View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0006503mantisbtfeaturepublic2005-12-15 09:412008-10-18 18:34
ReporterLabutin Assigned Tograngeway  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0006503: Password reset don't work
Description

I cant register new users and password reset.
Mantis version from CVS.

TagsNo tags attached.
Attached Files
gpc.patch (677 bytes)    
Index: core/gpc_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/gpc_api.php,v
retrieving revision 1.39
diff -u -r1.39 gpc_api.php
--- core/gpc_api.php	13 Jul 2005 20:45:02 -0000	1.39
+++ core/gpc_api.php	11 Feb 2006 12:49:09 -0000
@@ -254,7 +254,13 @@
 			$p_domain = config_get( 'cookie_domain' );
 		}
 
-		return setcookie( $p_name, $p_value, $p_expire, $p_path, $p_domain );
+		if ( setcookie( $p_name, $p_value, $p_expire, $p_path, $p_domain ) ) {
+			// set up cookie for immediate use
+			$_COOKIE[$p_name] = $p_value;
+			return true;
+		} else {
+			return false;
+		}
 	}
 
 	# ------------------
gpc.patch (677 bytes)   

Relationships

has duplicate 0006222 closedgrangeway User-Password reset & verify 

Activities

Labutin

Labutin

2006-01-02 06:03

reporter   ~0011858

Bug still present :(
thraxisp

thraxisp

2006-01-02 07:01

reporter   ~0011859

Could you explain the steps you are taking? Are you getting other email messages from Mantis?
Labutin

Labutin

2006-01-02 07:11

reporter   ~0011860

Signup for a new account
Enter Username and E-mail
Recive e-mail with URL to set own access password
Go to by this URL
I enter to "Login page" (asking for username and password) instead auto login to edit profile and setting new password.
illes

illes

2006-01-12 12:24

reporter   ~0011921

I experience the same problem w/ the CVS Head.
Both from Firefox and IE.
But this seems to be computer specific, because I cannot repeat this problem from my computer, but already 2 users indicated this problem.
I tried to set the cookie rules in one of the desktop PCs, but without any success.

I tried the following also using phpmyadmin to access the mysql DB:

  1. Manually deleted the MD5 encoded passwd from the DB.
  2. Deleted the cookie string from the DB.
  3. Generated a new pwd w/ MD5 generator
  4. Went to login page, entered the username and passwd.
  5. I received the message described in 0005886.

So it seems this is connected to http://bugs.mantisbt.org/view.php?id=5886.
Labutin

Labutin

2006-02-03 12:36

reporter   ~0012076

Bug still present :(
johnwebbcole

johnwebbcole

2006-02-10 17:55

reporter   ~0012127

I'm using the cvs head from today and I still have this issue.

A user signs up for an account and gets an email with the confirmation link, but the link takes them to the login page instead of the page where you set your password.

If I reset that users password, the get the email with the link to reset their password, but they go to the login page instead?

Been getting a few angry emails and calls about this. It would be very nice to have a workaround asap.

Thanks,

John Cole
thraxisp

thraxisp

2006-02-11 07:50

reporter   ~0012132

I have a possible fix, but can't reproduce the original problem here. Would someone be willing to try the attached patch and provide feedback?
Labutin

Labutin

2006-02-11 08:00

reporter   ~0012133

thraxisp
I tried this patch. Bug still present :(
johnwebbcole

johnwebbcole

2006-02-12 17:42

reporter   ~0012135

I tried the patch as well and it did not solve the problem. Only systems from outside are having trouble, so while I can recreate the problem at home, at work, things work normally. This does not seem to be browser dependent as it occurs with FireFox and IE.
thraxisp

thraxisp

2006-02-12 19:57

reporter   ~0012136

Is there a proxy server involved? Is it possible some cookies are being suppressed?
johnwebbcole

johnwebbcole

2006-02-12 23:10

reporter   ~0012137

No proxies in my case :-( Cookies are acting normally for other applications running on the same server.
johnwebbcole

johnwebbcole

2006-02-16 14:30

reporter   ~0012171

Any progress on this issue? I'm still getting complaints from users.

Thanks
johnwebbcole

johnwebbcole

2006-02-17 12:30

reporter   ~0012180

I just upgraded our server running mantis to the latest php (Apache/1.3.31 (Win32) PHP/5.1.2) and now we are seeing the problem on all machines. It appears no one can sign up or reset their passwords now. I have tried it with and without the attached patch; the results are the same.
Labutin

Labutin

2006-02-21 08:45

reporter   ~0012203

Mantis 1.0.0rc5 works fine on the same server. But CVS version dosn't work :(
Labutin

Labutin

2006-02-21 09:07

reporter   ~0012204

Mantis 1.0.1 also works without problem.
illes

illes

2006-02-22 05:03

reporter   ~0012208

Did a special CVS update (we've a slightly modified code) w/ RELEASE_1_0_1_20060218 branch.

I can confirm that this bug is only at the CVS head, after the update everything is ok!
johnwebbcole

johnwebbcole

2006-03-20 10:40

reporter   ~0012374

I merged RELEASE_1_0_1_20060218 into our CVS HEAD version (we have some changes as well) and still have the same problem. I'll try a 1.0.1 vanilla version and see if it works.
thraxisp

thraxisp

2006-04-21 21:12

reporter   ~0012673

This may be related to an IIS "security feature". See http://groups.google.com/group/microsoft.public.inetserver.iis/browse_thread/thread/c2c90707d33a5f0f/4783319c51be5d29?q=underscore&rnum=6#4783319c51be5d29 .

It appears that certain characters are not allowed in cookies, either in the web site or path.
grangeway

grangeway

2008-07-28 15:30

reporter   ~0018824

Thank you for taking the time to report a problem with mantis.

As far as i'm aware - this issue got fixed.

Since this problem report was originally made, a number of releases have occured. Additionally no recent feedback has been received on this issue.
It appears that this issue has either been fixed, or may not be a relevant report for the current release.

Unfortunately you are not using the latest version and the problem might already be fixed. Please download the latest release from http://www.mantisbt.org/download.php [^] [^]

If you are able to reproduce this bug in the current release, or have some more information on how this feature could be improved in the current release. Please either change the mantis version on this bug report
to the version you tested and change the status back to "Open", or open a new issue report with more information.

Again, thank you for your continued support and report.