Start a new topic

how to setup password reset using token?

gaujaai @ Thu Sep 11 09:48:55 EEST 2014
I have CrushFtp 7 installed on Windows.

I use an MS SQL database as the user repository.

I am attempting to use the password reset via token process.

Regardless of what I do I always receive the message "Unable to locate this user."

I noticed that reset.html calls a function in the WebInterface/function folder but that folder is empty.

Are there functions in the folder I am missing?

What am I doing wrong?


spinkb @ Thu Sep 11 09:58:52 EEST 2014
Does the user have the email configured on it?

The function folder is just a placeholder, it should be empty.

gaujaai @ Thu Sep 11 10:02:05 EEST 2014
Yes the user has an email address configured.
spinkb @ Thu Sep 11 10:09:27 EEST 2014
Click export SQL to XML, then change to XML, and try it using XML mode. Does it work then?

If so, I will debug here to figure out what is going wrong.

gaujaai @ Thu Sep 11 10:21:21 EEST 2014
Converting back to XML does work. So I assume there is a select statement to verify the users email address that is not getting handled properly?

Thanks for the help, I eagerly await your findings!
gaujaai @ Thu Sep 11 13:19:54 EEST 2014
So I have gotten a bit further with this issue. I now have it working the same using either XML or a database for the user store.

I request a rest.
It sends me an email with a link and a token.
I click the link and it opens a window on the Crush server with username, password, confirm password fields and three buttons: start over, login and submit.

When I click the Submit button a black status box opens quickly with the words "Please wait", the box then shrinks down to a little black sliver on the screen. The page then just sits there, and the password doesn't get changed.

Hope this helps?

spinkb @ Thu Sep 11 13:38:27 EEST 2014 even Xml isn't working entirely?
gaujaai @ Thu Sep 11 13:52:50 EEST 2014
That's correct, I mistakenly thought it was working when I switched to XML and got the token and the correct screen to change the password. It looks like the db_user_update is not being executed in my case, not sure what the equivalent would be for xml.

I also did a restart hoping that would fix the issue but it did not.
spinkb @ Thu Sep 11 16:24:34 EEST 2014
When changing use rode from Xml to DB, or DB to XML, you need to restart CrushFTP as well.

That might be the issue your experiencing and the partial appearance of success too...

When on DB mode, clear out your folders of Xml items in users/MainUsers to make sure its not being used for the reset.

We tested here on XML mode and are having no issues at all. Working on getting a DB fired up for me to test with DB mode too...
spinkb @ Thu Sep 11 17:36:08 EEST 2014
Latest build fixes SQL, it never supported token based reset until now.

Click update now to get 7.1.0_127

gaujaai @ Fri Sep 12 09:31:25 EEST 2014

Thanks for looking into this. I have updated to the latest version 7.1.0_127 but I am still having a problem resetting the password. I restarted the server and have the same problem it hangs on the change password screen.

There is a new issue: We use email addresses as usernames. When I attempt to request the email with the token I receive the "User not found." message. I turned up the logging and found the "@" sign is being URL encoded as "%40" and it is not being decoded at the server so when it does the query against the database "" becomes "" and of course there is no user in the database table by that name so it is reported as not found.

So I created a username that is not an email address, but added an email address for the user and saved it. Then I logged out of crushftp and clicked on the link to reset the password. It sent an email with the reset link and token. I opened the link in the browser and it took me to the crush page to reset the password. I entered the password and confirm password and then it pops up the little black box with the "Please wait" message, the black box shrinks to a sliver and the password does nt get updated and the page hangs there.

I've tried it with Firefox, MS Explorer and Chrome.
spinkb @ Fri Sep 12 09:52:37 EEST 2014
This query might need to be adjusted in your prefs, user config area...


It should be correct, but may not always be correct.

Secondly, update to latest build again now, the url encoding issue should now be fixed too. 7.1.0_128+

Let me know if it still fails.

gaujaai @ Fri Sep 12 11:57:22 EEST 2014
This is the db_user_email_query in my user config area.


I ran it directly against the database substituting the correct values and it works fine.

The url encoding issue looks like it is fixed.

However I am still not able to reset the password when I click Submit and I see nothing in the log, I have the log level set to 2.

Do you have any suggestions for capturing any additional debug info?

spinkb @ Fri Sep 12 12:41:18 EEST 2014
Please email support directly so we can further assist. We need to do a screen sharing session.

gaujaai @ Fri Sep 12 15:21:44 EEST 2014
Hi Ben,

I now have it working.

For some reason when I did the update it didn't download all of the files in the update for 7.1.0_128. I didn't know that but thought I'd try the update a second time and presto the problem was solved.

Not sure why the entire update failed to download the first time.....

Thanks again for sticking with me on this one.

Login to post a comment