Skip to main content

Joomla 3.2.0 passwords issue (solution)

Joomla 3.2.0 is a result of terrible coding and total irresponsibility: users registration and password reset are broken and passwords are not recognized. Please note that Joomla 3.2.1+ doesn't have these issues.

We suffered from this a couple of days and finally propose a solution, though you can just install Joomla_3.1.6-Stable-Update_Package.zip and downgrade.

Edit /libraries/joomla/user/helper.php:

1. Change

$encrypted = ($salt) ? md5($plaintext . $salt) : md5($plaintext);

to

$encrypted = ($salt) ? md5($plaintext . $salt) . ':' . $salt : md5($plaintext);

Edit /libraries/joomla/user/user.php:

2. Change

$array['password'] = $crypt . ':' . $salt;

to

$array['password'] = $crypt;

Edit /components/com_users/models/reset.php:

3. Change

$password = $crypted . ':' . $salt;

to

$password = $crypted;

4. Change

if (!($crypt == $testcrypt))

to

if (!($user->activation == $testcrypt))

5. Change

$testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt);

to

$testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt, 'md5-hex');

Edit /plugins/authentication/joomla/joomla.php:

6. Change

if ($crypt == $testcrypt)

to

if ($result->password == $testcrypt)

 

Reset your password if it still doesn't work after these changes. 

Terms used:

Component, PHP, Plugin, Joomla