Hi,
I’m a CIS student working in my University’s library. We use OJS for our Archives department and today I updated it from 2.4.6 to 2.4.8.
I followed the instruction listed here: https://pkp.sfu.ca/ojs/UPGRADE. I downloaded and unzipped the geolitecity.dat. Then I used the upgrade.php tool to patch the code base and no errors were output. I then set installed to Off in config.inc.php and ran upgrade.php to upgrade the database and received no errors. Installed was then set back to On.
When I went to login OJS gave me an incorrect username or password prompt. As mentioned in this topic OJS: log-in problem after upgrade to 2.4.7-1 - #24 by asmecher I checked common.xml to see if the database had not upgraded correctly, but everything was correct. I decided to roll back the database, and I was able to log in again. Checking the version info of OJS tells me that I now have code version 2.4.8 but database version 2.4.6.
Any idea why updating the database to 2.4.8 would be preventing me from logging in?
Thank you,
Jake
Hi @jstrojny,
After the upgrade, was the password column of the users table extended to a capacity of 255 characters? If not, then your database upgrade probably didn’t complete successfully. I’d suggest restoring your database from backup and trying the upgrade script again. You should receive a confirmation message that the upgrade was successful.
Regards,
Alec Smecher
Public Knowledge Project Team
Yes it was extended to 255. I saw that you mentioned it here OJS: log-in problem after upgrade to 2.4.7-1 - #24 by asmecher and checked it before doing anything else. I also already re-attempted the upgrade and it still has not worked.
Hi @jstrojny,
Do you receive a “successfully upgraded” message upon upgrading? If not, then the upgrade process probably isn’t completing successfully.
OJS 2.4.7 and 2.4.8 introduce a new, more secure method of password hashing. The old hashes will stll work, but every time a user logs in using the old hash it’ll be replaced with a new, longer hash which will be used thereafter. Is your system preventing logins right from the get-go, or only after the hash is extended?
Regards,
Alec Smecher
Public Knowledge Project Team
I did receive an upgrade complete message and I can not login immediately after updating the database to 2.4.8. If I role the database back to 2.4.6 but leave the code base at 2.4.8 I can login again.
Hi @jstrojny,
Rolling the database back to 2.4.6 is definitely not a good idea, but one thing you might try is manually transferring your account’s password hash from your old database to your new one to see if that resolves the problem. I don’t believe the upgrade process should change the hash (until that first login updates it to the new hashing style), but maybe something is happening there.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi Alech,
I copied the hash information and re-ran the upgrade process.
Yesterday I could not login with any accounts after upgrading, and I had people in my department confirm that they could not either. I did not touch any of the databases but today after upgrading only one account was unable to login which I was able to fix with my admin account by re-entering its password on its user information page.
Thanks,
Jake
Hi @jstrojny,
Can you confirm that you didn’t inadvertently change the encryption setting in your config.inc.php during the upgrade process?
Regards,
Alec Smecher
Public Knowledge Project Team
I did not. The only thing changed in config.inc.php was the installed setting as the instructions described.
Hi @jstrojny,
Hmm, I’m not sure what would cause this change in behavior between the two upgrades. Can you confirm that your logins seem to be working OK now?
Regards,
Alec Smecher
Public Knowledge Project Team
We are now able to login to all accounts. One or two required password resets. I did a mysql dump before and after the database upgrade and it looks like the hash for some accounts was changed during the upgrade.
Hi @jstrojny,
If you’re able to track this down any further, please let me know – but it sounds like you’re back in business.
Regards,
Alec Smecher
Public Knowledge Project Team