[Slashcode-general] Slash Site User Password for yScrappy (fwd)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Okay, am investigating this passwd issue I'm noticing ... now, this may be 
fixed in the sourceforge code vs the github, so I may be chasing a wild 
goose here ... but ... below is the email I got from the system when I 
setup a test account ...

I went to the URL, then entered my nick and the password listed below ... 
login failed.

I went into the mysql database and did an MD5 of the passwd, and it didn't 
match what was in the system, specifically, the perl script wrote in:

 		f19036001a4a8cef153e138d2eafa9c7

But when I do an md5 of the passwd, it returns:

mysql> select md5("zLFtbrqS");
+----------------------------------+
| md5("zLFtbrqS")                  |
+----------------------------------+
| 080c38b60a0b39c6e18953b4d6d63af1 |
+----------------------------------+
1 row in set (0.00 sec)

If I update the passwd entry with the proper md5, I can then login with 
the password no problem ...

Chris, if this was a known issue, and is fixed in the sourceforge code, 
plesae let me know and I'll wait for git over there to be fixed and update 
...

Shane ... when I added the account, passwd is set to the md5 code, newpass 
is NULL ... just tested again to make sure it was the case before clicking 
on that link:

mysql> select nickname, passwd, newpasswd from users where uid = 12;
+----------+----------------------------------+-----------+
| nickname | passwd                           | newpasswd |
+----------+----------------------------------+-----------+
| yScrappy | 051d7b893187bc8d170be09cfd220bbd | NULL      |
+----------+----------------------------------+-----------+
1 row in set (0.00 sec)

Clicking the link in the email appears to make no change to any fields in 
the users table ...

---------- Forwarded message ----------
Date: Fri, 2 Oct 2009 02:17:24 +0000
From: sc...@hu...
To: su...@hu...
Subject: Slash Site User Password for yScrappy

Your new password is zLFtbrqS.  Your old password will still work until
this password is used.  Go to the URL below to log in:

<http://canadianbusinessnewsonline.net/index.pl?op=userlogin&upasswd=zLFtbrqS&unickname=yScrappy&returnto=%2Flogin.pl%3Fop=changeprefs>

Make sure you then CHANGE YOUR PASSWORD!

If you have received this message without having requested it, it is
because someone attempted to use your username or e-mail address.  It
was mostly likely an innocent mistake, and they are not getting your
password, so you can safely disregard this message.

Thanks.

In case you get multiple emails you didn't request, the requester's IP
was 208.103.225.212.  Its user agent was
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) "
(not that you should trust that value, but it might be interesting).

If you don't use this new password within 3 days, it will expire
and you'll have to send yourself another one.