WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Upgrade locked me out (17 posts)

  1. carla
    Member
    Posted 5 years ago #

    I uploaded the latest upgrade, the browser interface upgraded my database...and I was suddenly logged out. Okay, no problem...until I realized I could not log back into my admin. The send-new-password link sends the link to generate a new password, but this link is reported to be an "invalid key" by the admin interface. So I'm at a complete loss. Any suggestions?

  2. scottruitt
    Member
    Posted 5 years ago #

    Having the very same problem, but only on one of my four sites. Doesn't make any sense to me. Any ideas?

  3. scottruitt
    Member
    Posted 5 years ago #

    btw, I tried changing password in the database through phpMyAdmin, and yes I also made sure it was set to MD5 before saving, but nothing works.

  4. carla
    Member
    Posted 5 years ago #

    I wonder if the culprit is the new secret key feature...:(

  5. carla
    Member
    Posted 5 years ago #

    I was able to get in, after I changed my password via PHPMyAdmin (here's the MD5 encryption tool I used) and changed the user_activation_key in PHPMyAdmin from its default.

  6. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    The forgotten password thing does not work. Here's the fix:
    http://trac.wordpress.org/changeset/7837

    However, you old password should work fine, regardless of the secret key change. Just log in again and get the new cookie.

  7. scottruitt
    Member
    Posted 5 years ago #

    Yep, thanks Carla.

    btw, if the forgotten password doesn't work, why is the link still there?

  8. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    It's called a bug. The forgotten password doesn't work because a different change made it stop working properly.

  9. scottruitt
    Member
    Posted 5 years ago #

    O42, as a developer, I understand what a bug is. As a user, I do not and should not have to -- the link is there and it ought to work. I guess that's the tradeoff with WP: frequent upgrades and occasional trips to Trac to figure out what's amiss.

    Don't get me wrong, I love WP, but sometimes it's just a little too painful for my tastes. Is it too much to ask that things just work? I think not.

    Regardless, thank you both for your help, Carla and Otto.

    Scott

  10. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    As a user, I do not and should not have to -- the link is there and it ought to work.

    (blink)

    If you think that bugs and minor issues are never going to happen, then you should stop using computers entirely.

    Is it too much to ask that things just work?

    Actually, yes.

    Yes, it is entirely too much to ask that you never encounter any problems ever again for the entire rest of your life.

    Get over it.

  11. carla
    Member
    Posted 5 years ago #

    Otto, there is no need to be rude. I'm very sorry if you feel offended.

    The truth is this:
    1. The upgrade locked me out of my own installation, through no action of my own. I am positive of this.
    2. The recover password link did not work. It sent an invalid key, upon repeated attempts.

    So a stable upgrade--not an alpha or beta--broke an existing feature, a feature not created or enhanced by any installed plugin.

    I'm sorry if our pointing this occurrence out, or how we did so, offended you. Stating the above is not claiming anything personal about any of the developers.

    I'd say, though, that an upgrade's rendering an installation basically unusable on a standard, unhacked, previously stable setup is more than just a bug or glitch. It's an important problem, and I should hope its existence and nature could be discussed without any such statements as "get over it" being thrown around. You won't receive such treatment from me, so, naive though I might be, I expect the same from a forum moderator.

  12. carla
    Member
    Posted 5 years ago #

    However, you old password should work fine, regardless of the secret key change. Just log in again and get the new cookie.

    My old password did not work, and the new cookie/password generation did not work, either. I tried on both OSX and Linux, using different browsers as well. Jsut for clarification's sake.

  13. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    Otto, there is no need to be rude. I'm very sorry if you feel offended.

    I'm not offended at all, and I'm not intending to "be rude". Remember, text is a poor medium of conveying emotion. I'm trying to be straightforward and realistic. Don't confuse "bluntness" for "rudeness".

    The truth is this:
    1. The upgrade locked me out of my own installation, through no action of my own. I am positive of this.
    2. The recover password link did not work. It sent an invalid key, upon repeated attempts.

    While I have no problem believing #2 (that's where the "bug" is), the fact is that #1 is simply not the case. It's far more easy for me to believe that you forgot or mistyped your password than it is for me to believe that your password hash changed in some arbitrary way without your being aware of it. Sorry, not trying to be rude, just being blunt about it.

