As an admin of several installations, I'm about to go insane with the not so unfrequent complain "I cannot login with the assigned usr/pwd".
The problem has two unknowns:
1. why do some accounts work while others do not?
2. why do some accounts, which initially worked ok, stop doing so? (yes, they do! and I'm not having hallucinations... I have the logs to prove it ).
Given information:
- Usernames consist of 6 to 15 plain lowercase letters (a-z).
- Passwords follow the default password policy: they consist of 8 characters, with at least "all the minimums required".
- Users cannot change their passwords.
- I'm the only admin.
- The problem appears in both Moodle 1.9.9+ and 2.0.1 installations.
- I have tried myself logging-in with the problematic accounts (to ensure that complains don't come from user lack of experience).
- I have manually reentered the password info, with the "unmask" option set... just to be sure
- From phpinfo():
-- magic_quotes_gpc: On/Off (in some sites on, in other off)
-- magic_quotes_runtime: Off
-- magic_quotes_sybase: Off
- All sites are on shared servers, but with the same hosting company.
After working with two specific and similar cases (the first one is the one that finally tipped the scale):
1. userone with password GI70'vu>
2. usertwo with password AT09'yo<
I have just found that the apostrophe seems to be the cause behind all this, as I cannot login with them. However, how is it that both accounts logged-in fine the first time (in one case, I was actually with the user) but not now? Strangely enough, I just created a new user with the "AT09'yo<" password, and I could not login.
There is also a particular behavior, easy to notice:
When I try to log in with any of these user/password combinations, I never get the outstanding Invalid login, please try again message: the page only refreshens and redisplays the last username that logged-in ok. However, if I enter a different and incorrect password, then I get the "invalid login" message
Questions:
1. Is there actually any kind of restriction one should be aware of, as to the characters that can/cannot be used for the password? (if there is, then it should be more clearly stated in the documentation and maybe even in the "new user" page, because after all this time, I sure have managed to miss this info ).
2. Could I: a) change some configuration inside Moodle, b) upload a configuration file to some directory or c) change some php piece of code to solve this problem... or will I have to change all the (possibly) offending passwords & resend the new ones? (users are sure going to hate me ... well, a bit more than usual).
3. I would really like to know what is causing those kind of accounts to stop working! I guess that the password field in the DB somehow is being updated after the first login.
4. Any other suggestions/tips??
Thanks in advance,
Guillermo