What kind of error is it giving you?

[jlmurillo]

It appears an error that it doesn't verify the password and doesn't let me
change anything (personal info and play in the same computer).
I try to change the code with password_verify, but it doesn't work.
El 20/11/2015 22:10, "Benjam Welker" notifications@github.com escribió:

What kind of error is it giving you?

—
Reply to this email directly or view it on GitHub
#4 (comment).

[benjamw]

So this is only happening when you try to play with two players on the same computer? Or when you are trying to change the user's password?

[benjamw]

Redownload the script, the only two files you need to worry about are:

• includes/index.inc.php
• opppass.php

All others are the same.

If you've made translation edits in those files, you can edit the lines specified in the commit log and get the same results.

Let me know if you find any other issues. Enjoy the game!

[jlmurillo]

Yes. I have found that

if ((isset ($ _ POST ['pwd Password']) && (''! = $ _ POST ['pwd
Password'])) && ($ dbPassword! = substr ($ _ POST ['pwdOldPassword'], 5)))

in includes / index.inc.php always fails, but say well password

and

if ($dbPassword == substr($_POST['pwdPassword'],5))

also fails

and
http://craaltaribagorza.educa.aragon.es/saladeajedrez/index.php?page=admin
I do not get change anything (reset password, admin, delete)

:-(

El 20/11/15 a las 23:52, Benjam Welker escribió:

So this is only happening when you try to play with two players on the
same computer? Or when you are trying to change the user's password?

[jlmurillo]

I tried with
if (password_verify ($ _ POST ['pwdOldPassword'], $dbPassword)) {
echo 'The password is valid!';
}
else {
echo "The password is invalid. ';
}
in includes / index.inc.php
and the page is blank
:-(

El 20/11/15 a las 23:52, Benjam Welker escribió:

So this is only happening when you try to play with two players on the
same computer? Or when you are trying to change the user's password?

—
Reply to this email directly or view it on GitHub
#4 (comment).

[jlmurillo]

however, the password login.php works well and lets go

El 20/11/15 a las 23:52, Benjam Welker escribió:

So this is only happening when you try to play with two players on the
same computer? Or when you are trying to change the user's password?

—
Reply to this email directly or view it on GitHub
#4 (comment).

[jlmurillo]

same problem

El 21/11/15 a las 00:16, Benjam Welker escribió:

Redownload the script, the only two files you need to worry about are:

• includes/index.inc.php
• opppass.php

All others are the same.

Let me know if you find any other issues. Enjoy the game!

—
Reply to this email directly or view it on GitHub
#4 (comment).

[benjamw]

Did you apply the changes shown in that commit? Those changes fix the issue you were having.

You must change the shown lines to be exactly as shown. You've used password_verify when the function is in fact called password_test.

Make sure those lines are exactly the same.

[jlmurillo]

Solved. Thanks.

in includes/index.inc.php I've changed:

if ((isset($_POST['pwdPassword']) && ('' != $_POST['pwdPassword'])) &&
($dbPassword != substr($_POST['pwdOldPassword'],5)))
{
$errMsg = "Sorry, incorrect old password!";
}
else
{
...
}

to:

if ((isset($_POST['pwdPassword']) && ('' != $_POST['pwdPassword'])) &&
(password_test($_POST['pwdOldPassword'],$dbPassword)))
{
...
}
else {
$errMsg = "Lo sentimos, la contraseña actual no es correcta!";
// in spanish ;-)
}

in includes/opppass.php I've changed:

 /* check to see if supplied password matched that of the DB */
 if ($dbPassword == substr($_POST['pwdPassword'],5))

to

 /* check to see if supplied password matched that of the DB */
 if ($dbPassword == password_test($_POST['pwdPassword'],$dbPassword))

and all is perfect ;-)

I just wanted to go out to notifyyou ($errMsg) of the change to reload
the page because if you do not know message. Any ideas?

El 21/11/15 a las 00:56, Benjam Welker escribió:

Did you apply the changes shown in that commit? Those changes fix the
issue you were having.

You must change the shown lines to be exactly as shown. You've used
|password_verify| when the function is in fact called |password_test|.

Make sure those lines are exactly the same.

—
Reply to this email directly or view it on GitHub
#4 (comment).

[benjamw]

Glad that worked out for you.

[jlmurillo]

Thank you. To us it is helping us a lot

El 22/11/15 a las 07:18, Benjam Welker escribió:

Glad that worked out for you.

[benjamw]

In regards to the $errMsg, please create a new issue for that.