Forums | Mahara Community

Developers /
Password recovery issue in April 2015


Shen Zhang's profile picture
Posts: 72

06 July 2015, 10:14 AM

Hi

I'm testing the April 2015 version. I did a fresh install of the version on our testing server. When testing the password recovery function under "Lost username / password", it displayed the page shown below after I've put in the username:

download.php?file=426964&embedded=1&group=1&topic=7288&post=29290

What it should be displaying is a message below, which is displayed on our current live server:

download.php?file=426965&embedded=1&group=1&topic=7288&post=29290

I did a testing on the demo site (http://demo.mahara.org), and it gives me the same message as what is on our testing server for April 2015 version. 

Has anyone noticed this? Can this be a bug for April 2015 version?

Kind regards,

Shen

Robert Lyon's profile picture
Posts: 355

06 July 2015, 10:20 AM

Hi Shen,

This sounds like this bug https://bugs.launchpad.net/mahara/+bug/1460911 where the forgotpass.php page is not checking the correct $SESSION instance.

The fix for this is here (if using version 15.04): https://reviews.mahara.org/#/c/4861/

Let me know if that fixes your issue or not

Cheers

Robert

Aaron Wells's profile picture
Posts: 896

06 July 2015, 11:55 AM

We should probably get that 15.04.2 release out pretty soon. The broken password reset bug is pretty high priority.

Cheers,

Aaron

Shen Zhang's profile picture
Posts: 72

07 July 2015, 7:50 AM

Thanks Robert and Aaron. That's very helpful.

 

Kind regards,

Shen

Jawyei Wong's profile picture
Posts: 16

07 July 2015, 10:45 AM

Hi Aaron,

When we tried it on our server running php version 5.4.16 on Redhat 7.1, we get a blank page and the the error

PHP Fatal error:  Can't use method return value in write context in /var/www/html/mahara/forgotpass.php on line 21, referer: http://cepd.aut.ac.nz/mahara/

Line 21 is:

if (!empty($SESSION->get('pwchangerequested'))) {

Looking into the issue I found http://stackoverflow.com/questions/1075534/cant-use-method-return-value-in-write-context/4328049#4328049 which basically says on empty() needs to access value by reference (in order to check whether that reference points to something that exists), and PHP before 5.5 didn't support references to temporary values returned from functions. Following what they suggested I changed line 21 to:

if ($SESSION->get('pwchangerequested')) {

Which if the answer in stackoverflow is correct should be the same as it was previously. After doing that no error is given and the page renders. Would this be the correct change for people that get that error?

Jawyei

Robert Lyon's profile picture
Posts: 355

08 July 2015, 1:04 PM

Hi Jawyei,

I've filed a bug report for this:

https://bugs.launchpad.net/mahara/+bug/1472443

And added your fix suggestion to the reviews system: https://reviews.mahara.org/#/c/4928/

Cheers

Robert

6 results