Can't login anymore

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
7/5/2010 6:13:38 AM
George Birbilis
Gravatar
Total Posts 116
View Posts
http://www.zoomicon.com http://birbilis.spaces.live.com http://www.delicious.com/birbilis http://twitter.com/Zoomicon

Can't login anymore

 

recently the portal stopped allowing all to login (saying wrong pwd), however after upgrading it with latest version it logs me in automatically (but logging out then trying to log in again says wrong password)

trying to send password via e-mail I get the following:

 

Server Error in '/portal' Application.

Invalid length for a Base-64 char array.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.FormatException: Invalid length for a Base-64 char array.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

				[FormatException: Invalid length for a Base-64 char array.]
   System.Convert.FromBase64String(String s) +0
   mojoPortal.Web.mojoMembershipProvider.UnencodePassword(String pass, MembershipPasswordFormat passwordFormat) +34
   mojoPortal.Web.mojoMembershipProvider.GetPassword(String userName, String passwordAnswer) +216
   System.Web.Security.MembershipUser.GetPassword(String passwordAnswer) +83
   System.Web.Security.MembershipUser.GetPassword(String answer, Boolean useAnswer, Boolean throwOnError) +48
   System.Web.UI.WebControls.PasswordRecovery.AttemptSendPasswordQuestionView() +321
   System.Web.UI.WebControls.PasswordRecovery.AttemptSendPassword() +69
   System.Web.UI.WebControls.PasswordRecovery.OnBubbleEvent(Object source, EventArgs e) +103
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
   System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +166
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565
7/5/2010 6:21:15 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Can't login anymore

It sounds like it is trying to decrypt the password but it is either not encrypted or if the machine key in Web.config were changed I think it also would not be able to decrypt.

I would look in the db in mp_Users and see if the password is encrypted or not and verify the password format on mp_Sites table.

Remember that if you change something in mp_Sites you need to recycle the app to make it clear the cache and reload site settings.

Hope it helps,

Joe

7/5/2010 6:36:30 AM
George Birbilis
Gravatar
Total Posts 116
View Posts
http://www.zoomicon.com http://birbilis.spaces.live.com http://www.delicious.com/birbilis http://twitter.com/Zoomicon

Re: Can't login anymore

thanks for the tip, I guess the pwd in the mp_Users is corrupted or something (regarding the machine key, do you mean in the machine's web.config or in the site web.config [is there one?])

7/5/2010 6:42:21 AM
George Birbilis
Gravatar
Total Posts 116
View Posts
http://www.zoomicon.com http://birbilis.spaces.live.com http://www.delicious.com/birbilis http://twitter.com/Zoomicon

Re: Can't login anymore

btw why do I see this exception on the console when pressing the "send password" button? I consider this a bug, should catch exception, log it and show me some message (there's a red error label I think on that page for that) that it failed to send the password (and I'd love it if it checked if I had enough rights and showed me there a link to the log saying "more information" [could do that for all errors])

7/5/2010 6:57:43 AM
George Birbilis
Gravatar
Total Posts 116
View Posts
http://www.zoomicon.com http://birbilis.spaces.live.com http://www.delicious.com/birbilis http://twitter.com/Zoomicon

Re: Can't login anymore

All the passwords are in plain text in the db (apart from the one for a new user I tried to register from the site's GUI [that has yet to be confirmed by the admin [which can't login]). So how can I login? Should I copy the encrypted pwd of the new user into mine or does the encrypted pwd contain info about the user name or other data too that doesn't allow me to copy/paste it to other user rows?

Also do you have a hint on why this happened? Was it result of some site upgrade? (last upgrade that may have caused the issue was from mojoportal-2-3-3-2-mssql-deploymentfiles to mojoportal-2-3-4-3-mssql-deploymentfiles - and now I uploaded mojoportal-2-3-4-5-mssql-net35-deploymentfiles [btw what's difference with the ver for .net 4?])

7/5/2010 7:01:51 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Can't login anymore

I think the machine key is used as part of the password encryption (though I'm not 100% sure, it was a long time ago when I read about that). I include it in Web.config for this reason to keep it the same in case the site is moved. I think this is allowed in Web.config by default but could potentially be locked down at the machine level, so if the host moved your site to a different server that happened to have this locked down then it could cause it to fail decryption.

If you are seeing errors in the page instead of the friendly error message, it means you have

<customErrors mode="Off" in Web.config or you are browsing from localhost so it allows it with <customErrors mode="RemoteOnly" which is the default setting included in mojoPortal Web.config

It is not a bug.

Best,

Joe

7/5/2010 7:08:19 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Can't login anymore

I would look in mp_Sites, set PasswordFormat to 0. Touch Web.config to clear the cache and you should be able to login.

It sounds like the password format was changed in the mp_Sites table somehow but did not actually encrypt the passwords in mp_Users so it fails login.

You may also need to set the failed login attempts to 0 on your user in mp_Users in case the account was locked due to failed password attempts.

I do not think the upgrade process did that or there would be lots of reports of it.

After logging in you should fix the new user to have a clear text password, backup your db, and then if you want to use encrypted passwords try changing it from the SiteSettings page.

Hope it helps,

Joe

7/5/2010 7:25:11 AM
George Birbilis
Gravatar
Total Posts 116
View Posts
http://www.zoomicon.com http://birbilis.spaces.live.com http://www.delicious.com/birbilis http://twitter.com/Zoomicon

Re: Can't login anymore

I think there are 2 bugs:

1) under no way a failure at "send password via e-mail" button action should leave the portal GUI and show an error page (either the friendly one or the one  shown locally [I'm using a remote terminal that's why I see the stack trace]). Should show a failure message inside the send-password page that it failed and log the error for the admin to check out

2) it seems the issue is indeed the flag "PasswordFormat" at mp_Sites, it's set to 2 instead of 0. I had changed that option from the site properties (via admin GUI of the mojoportal). However there must be a bug there since it didn't encrypt the existing passwords and kept them as plain text

 

btw, copy pasting the encrypted pwd (generated by the portal in the db when you try to register a new user) from one user to another user managed to log that user in (tried with my account - the admin)

7/5/2010 7:35:24 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Can't login anymore

1. I will add handling for this error. 

2. I think there was a bug in previous versions that is fixed now.

You must sign in to post in the forums. This thread is closed to new posts.