A user on one of my sites sent me an email saying there was a problem with the password functions. He went through the forgot password link and received the email with his new password and logged in just fine. No problem there but when he went to Edit Profile to change the system generated password it succeeded but then he was unable to login with his new password that he created. I have had this problem before but have never reported it. Is there a cure?

it works fine for me.

I tried it myself with one of my alts and it worked fine however:
Let me ask you a question. When you bring up Edit Profile with the intention of changing your system generated password(provided you clicked forgot password and got an email with a new one); what do get showing in your Current Password Field? Because I get the field almost completely filled with dots(large) and you MUST erase those dots to input your current password. I personnaly think that is a bad programming idea because the average user is baffled and may not realize the need to erase what's there in order to enter his/her current password. Is there any way to make that field blank in edit profile? I looked at the coding but it's a mystery to me.

yes, it must be deleted. I'll look at the others afterwards

it's empty for me

OK I believe you; this is what I get. I have not made any changes to core code anywhere except the Atom-X theme files. This is a fine running install with no errors.

Does no one have any ideas on how to fix this problem? I compared ALL files associated with this problem with a fresh d/l of 9.10,20 and can find no differences so I'm at a loss as to solving it. My other sites do not have this problem. Please help if you can; if you have any ideas.

EDIT: After further examination I have (3) 9.10.20 websites out of (9) that have this problem. I can't remember which ones were an upgrade to 9.10.20 and which were a virgin install. I am going to try a NEW sub-domain with a virgin install and see if it's there as well. If so then the problem is in the basic install/configuration of 9.10.20 and if not then it may be related to doing an upgrade from a previous version. I will report back with my findings.

Well it seems that my problem must be related to a site upgrade to 9.10.20 because I created a new sub-domain and installed 9.10.20 and the problem is not there. I suppose I could delete ALL files on the offending sites and upload ALL new 9.10.20 files. It will be a major pain in the arse but I'll try at least on GrimsWebDesigns where the problem first showed up. Once again I'll report back. But it sure would be nice to identify the source of it before I do this.

I have been thinking about this and I wonder if the source of the problem may be in themes/templates/global/profile.tpl file?

To Debug:


Let me help you to debug some - in the problematic sites you have, maybe you can do this:

This is where your problem is:
https://github.com/PHPFusion/PHPFusion/blob/26b3897b646a8440d9091b9e610c2f435b8ab983/includes/classes/PHPFusion/UserFields.php#L213

Where the value of the input might, or might not be empty.

So, a line above, insert this:
if (iSUPERAMIN) { print_p($this->userData['user_password']); }

Save, and upload this edited file overwriting existing ones.

Now refresh your screen on edit_profile.php, a var_dump box on top revealed the password hash, a 64 long text. If his happens, you can do this quickly - replace that var_dump line you inserted with:

if (isset($this->userData['user_password'])) { unset($this->userData['user_password']); }

That ought to fix your issue the non-standard way.

Best standard fix now is to upgrade to your copy to the latest one and patched even more serious problems we found critical to the system security and fixed it. For the latest updates, there is nothing else to do except just overwrite all existing files via FTP into your servers. No upgrade of DB or anything at all.

Stay safe!

OK Chan I'll try your fix. BTW I already did delete ALL files on the site and uploaded a fresh copy; the problem was still there.
Just to be clear Chan. This is line#213 in that github file:

So are you telling me to insert above that line this code:

@Grimloch

You are running Atom-X Theme?, if that is the case i think it has it´s own TPL for handling things so it might be a glitch there.

Well I just applied Chan's fix and it works fine. Using it I also had to fix the user_admin_password. Thanks guys.
I also looked at the Atom-X themes Profile.php in the templates folder and it has nothing at all about passwords.

I just installed PHP-Fusion 9.10.30 via Softaculous and I am experiencing very strange issues. Neither of the Passwords, Regular or Admin Password either one would work when I tried to login to PHP-Fusion for the first time. I reset my Regular PHP-Fusion Password and was able to get in but I cannot figure out HOW to fix the Admin Password so therefore, I can't do much to my website without the Admin Password. Not only did I want to make the team aware, how do I fix my Admin Password? I've worked on this thing for hours installing and uninstalling so to no end so its definitely an issue with PHP-Fusion 9.10.30 installed using Softaculous since it seems no one else has had an issue with it.

I would say first thing; d/l it from here, wipe everything including database and start over with the d/l'ed package from here. If it is something about the Softaculous install then this should fix it.

It apparently was the Softaculous Version because it worked just fine when Downloading, Uploading and Installing from here. Perhaps an Admin or someone with some pull should contact Softaculous and ask them to Update PHP-Fusion 9.10.30 (or whatever the version is by then).