I posted this at Vb.com too, but as expected haven't gotten much help since my board is hacked.

I have a test user on my forum. I tried to login under that account under that user name and I got the wrong password message. I then tried to used the pasword recovery option. I got the e-mail but the temporary password didn't work. I tried changing the password in the adminCP, and that didn't work. I even tried to reset the password in the database itself with no luck. Any ideas as to what could be causing this?

Also, I can't register a new user. It says that "the username is already in use". This happens no matter what username I try.

I'm using 2.2.9.

I posted this at Vb.com too, but as expected haven't gotten much help since my board is hacked.

I have a test user on my forum. I tried to login under that account under that user name and I got the wrong password message. I then tried to used the pasword recovery option. I got the e-mail but the temporary password didn't work. I tried changing the password in the adminCP, and that didn't work. I even tried to reset the password in the database itself with no luck. Any ideas as to what could be causing this?

Also, I can't register a new user. It says that "the username is already in use". This happens no matter what username I try.

I'm using 2.2.9.
first you cant change the password in the DB since it goes though a md5 hash, that would be totaly useless uness youve changed your password encryption.

second what hacks have you installed? have you setup another test user to test this on?

first you cant change the password in the DB since it goes though a md5 hash, that would be totaly useless uness youve changed your password encryption.

second what hacks have you installed? have you setup another test user to test this on?

I found a query run run over at vb.com that runs the password through the encription when its interted into the database.

I don't have a list of all the hacks, but I guess I could put one together (if I can remember them all :ermm: ).

I was going to set up another test user through the registration sustem , but I am not able to because of my second problem. I created a new user from the Admin CP, but I still have the same problem when logging in.

I get new members every day, so it doesn't make sense.

Anybody have any ideas?

make sure that in the member.php when the user is logging in that the password that is entered is first put through the md5() function and then matched to the database.

regards,
g-force2k2

Thanks, g-force2k2.

I'll take a look at it.

Something else I noticed today is that it seems to disegard the username. I tried again to log in as the test user, which has a different password than my admin username, and got the wrong password message. But when I used the password that I use for the admin user it logged me in as the admin even though I was using the test username.

To be sure that the username and password that you're entering are correct check the database entries. Just make sure that the username isn't different from what you had entered and then just md5() the password that you would enter and see if that too matches the database entry. If so then it should be an issue in the member.php or perhaps functions.php. If you need more assistance let me know.

Regards,
g-force2k2

Thanks for all the suggestions. I got it worked out. :D