I upgraded a multi-site setup. All appeared to go smoothly...more or less. I signed on to each site using the superadmin id's and passwords, still all good.

After signing out of every site, I cannot get back in. The userid and password is showing as unrecognized. When I hit the "change password" button, I get an e-mail that looks like this:

!username,

A request to reset the password for your account has been made at !site.

You may now log in to !uri_brief by clicking on this link or copying and
pasting it in your browser:

!login_url

This is a one-time login, so it can be used only once. It expires after one
day and nothing will happen if it's not used.

After logging in, you will be redirected to !edit_uri so you can change your
password.

Please help, I can't get into any of my sites now and I sure don't want to start from scratch. Isn't there a way to get into the site by changing something in the .htaccess or settings file?

Comments

roper.’s picture

Unfortunately the only thing you can do is use the "reset password" link, or change it in the DB.

See #1007504: Rehashed passwords after Drupal 6 upgrade fail

sjruth’s picture

the "reset password" link, that is (see my original post). Excuse the ignorance with this question, but why is my password being re-encoded? And can I just manually change the password in the database to something a human can read?

If this is a bug with RC3, I sure hope it gets fixed for the actual release. It's starting to piss me off royally.

roper.’s picture

If you read through the post I linked, you'll see that it was a bug in RC3, and has been fixed in current HEAD (and therefore will be fixed in the final).

So you're saying that using the link inside the email doesn't work?

edit: oh wait, your email actually says "!login_url"? That must mean that tokens aren't working or something... :-\

sjruth’s picture

I'm not sure what process the "request new password" button follows, but I kind of assumed it DID change the existing password to a one time only password. I can't tell if that happened or not, but each site had the same problems with the e-mail sent to my address to reset the password.

But obviously, something isn't working correctly. I'm now in the process of re-installing Drupal 6.2 and the backed up databases.

roper.’s picture

Yeah, the "request new password" link simply sends you an email with a new link in it. THAT link inside the email is what gives you a temporary password. But if your emails literally say "!login_url" then that's a different issue I'm afraid.

Stol’s picture

This is how the message after a new password request look like on my site:

!username,

A request to reset the password for your account has been made at !site.

You may now log in to !uri_brief clicking on this link or copying and pasting
it in your browser:

!login_url

This is a one-time login, so it can be used only once. It expires after one
day and nothing will happen if it's not used.

After logging in, you will be redirected to !edit_uri so you can change your
password. 

I use no token module... and I use Drupal 7.0

Stol’s picture

I could log in (see my post above this) by using another browser. Probably deleting your session cookie or using another machine would also do it.

Upgrade process is messing up the cookies ?