    Here is a link to the bug tracker for this particular issue, if you'd like to follow it further:
    http://trac.wordpress.org/ticket/6842

    I'd say, though, that an upgrade's rendering an installation basically unusable on a standard, unhacked, previously stable setup is more than just a bug or glitch.

    It depends on what exactly you're talking about here. #2 is a known bug with a known and (partially) working fix for it. #1 is not a bug in the slightest, because the simple fact is that it worked without issues for me, on dozens of sites, and for almost everybody else. If there was an actual real bug where your password no longer worked, then everybody would be bitching about it. They're not. QED.

  14. carla
    Member
    Posted 5 years ago #

    While I have no problem believing #2 (that's where the "bug" is), the fact is that #1 is simply not the case. It's far more easy for me to believe that you forgot or mistyped your password than it is for me to believe that your password hash changed in some arbitrary way without your being aware of it. Sorry, not trying to be rude, just being blunt about it.

    My blunt response:

    It is true. I use 1Password (OSX) to automatically enter my passwords. It was not altered in any way. I have also been using WP for over 4 years, and so I've been through many an upgrade process, so I know how it's done. I can guarantee that I didn't mess up my own login through mistyping, etc. I clicked the upgrade link, the upgrade completed, and instead of being automagically sent to wp-admin per usual, I was logged out without my touching the mouse, the keyboard, nothing. I'm sorry you don't believe me, but that is what occurred. I have made some doozy errors with WP, PHP, MySQL, etc., but this event does not go on the list.

    It's fixed now, through my own doing. I hope it doesn't happen to anyone else.

  15. carla
    Member
    Posted 5 years ago #

    I'm marking this topic as resolved although the cause for the problem is not resolved. The information has been shared.

  16. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    I clicked the upgrade link, the upgrade completed, and instead of being automagically sent to wp-admin per usual, I was logged out without my touching the mouse, the keyboard, nothing. I'm sorry you don't believe me, but that is what occurred.

    No, no, that I do indeed believe 100%. This is due to the secret value changing as part of the upgrade, and so your login cookie became invalid. This is, in fact, expected behavior. You will be logged out after upgrading to 2.5.1.

    But, you should be able to log right back in by simply typing in your username and password. Your password hash is not altered as part of the upgrade, so it is still valid as far as that goes.

    The difference is between being logged in vs. actually logging in. Logging in involves typing your password. Being logged in means that your browser has a valid authentication cookie. The cookie does not involve your password at all.

    I don't know about your password software in particular, and so I can't comment on it. But if the 2.5.1 upgrade locked people out and wouldn't let them login, we'd have a LOT more complaints around here. There must be some sort of unusual circumstance at work in your case.

  17. jimsky7
    Member
    Posted 5 years ago #

    The fix indeed works.

    Software may have bugs, but this is one of the worst I have seen in WP and it just happens to have hit a bunch of us.

    The problem was that in the forgot-my-password process a URL was generated that included "special chars" which "break" the process - the fix is to generate only a-z an 0-9, and this fixes the problem. WP 2.5.2 SHOULD DEFINITELY fix this! It is a big problem.

    About a dozen of my WP users (I host for them) had this problem and could not articulate what was happening. It then took me 2 hours to figure out the problem. This must be happening thousands of times and places around the world. I will submit whatever report I can in order to try to encourage a QUICK update to 2.5.2 because this is truly a nasty bug.

    I also experienced the "re-log-in" following the upgrade and it did also lock me out so I had to use forgot-my-password and that's when I discovered (and also independently cured in my code) the problem.

    All flaming aside, it was a bug that somebody just didn't catch and it just needs to be fixed ASAP. My customers are flaming me with "why did you ever recommend WordPress because it's so unstable and doesn't work right..." and I'm having to defend WordPress and honestly it's tough. I just tell them "the software is free and it's worth a zillion dollars if you had to write it yourself, so please bear with me while I fix the bug and then later on WP will fix it as well." But it still makes them nervous.

    Relax folks but make sure that the right people hear about the bug.

Topic Closed

This topic has been closed to new replies.

About this Topic