Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deleted and recreated user can't login with system generated password #3864

Closed
nelem opened this issue Jul 10, 2017 · 0 comments

Comments

@nelem
Copy link
Contributor

commented Jul 10, 2017

Issue

If a user is deleted and recreated, they are sent a system generated password which is cheked anagist the old instance and therefore cannot log in. If 'Forgot Password' feature is not enabled, it's an SQL job to get them in.

Expected Behaviour

Their password should work.

Actual Behaviour

The password in checked against the old instance of the user.

Possible Fix

In User.php:759

$query = "SELECT * from users where user_name='$name'";
if(!empty($where)) {
$query .= " AND $where";
}

need to add check to exclude deleted users

$query .= " AND deleted=0";

Steps to Reproduce

  1. Create a User
  2. Delete the User
  3. Create a User with the same name
  4. Can't login with the password sent by System Generated Password email

Context

Your Environment

  • SuiteCRM Version used:
  • Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)):
  • Environment name and version (e.g. MySQL, PHP 7):
  • Operating System and version (e.g Ubuntu 16.04):
Dillon-Brown added a commit that referenced this issue Aug 13, 2018
Merge pull request #6238 from sanchezfauste/fix_3864
Fix #3864 - Deleted and recreated user can't login with system generated password
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.