Migrating from Postnuke - Password nightmare :: Zikula Community

Get Zikula 1.3.3!New core, modules & more

Quick Links

Donate Today!Support your Software

Documentationlearn, share & develop

Watch

GitHub Core

Show your support for Zikula! Sign up at Github account and watch the Core project!

GitHub Modules

Forum Activity

rgasch created topic »Using PageUtil::addVar() to load script code« 11:48 AM
michiel responded to »password problem« 10:01 AM
mazdev responded to »Hide "Register new account" and change template to 3 col« 07:50 AM
mesteele101 created topic »Zikula 1.3.3 - Site Search 1.5.2 - Unable to turn off plug-ins« 07:48 AM
mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May

» Visit forum | » View latest posts

Zikula Blog

Anatomy of Open Source Projects on Mar 07
Continuous Review on Mar 01
Not Invented Here on Feb 24
How to Contribute Your Code at Github on Jan 13
10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
Submitting Bug Report Tickets That Get Results on Aug 17
Cozi Tricks #1: Syntax Highlighting on Aug 07

Migrating from Postnuke - Password nightmare

Print topic

tapsyhapsy

Rank: Registered User

Registered: Oct 07, 2009

Last visit: Oct 08, 2009

Posts: 3
Posted: Oct 07, 2009 - 06:44 AM

The migration from Postnuke was almost painless. Key word being almost.

Until we realised that the password generation method was different, and that any users (from the 50k users) that logged into the site in the last hour had their password screwed and as such, could no longer login to the ftp attached.

It was only due to luck that we managed to recover most of those passwords, so you might want to put it out with some big red letters. Took two of us 20 minutes of googling to figure out what the problem was.

Cheers.
hardtoneselector

Rank: Registered User

Registered: Jun 18, 2002

Last visit: May 18, 2010

Posts: 16
Posted: Oct 07, 2009 - 06:59 AM

might be interesting what the reason was in your case! you may share this information and help others to avoid googling some hours,... ;)
I am wondering that nobody else had issues with screwed passwords after upgrading,... otherwise you would found a answer on google faster,... so it really make sense th share this information with others!
Teb

Rank: Team Member

Registered: Feb 27, 2005

Last visit: Apr 12, 2010

Posts: 665
Posted: Oct 07, 2009 - 09:53 AM

Quote
Until we realised that the password generation method was different, and that any users (from the 50k users) that logged into the site in the last hour had their password screwed and as such, could no longer login to the ftp attached.

Indeed, the passwords are hashed in a different way (sha256) by default. On the first login to the new Zikula site of a user, the new hash_method is going to be stored for this user, and future logins use this new method. For anyone interested: This check, and conversion code, can be found in pnUser.php line 101 and below.

Was your site still accessible for users at the time of migration (because you use the 'last hour' words specifically)? What exactly was screwed up?

Quote
so you might want to put it out with some big red letters
What is exactly the message you advise us to put out?

--
-- Teb
-- Dutch Zikula Community

Support questions in a Personal Message will be ignored. Use the forums at all times!
tapsyhapsy

Rank: Registered User

Registered: Oct 07, 2009

Last visit: Oct 08, 2009

Posts: 3
Posted: Oct 07, 2009 - 11:55 AM

Quote
Was your site still accessible for users at the time of migration (because you use the 'last hour' words specifically)? What exactly was screwed up?

Our site was accessible right after the migration, before we noticed the problem, which was that the new password was not the same length as the old one. Since the password used to the site is also used for the ftp, this created the immediate problem of users whose password has been changed not being able to log onto the ftp. At the time we thought this only affected new registrations, until the admin could not log on with his own account.

After disabling registration, we went on to troubleshoot the actual problem, and after a while we found how to change the hash method.

Thankfully we only had a few logins during this time, and most of them were fixable by using the password from the ftp and manually changing the hast method, but a few new registers had to get new passwords.

I realise this is not the fault of Zikula, it was just something we did not expect.

Quote
What is exactly the message you advise us to put out?

"Be advised: Passwords are stored differently by default."

We have also found a major problem: accessing the View Members function under Profile, causes mySQL to hang. The View Users function under Administration works properly.
tapsyhapsy

Rank: Registered User

Registered: Oct 07, 2009

Last visit: Oct 08, 2009

Posts: 3
Posted: Oct 08, 2009 - 10:44 AM

A new problem popped up: Users can't add reviews, even though the permissions are on default settings.