Print Page | Close Window

Bug in Member API code

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=29641
Printed Date: 01 April 2026 at 4:23am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com


Topic: Bug in Member API code
Posted By: adamwsh
Subject: Bug in Member API code
Date Posted: 11 August 2011 at 3:25pm

On or around line 247 of functions_member_API.asp, in the section with the
comment: 'If the password doest match that on record we need to create a new
password to save to db

the line:
strPassword = HashEncode(*strPassword *& strSalt)

should be:
strPassword = HashEncode(*LCase(Trim(Session("PASSWORD")))* & strSalt)

The incorrect line is Hashing an already hashed password.

However, I also found out, if the password being passed to this call is already hashed by the calling system, it will never stay in sync. This isn't really a problem expect for an Admin. If an admin tries to log into the admin area, their entered password will never match what is stored in the WW DB.  I'm not sure why you bother having the admin log in a 2nd time. They've already logged into the system once.  Eliminating the 2nd login will eliminate this issue.


Replies:
Posted By: WebWiz-Bruce
Date Posted: 12 August 2011 at 8:23pm
Thank you will look in to this.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com
Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net