Btiteam / XBTIT Forum

xbtit => XBTIT Support => Topic started by: [email protected] on April 07, 2017, 02:09:59 am

Title: Recover password function not working, XBTIT 2.5.4
Post by: [email protected] on April 07, 2017, 02:09:59 am
SOLVED - See posts below...

Greetings all,

I've posted this to the github bugs report, but would like to gain some more traction with this issue.

When resetting a password in XBTIT v2.5.4, it appears that the rehashed password isn't being sent to the database. The following error flashes quickly after clicking the link in the email, before redirecting you to a success message:

Warning: mysqli_query(): Empty query in /home/site/webroot/recover.php on line 148

This results in no hash in the password column for a particular user in the xbtit_users table, and the user is unable to log in.

For example:

The snippet of code at line 148 is the following:

Code: [Select]
do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `password`='".mysqli_query($GLOBALS['conn'],$multipass[$i]["rehash"])."', `salt`='".mysqli_query($GLOBALS['conn'],$multipass[$i]["salt"])."', `pass_type`='".$i."', `dupe_hash`='".mysqli_query($GLOBALS['conn'],$multipass[$i]["dupehash"])."' WHERE `id`=$id AND `random`=$random",true);I've also attached the recover.php file to this post.

Install/server details are as follows:

Fully dedicated server
CentOS 6.8, WHM, cPanel
XBTIT 2.5.4 - fresh, unmodified installation
Apache 2.4
PHP 5.6
MySQL 5.0.11
'mysqli' has been enabled with EasyApache 3 custom configuraiton
Password Hashing Algorithm set to "Classic XBTIT"

This is a migrated database from BTITracker 1.3.2 - used the provided upgrade sql scripts to manually upgrade each necessary table sequentially.

If someone knows of a way to make this code work, that would be excellent. I have installed a couple fresh versions of XBTIT to be sure it wasn't something I did to my modified site code that caused the issue - same problem. Not being able to reset passwords may cause a delay in our relaunch.

Google searches mention this error may be related to mixing mysqli queries and mysql queries. I will look back at past version codes to compare the differences, and see if anything stands out.

Please PM me directly if you think you can help, and need the site URL. We are in development mode, so I don't want the URL to be public just yet.

Thanks and cheers!

[email protected]
Title: Re: Recover password function not working, XBTIT 2.5.4
Post by: [email protected] on April 14, 2017, 05:17:42 am
Has no one else noticed this bug?

Pretty crucial stuff. Without the recover password feature, we're pretty much dead in the water.

Please advise!

Thanks!
Title: Re: Recover password function not working, XBTIT 2.5.4
Post by: [email protected] on April 15, 2017, 01:26:07 pm
This has been resolved!!

KingCobra58 (on github) has provided this fix:

Quote
Try replacing this
Code: [Select]
mysqli_query($GLOBALS['conn']to this
Code: [Select]
mysqli_real_escape_string($GLOBALS['conn']in this query
Code: [Select]
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='".mysqli_query($GLOBALS['conn'],$multipass[$i]["rehash"])."', salt='".mysqli_query($GLOBALS['conn'],$multipass[$i]["salt"])."', pass_type='".$i."', dupe_hash='".mysqli_query($GLOBALS['conn'],$multipass[$i]["dupehash"])."' WHERE id=$id AND random=$random",true);

After this, no errors and password recovery is functional.

Thank you KingCobra58 and XBTIT dev team for the help and hard work!!
Title: Re: Recover password function not working, XBTIT 2.5.4
Post by: JUFEK on September 04, 2017, 09:57:13 pm
This has been resolved!!

KingCobra58 (on github) has provided this fix:

Quote
Try replacing this
Code: [Select]
mysqli_query($GLOBALS['conn']to this
Code: [Select]
mysqli_real_escape_string($GLOBALS['conn']in this query
Code: [Select]
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='".mysqli_query($GLOBALS['conn'],$multipass[$i]["rehash"])."', salt='".mysqli_query($GLOBALS['conn'],$multipass[$i]["salt"])."', pass_type='".$i."', dupe_hash='".mysqli_query($GLOBALS['conn'],$multipass[$i]["dupehash"])."' WHERE id=$id AND random=$random",true);

After this, no errors and password recovery is functional.

Thank you KingCobra58 and XBTIT dev team for the help and hard work!!

Thanks, problem solved :)
Title: Re: Recover password function not working, XBTIT 2.5.4
Post by: cavaclub on January 11, 2018, 02:15:45 am
thanks alot... that save me