Geeklog Forums

I made changes to my site http://roalug.net, running v 2.0.0, to avoid being spammed with registrations and contributions (I saw the posts where spammers have been able to get around the Captcha requirement). Went through the Configuration GUI and set most things to require an account, not allowing anonymous posts or comments. I reviewed the captcha section but didn't disable anything there that I recall.

After the changes, the existing account that I had set as admin could not log in, always going to "Try Logging in Again" and "You may have mistyped your login credentials" - I did the routine to reset my password, failed to log in with new password. I followed the instructions to "Manually creating a new Admin user" on the existing account using the SQL statement to change credential to "password" - not able to log in. Also created a new user account, promoted to Admin user with SQL statment provided, used the random generated password, still fails with "Try Logging in Again"

What ever wrong turn I made in locking down the site got me locked out pretty tight. Any help would be greatly appreciated. Maybe there's a way to change some settings from the mySQL side? I have full access to the database with phpMyAdmin.

Thanks

Is it only admin users having problems logging in or all users?

---

One of the Geeklog Core Developers.

Both the admin and two new user accounts (with different email addresses). Even the new user account fails when I use the random generated password. Cleared the cache and cookies and tried two different browsers. Pretty sad how badly I messed it up.

Made some progress, in the SQL table gl_conf_values, I changed the values for user_login_method back to the defaults. Now I can log in with the new user account that I just created. Next I'll work on the admin accounts.

You will want to make sure that the User Login Method[standard] is set to true.

---

One of the Geeklog Core Developers.

Thanks for your help. I think I spotted the problem. I changed the password hash in the configuration GUI to Blowfish and that made the old passwords fail. Trying to sort through the mess I made.

In case anyone else makes this same goof, I had to promote my new user to Admin following these instructions: http://wiki.geeklog.net/index.php/Manually_creating_a_new_Admin_user. Then logged in with the new Admin user, changed the password hash back to sha1, then requested a new password for the previous account that was locked out. Once that was done, was able to get back in (and delete the duplicate Admin account). Seems like the Blowfish option for the password hash was *not* working, but that's hard to say because all the mucking around.