This is the bug tracking and feature request tracking system for the Mambo open source CMS project. To add a new task, or comment or vote on an existing task, please register, preferably by using the same username that you use on the forums.
Please do not open tasks for bugs in versions earlier than Mambo 4.6.5.
FS#405 - Error when changing password from front end
Attached to Project:
Mambo BTS
Opened by Lynne Pope (Elpie) - Friday, 18 July 2008, 04:37 GMT-4
Last edited by Andres Felipe Vargas valencia (andphe) - Thursday, 23 October 2008, 07:40 GMT-4
Opened by Lynne Pope (Elpie) - Friday, 18 July 2008, 04:37 GMT-4
Last edited by Andres Felipe Vargas valencia (andphe) - Thursday, 23 October 2008, 07:40 GMT-4
|
DetailsSeveral users on the forums are reporting problems with changing frontend passwords following the upgrade to Mambo 4.6.5. |
This task depends upon
Working on it, assigned to me.
Hi, try this.
File components/com_user/user.html.php:
line 58
action="index.php?f=<?php echo mosFormId($option, 'edit', $my); ?>" method="post" name="mosUserForm"></code>
to:
add after line 95:
this line:
File includes/core.classes.php, method validFormId, around line 2783:
Add before line 2789:
this line:
it must look like
if (!isset($_REQUEST['f'])) die('Missing hash for mainframe validFormId in core.classes.php'); mos_session_start(); if (!isset($_SESSION['mosfid'])) return false; $valid = $_SESSION['mosfid'] == md5($_REQUEST['f'].$option.$task.$my->id.mamboCore::get('mosConfig_secret'));this task is tagged as required testing.
Several users have reported on the forums that this is working. It also works for me ;)
Thank you very much! I just changed the code and now the users can change their profile!!
I made these changes but this did not work for me. I am now getting a "You are not authorized to view this resource." message. Did I forget to update or restart something to make the change complete, or is something else wrong?
I have also made the changes and it also did not work for me. When I tried to change my own password (I am a super administrator) I received the "Failed Form Hash" message. When I tried to change the password of a registered user, I received the "You are not authorized to view this resource" message. Also, all the fields on the form are available to be changed – including the user name. Is this right? I would think that you wouldn't want the user name to be able to be changed. If you need additional information from me, please let me know. Thanks for you work on this issue.
I've attached the two files, to discard that is a problem aplying the changes, so replace your files with this new ones and let me know if that works.
Please remember that this is just for Mambo 4.6.5
I've replaced the files and it's working fine now. Thank you !
Replacing these files worked for me too.
Like kimberly i did not want all fields to be able to be changed so i replaced;
<tr> <td width=85><?php echo T_('Your Name:'); ?></td> <td><input class="inputbox" type="text" name="name" value="<?php echo $row->name;?>" size="40" /></td> </tr>found in components/com_user/user.html.php, to;
<tr> <td width=85><?php echo T_('Your Name:'); ?></td> <td><?php echo $row->name;?> </td> </tr>to prevent users from changing their real name.
I also changed;
class HTML_user { function frontpage() { ?> <div class="componentheading"> <?php echo T_('Welcome!'); ?> </div> <table cellpadding="0" cellspacing="0" border="0" width="100%"> <tr> <td><?php echo T_('Welcome to the user section of our site'); ?></td> </tr> </table> <?php }to;
class HTML_user { function frontpage() { mosRedirect('index.php', T_('Your changes have been successfully saved')); }which redirects to the log in index page with the message
"Your changes have been successfully saved" displayed at the top.
This seems to work for my particular set up.
thanks
Al
IMO, users should not be able to change their username. Administrators can change usernames from the backend if they wish, so if a user wants their username changed for any reason they should have to ask the administrator to do this. Allowing users to change their own username would be a problem for a lot of sites.
So, I suggest that we remove the option for users to change their username & then commit to Mambo 4.6.6.
In my particular situation I wanted people to be able to change their username, if they wished but not their real name. Ill try to explain why.
My registered users area is for clients, in which they will also have access to a smf, wrapped using the bridge. In this forum each client has their true identity private from the others. I want clients to have the flexability to change their display name in the forum from the one i give them if they wish, but this also changes their real name in the mambo list and I need to know who is who. The only way i could figure to allow this was to not allow the changing of their display name via the forum, but to allow changing their user name via mambo, which then changes their display name in the forum (next time they log in). I removed the option to change their real name, as this could cause me problems. The only place that clients can submit anything is in the forum. All content in the registered area is read only.
Just curious, what problems could users changing their username cause?.
Thanks for awesome materials and guidelines!
Regards, Jim | custom essays