As I understand it, there were problems on Sunday (Feb 24) which caused problems logging in. Daniweb would not accept my password (or so it said). Normally when I go to login I get presented with the login page with my userID (reverend Jim) and password already filled in. Now I was getting the login page with my email address instead of my userID. Manually entering my userID and password resulted in an indication that my password was incorrect. I clicked on the "Reset Password" which is supposed to send a reset email to a given address (which I entered). No reset email was sent. I repeated this procedure several times with no email resulting.

So after complaining to several people (it's my nature) I decided to try a little test.

  1. Login using my google ID (this worked)
  2. Post a new thread (then delete it)
  3. Logout
  4. Login as Reverend Jim (surprisingly this worked)

So it seemed that everything was working. I can only assume (out of total ignorance because web programming is not in my skill set) that the problem was in my cache.

But it seems there may still be something amiss because it is now two days later and I just got one of several DaniWeb Password Reset emails. The date stamp on the email says 2019-02-25 15:32 but it just came in today at 10:12 am (CST). Other emails are arriving in a timely fashion so I don't know what is happening with DaniWeb emails.

Recommended Answers

All 22 Replies

It's Feb 27 13:06 (CST) and I just got another password reset email dated Feb 24 17:38.

commented: What was said long ago about how to really muck up a system? "Let's use a computer." +0

I had the same login problem but used the Facebook route to skirt around it. Oddly though, I've not yet had any of the delayed password reset emails...

This is what happens when you change your login password hash algorithm without considering to create a fallback mechanism , no big deal after all because we are really few people that login in DaniWeb during the last several days , but a strong signal to get away if you are still here.

I've been having a tough last couple of weeks (personal things going on) so I haven't spent a lot of time around here, unfortunately. I heard from James that there was downtime due to one of the Redis servers running out of memory. He was able to bring it back online, but all of the open sessions were deleted when Redis was restarted, so everyone was logged out.

In 2012/2013, when we migrated off of vBulletin onto our own platform, we created a new hash algorithm to hash the existing MD5 passwords that vBulletin used. (Unfortunately vBulletin used simple MD5s with a random salt. By hashing the salted hashes we had with peppers, we wouldn't have to force people to change thier password.)

We finally upgraded to a much more robust encryption algorithm in 2015 when we created Dazah, and for that, we unfortunately had to force everyone to change their password. We emailed everyone to change their password and log into Dazah, and we had a fallback mechanism in place until late-2017. (I think 2+ years should have been enough time to give everyone who cared to change thier password. When we switched to this latest backend which launched in October 2017, we removed the fallback code.)

Unfortunately, the recent Redis crash logged everyone out, and some of you guys had been logged in longer than 6 months. You ran into issues trying to log back in because the fallback mechanism had been removed between the last time you had logged in and now, and you hadn't changed your password since 2015.

I have the same problem: I'm out of touch and disoriented. I seem to remember something about this -- but not how much of a problem I had or what I did about it, if anything. I thought I had written to you detailing it, but it feels like I'm remembering a dream (as many things do now.) I'm interested in staying connected to this community, though some may be justified in asking why.

a strong signal to get away if you are still here

some may be justified in asking why

C'mon guys, I appreciate that glitches such as this are annoying and I appreciate that DaniWeb isn't as busy as it used to be. However, Dani remains one of the most responsive site owners that I have ever encountered, and I've been around online communmities for 30 odd years now since the days of FidoNet, Prestel, Usenet etc. She's explained that it's been a tough couple of weeks, and we all hvae those, so cut her a break maybe rather than going for the jugular? Just saying...

This is what happens when you change your login password hash algorithm without considering to create a fallback mechanism

Apart from the fact that Dani did create a fallback mechanism, of course.

and we had a fallback mechanism in place until late-2017. (I think 2+ years should have been enough time to give everyone who cared to change thier password...)

It's 15:14 (CST) on March 1 and I just got another password reset email dated 2019-02-24 16:06.

Jim,

Please please please forward me that email as an attachment, including all headers. That would be a HUGE help. Thanks!!

I got them but they were both just forwarded to me.

Instead can you please send them both as ATTACHMENTS (eml files). This way we can investigate the headers.

This is really odd, as I have still not had any password reset mails despite requesting them around the same time as Jim.

Davey can you please try requesting again? Thanks!

Logged out, hit forgot my password, entered email, reset link arrived immediately. So, seems to be working now no problem :-)

Could you have perhaps made a typo in the email?

In my case, probably not, because

  1. I got the emails, just a few days late
  2. I use a macro (jd plus the @) which automatically expands to my email address

My question was directed to happygeek who didn't get his emails at all.

When you fill out the form, you're prompted to enter your email, and there is no notification as to if you entered a valid email or not. It simply says that, if a valid user exists with that email address, that user will be emailed. So if you have a typo in the email you enter, you may not realize it and won't receive an email.

Could you have perhaps made a typo in the email?

I honestly don't think so, but it's always a slim possibility of course ;-)

Thanks to Dani queen, I was also affected by this as well, tried to reset password but the email wasn't sent to me, I contacted her about this and she assisted me instantly. I was about to loose hope in gaining back my Daniweb account. Thank you Dani.

Sorry for the bad experience in the first place, Mr.M.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.