However, when I try to login with my Admin Account it is giving a wrong password error.  I have tried other accounts and get the same problem.  In addition, I cannot send email to reset the password.  Any suggestions here?

Windows 2003

SQL Server Express 2005

Web Wiz Forums 10

How I am testing my upgrade.

Backed up current database.

Restored backup database into a new Test Database

Installed WWF10 in a new application on IIS

Ran setup to upgrade database from 7.x to 10.x

Existing users cannot login to the WWF10 test application without requesting a password reset email.

I have tried changing the page encoding from UTF-8 to Western-iso-8859-1.  This did not seem to solve the problem.

After I changed the page encoding I bounced the server.

PROD - 7.x database

TEST - 10.x (upgraded from 7.x)

Websites:

PROD Website

physical directory, c:\forums

IIS website as virtual host, prod.example.com

TEST Website

physical directory, c:\forums_test

IIS Website as virtual host, test.example.com

This is what I did.

I backed-up the PROD database to a .bak file.

I created the Empty TEST database

I restored the Empty TEST database with the .bak file from the PROD backup.

Opened a browser to http://test.example.com and ran the upgrade wizard to upgrade the TEST 7.x database to 10.x database.

Users could not login until they requested a password reset email.

I did notice in the tblAuthor that the column User_code was different from the prod 7.x database after the upgrade.  I tried updating this column to match the PROD 7.x database, but it did not solve the problem.

I did not use the import/export tools.  Everything I did was from the SQL Express Server Management GUI.

I looked at the includes/setup_options_inc.aps  I have not changed because my passwords where already encrypted.

After some investigation in the I believe there something has changed in the login form or register.asp functions.

I edited the functionshash1way.asp file so I would have a constant salt value.

I went to my old system and updated the password of two accounts to make sure they generated the same encrypted password. Check.

I went to the new system change the functionshash1way.asp file to have a constant salt value.

I went in the new system and ATTEMPTED to update the passwords of two accounts to make sure they generated the same encrypted password. Check.

Another thing I did notice.  Passwords in the 7.x system are NOT case sensitive.  Passwords in the 10.x system ARE case sensitive.  Maybe this is why the encrypted passwords are not validating until you reset them.

Based on your comments of the code not changing in the functionshash1way.asp file.  I verified this via a diff function.  And my above observations, I don't know where else to investigate.  

We would like to upgrade to this version, but this issue is a show stopper for us.  I don't want my users to have to request a new password to login after we upgrade.  I hope I have provided you with enough information to see if you can fix this problem in a future release.  Until then I don't think we can upgrade at this time.

I tried to edit the file functions/functions_login_user.asp in v 10.x to see if this can be a workaround, but that file does not exists.  If you can tell me the areas where I can change the code to lower case passwords then we might have a workaround.

Also, how will this change effect future accounts?  I would thing that a change would need to take place in the register and update password functions as well.  So if I update a password or create a new one and that code does not lower case the password, but the login screen does then we might have a password mismatch as well.

Thanks for your continued support in helping resolve this matter.

I registered a user testuser with a password, 'TestPassword' Of course we know the system will store 'testpassword', but the user does not know this.  There is nothing telling them this.

I downloaded and installed WWF 10 - Upgraded the WWF 9.74 to 10

I tried to login with the same user 'testuser' and password, 'TestPassword' and it fails since version 9.74 lowercased my password without letting the user know.

So I have about 3500 registered users in my 7.x forum. They have no idea that the system lower cased their passwords. So, when I upgrade to 10.x they would not be able to login because their passwords are lower case and they don't know this.

Workarounds

Send a mass email my registered users notifying them that their passwords are really lower case so they can login and then change to mixed case if they wish.  Don't know how effective this would be.

Rollback the case sensitivity in the login form.  Tried this but if a new user registers then the password is stored in mixed case and the login form will lower case the password and new user will not be able to login.  If you can tell me where I need to make the LCase() to handle passwords changes and new user registrations, I can do that.  This might be a temporary workaround until a more permanent fix could be implemented.  The places I have seen are:

login_user.asp line 110 - strPassword = Trim(Mid(Request.Form("password"), 1, 20))

This will lower case the password they type when they login

Change to:

strPassword = LCase(Trim(Mid(Request.Form("password"), 1, 20)))

register.asp line 333 - strPassword = Trim(Mid(Request.Form("password1"), 1, 20))

This will lower case the password they type in when they register or update their password.

Change to:

strPassword = LCase(Trim(Mid(Request.Form("password1"), 1, 20)))

What do you think about those changes?

EDIT:

Found those lines of code here as well:

admin.asp line 89

admin_register.asp line 145