@jacobweber opened this Issue on February 4th 2018

I upgraded Piwik from 2.17.1 to 3.2.1. It's using PHP 5.6.29 and MySQL 5.7.18.

The core:update step initially failed (lost the connection to the DB), so I followed the instructions. I manually re-ran the remaining queries, updated the "version_core" option to 3.2.1, and re-ran core:update successfully.

Afterwards I was unable to log in with any existing users. I could reset their passwords, and then they could successfully log in. But I'm afraid I missed something, since existing users should have worked.

As part of the manual queries, I ran:

ALTER TABLE `piwik_user` CHANGE `password` `password` VARCHAR(255) NOT NULL;

So the column length was changed. But there was nothing that changed the actual values. All of the existing users had 32-character passwords. Once I reset my password, its length was changed to 60 characters.

@sgiehl commented on February 4th 2018 Member

The password hashing algorithm has been changed in https://github.com/matomo-org/matomo/pull/10740
Guess the update script for updating the passwords didn't run due to the failure: https://github.com/mneudert/piwik/blob/3.x-dev/core/Updates/3.0.0-b4.php#L76-L95

@jacobweber commented on February 4th 2018

Shouldn’t the update script print out the SQL for re-hashing the passwords, when it prints out all the statements in the “dry-run” section? The instructions for dealing with a failure tell you to finish running all the SQL statements, so it should probably include those.

@sgiehl commented on February 4th 2018 Member

No. Not in that case.

This Issue was closed on February 4th 2018
Powered by GitHub Issue Mirror