‘Clear Text’ to ‘Encrypted’ password format

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
12/3/2015 3:23:08 PM
Gravatar
Total Posts 5
SFC John Gately Texas Military Department - Webmaster johnny.gately@txsg.state.tx.us 972-800-9160

‘Clear Text’ to ‘Encrypted’ password format

I am running 2.4.0.9, SQL 2014, .net 4.5, Win Server 2012 R2.

When changing from ‘Clear Text’ to ‘Encrypted’ password format, I get the following error and the passwords for the existing users are not changed.

2015-12-02 16:45:25,057 ERROR 192.168.4.68 - en-US - /Admin/ServerLog.aspx - mojoPortal.Web.mojoMembershipProvider - ChangeFromClearTextPasswordsToEncrypted

System.FormatException: Failed to convert parameter value from a String to a Int32. ---> System.FormatException: Input string was not in a correct format.

   at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)

   at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)

   at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)

   at System.Data.SqlClient.SqlParameter.CoerceValue(Object value, MetaType destinationType, Boolean& coercedToDataFeed, Boolean& typeChanged, Boolean allowStreaming)

   --- End of inner exception stack trace ---

   at System.Data.SqlClient.SqlParameter.CoerceValue(Object value, MetaType destinationType, Boolean& coercedToDataFeed, Boolean& typeChanged, Boolean allowStreaming)

   at System.Data.SqlClient.SqlParameter.GetCoercedValue()

   at System.Data.SqlClient.SqlParameter.Validate(Int32 index, Boolean isCommandProc)

   at System.Data.SqlClient.SqlCommand.SetUpRPCParameters(_SqlRPC rpc, Int32 startCount, Boolean inSchema, SqlParameterCollection parameters)

   at System.Data.SqlClient.SqlCommand.BuildRPC(Boolean inSchema, SqlParameterCollection parameters, _SqlRPC& rpc)

   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds)

   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite)

   at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite)

   at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()

   at mojoPortal.Data.SqlHelper.ExecuteNonQuery(String connectionString, CommandType commandType, String commandText, Int32 commandTimeout, SqlParameter[] commandParameters)

   at mojoPortal.Data.SqlHelper.ExecuteNonQuery(String connectionString, CommandType commandType, String commandText, SqlParameter[] commandParameters)

   at mojoPortal.Data.DBSiteUser.UpdatePasswordAndSalt(Int32 userId, Int32 pwdFormat, String password, String passwordSalt)

   at mojoPortal.Web.mojoMembershipProvider.ChangeFromClearTextPasswordsToEncrypted(Object objSiteSettings)

12/4/2015 8:45:55 AM
Gravatar
Total Posts 18444

Re: ‘Clear Text’ to ‘Encrypted’ password format

That is very strange. The only integers involved there are userid and pwdformat. Only thing I can think of is make sure there are no rows in mp_Users where those fields are null though it does not make sense that either of those could be null, especially UserID since it is the primary key. This error makes no sense to me unless the db has been modified from what it is supposed to be.

12/4/2015 11:01:49 AM
Gravatar
Total Posts 1991

Re: ‘Clear Text’ to ‘Encrypted’ password format

Hi Joe,

I just verified this using the GitHub repo.

The problem is that the mp_Users_UpdatePasswordAndSalt SP has the parameters in the correct order. The mojoPortal.Data.UpdatePasswordAndSalt method is passing them in as UserID,Password,PasswordSalt,PwdFormat but the SP is expecting them as UserID,PwdFormat,Password,PasswordSalt. This explains the FormatException as Password is a string and PwdFormat is an int. Rearranging them in the SP fixed the issue.

Thanks,
Joe D.

12/4/2015 11:06:43 AM
Gravatar
Total Posts 18444

Re: ‘Clear Text’ to ‘Encrypted’ password format

cool, so simple solution is to alter the proc so it matches the code

12/4/2015 1:18:21 PM
Gravatar
Total Posts 18444

Re: ‘Clear Text’ to ‘Encrypted’ password format

This is now fixed in the source code repository. Anyone who encounters this issue can fix it in their current installation by running this sql command:

ALTER PROCEDURE [dbo].[mp_Users_UpdatePasswordAndSalt]


@UserID        int,
@Password    nvarchar(1000),
@PasswordSalt    nvarchar(128),
@PwdFormat int


AS

UPDATE [dbo].mp_Users WITH (ROWLOCK)
SET Pwd = @Password,
    PasswordSalt = @PasswordSalt,
    PwdFormat = @PwdFormat

WHERE UserID = @UserID


GO

Thanks!

You must sign in to post in the forums. This thread is closed to new posts.