hashed password true user cannot log in

lissa · Post by **lissa** » Tue Jun 18, 2024 4:24 pm

hi,
on the login page, I created a new user with the hashed password condition being false, and the user logged in successfully.

The second try I tried changing the hashed password to true and I changed the user's login password in administrator, and the password was correctly encrypted, but the user couldn't log in.
database using MariaDB "utf8mb4_general_ci"
Can you help me

arbei · Post by **arbei** » Tue Jun 18, 2024 7:17 pm

lissa wrote:

The second try I tried changing the hashed password to true...

After change make sure you have generated all scripts and uploaded again. The user should also logout first and then login again.

lissa · Post by **lissa** » Tue Jun 18, 2024 7:32 pm

Yes, I have done what you suggested, regenerating all scripts and logging out all users. but still can't log in, I checked the password in the database which has been encrypted

arbei · Post by **arbei** » Tue Jun 18, 2024 7:52 pm

Double check if you have enabled the following settings:

Hashed password
Case-sensitive password - If enabled, make sure you enter correct letter case
Password expiry time (days) - Make sure it is not 0
Use password hash

Make sure the above settings are set as what you need, then generate all scripts again, reset the password and try again.

lissa · Post by **lissa** » Wed Jun 19, 2024 8:37 am

Solved, advanced settings - use password hash value I changed to false
Thank You

arbei · Post by **arbei** » Wed Jun 19, 2024 9:23 am

You better set the advanced setting to true and reset the password and try again. md5 is out-dated and should not be used anymore.

lissa · Post by **lissa** » Wed Jun 19, 2024 5:08 pm

I tried what you suggested.
and activate advanced settings - use password hash value is true. I changed my password and logged out but can't log in again?
The hashed password setting in the user login options value is true.
Is there anything I missed?

arbei · Post by **arbei** » Wed Jun 19, 2024 9:54 pm

You need to reset the password after enabling the advanced setting or the old passwords are still hashed by md5.
Make sure you use "utf-8" as your project charset since your database uses utf8bm4.
Make sure the table and field are also using the same utf8bm4 charset and collation (do not use utf8mb4_bin).
Make sure you have generated the src/config.php and uploaded again to your server.
You may upload a script (see password_hash() and password_verify()) to test if password hashing is working correctly on your server.