I’ve upgraded following all the steps but did not use cli for database upgrade, just did it through web and I presume it upgraded the database since my password length has been changed from 40 to 255 ,plus got the msg that upgrade was successful.
I’ve tried logging in through the administrator account but failed. Compared the hash value from backup, same value in password column.
Registered as a fresh user and able to login but the old users can’t.
I would suggest checking the hashes in the database to see what’s happening directly.
To calculate a hash in the OJS 2.4.6 style, you can use the following SQL:
SELECT SHA1(CONCAT(username, 'mypassword')) AS calculated_password, password AS stored_password FROM users WHERE username='myusername'; # for SHA1
SELECT MD5(CONCAT(username, 'mypassword')) AS calculated_password, password AS stored_password FROM users WHERE username='myusername'; # for MD5
…replacing myusername and mypassword accordingly.
You should get a listing of both the calculated and stored passwords:
+------------------------------------------+------------------------------------------+
| calculated_password | stored_password |
+------------------------------------------+------------------------------------------+
| efacc4001e857f7eba4ae781c2932dedf843865e | efacc4001e857f7eba4ae781c2932dedf843865e |
+------------------------------------------+------------------------------------------+
1 row in set (0.00 sec)
If the two don’t match, then the stored password doesn’t match the one you specified using the hashing algorithm in the SQL query.
If you see stored passwords that are much longer, they’ve likely already been converted to a newer (and safer) hashing format. This happens at the first successful login when using OJS 2.4.8 or newer.
Regards,
Alec Smecher
Public Knowledge Project Team