Can't change my password when logged on via HTTPS

[phillipsjk]

As the subject says, I can't change my password when logged on using HTTPS. The system does not accept my old password. I have confirmed my old password still works my logging out then in again.

The problems with sending my password in the clear are obvious.

[1714861740]

1714861740

[1714861740]

1714861740

[1714861740]

1714861740

[1714861740]

1714861740

[theymos]

Is your password really long? I seem to remember there being a bug with changing super long passwords.

[phillipsjk]

I have confirmed it happens when I am just using plain HTTP as well.

The password is 10 characters: random numbers, letters and symbols.

The first character is ' (apostrophe/single quote). Is it possible it is not escaped properly in the password verification routine?

To check that I can try resetting my password, I guess.

[theymos]

Yeah, try resetting your password. That might fix it even if it's something else.

[phillipsjk]

I have successfully changed my password.

When I made the last post, I got a Database Error. The message had instructions to go back and try again, then reporting the problem (if persistent) to an administrator. Since my message was posted successfully, I did a couple of previews with a string approximately equal to "' ( " in an attempt to reproduce the problem. Shortly thereafter, the website lost its database connection, then it too went down.

It may have been a coincidence due to high server load. However, if I am the one that brought down the server, you have work to do. First, shut-down the server and back up the database ASAP. Second, review Exploits of a Mom. Third, contact me via e-mail for my previous password and the password I was trying to set (both contain "special" characters).

[theymos]

There were unrelated database problems earlier.