In 6.2 we have switched to hashing user passwords by default. The prefix you mentioned indicates which hashing algorithm was used. FarCry uses that prefix to determine whether a user's password is still in plaintext and needs to be updated. That check is automatic when a user logs in, but you can kick of a full database update as Sean mentions.
When you say the user is unable to login, does that mean they forgot their password or something else? As an admin you can reset passwords in the webtop. You can also update the database with a plaintext password, and FarCry should handle that fine. Blair On Wed, Mar 27, 2013 at 7:02 AM, Sean Coyne <[email protected]> wrote: > Strange. I have updated several sites to 6.2.x w/o running the password > update utility and have no issues with users being unable to login. > Perhaps some one from Daemon can shed some light. > > > On Tuesday, March 26, 2013 3:42:53 PM UTC-4, Might Aswell wrote: >> >> Hi Sean, >> >> No.. I dont believe so.. I checked farUser and don't see lastupdated set >> to passwordfix... however... Idid just notice that this seems to happen >> AUTOMATICALLY when a user logs in??? >> >> I picked a random user that had an old style password, logged in and >> refreshed the farUser table and the pw was changed... >> >> >> On Tuesday, March 26, 2013 12:29:03 PM UTC-7, Sean Coyne wrote: >>> >>> Did you run the upgrade password security utility? >>> >>> On Tuesday, March 26, 2013 3:09:12 PM UTC-4, Might Aswell wrote: >>>> >>>> I have noticed after upgrading to 6-2-7, that some of my farUser's >>>> passwords have 'changed' >>>> >>>> They appear to be some sort of hash value now instead of a plain text >>>> password... all of them are prefixed with $2a$10$ >>>> >>>> I discovered this when a user reported being unable to login to a >>>> protected section of the web site using a last known working password. I >>>> confirmed the issue and then reset it (to itself) via the web top. >>>> >>>> Can someone tell me what changed and why, and why only "some" of these >>>> users seem to have the new "strange' password in the password column >>>> (forgotpasswordhash) is NULL for all these users. >>>> >>>> Thanks, >>>> >>>> Chris >>>> >>> -- > You received this message cos you are subscribed to "farcry-dev" Google > group. > To post, email: [email protected] > To unsubscribe, email: [email protected] > For more options: http://groups.google.com/group/farcry-dev > -------------------------------- > Follow us on Twitter: http://twitter.com/farcry > --- > You received this message because you are subscribed to the Google Groups > "farcry-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry --- You received this message because you are subscribed to the Google Groups "farcry-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
