Bug Password Cs-Cart 3.06


[font=verdana, sans-serif]Existing customer can’t change his own password.[/font]

[font=verdana, sans-serif]He received his new passowd but it doesn’t work.[/font]

[font=verdana, sans-serif]If customer calls, I delete his account as a workaround but it’s not a solution.[/font]

Please help me to solve this very important issue for me as I lost existing customers.


Can you be more specific about any errors displayed or in the error_log file or exactly how you've determined that the password is not changed.

Hi tbirnseth

[font=“verdana, sans-serif”]It's after a migration from interspire to cscart done by X.[/font]

[font=“verdana, sans-serif”]Customers can't login with their old password interspire which is normal.[/font]

[font=“verdana, sans-serif”]They must ask a new password. They received the link by email.[/font]

[font=“verdana, sans-serif”]They change the password, information password is changed seems OK.[/font]

[font=“verdana, sans-serif”]Unfortunately, the new password is not working.[/font]

[font=“verdana, sans-serif”]Customer can't buy.[/font]

[font=“verdana, sans-serif”]Lucien[/font]

Passwords are now not only md5 coded, but they are “seeded” as well.

If you create an account for a user and create the password, can you then login as that user? Or is it only when the system creates the password for them?

Hi tbirnseth,

[font=“verdana, sans-serif”]It's only for 'old' customers. There is no problem for new customers.[/font]

[font=“verdana, sans-serif”]Even if I tried to change the password of old customers, it doesn't work.[/font]

[font=“verdana, sans-serif”]It's like it can't update the password. I don't know how to check if there is a kind of “read only” for these users.[/font]

I check with phpmyadmin and I saw a difference : the 'salt' field is empty for old customers.

It's why it can't change it ?

I was thinking maybe if I force to change all old password with a new one ?


Would have to know what the import script did that created the value in the password field. If it used a salt, then the salt should be in the user's record. If not, it shouldn't. But if there is some other bug where the system can't compare the entered password with the encoded one then different story.

You need to talk to whomever did your import for you.