So as I was installing and testing BlogEngine.NET as the blog service for Rapidparts Inc, I found a bug in the Change Password functionality. A fellow blogger was trying to change his password and it would inform him that the password change was successful, however, when he attempted to log in, he was unable to use the new password, but the old password still worked.
Since BlogEngine.NET uses a plain text XML file to store bloggers user information, I decided to investigate. I found that this certain blogger's password was the same as three others when he tried to change his password. I decided to jump into the code and see what might be breaking. Upon looking at the method that was changing the password it was looping through each user in the XML file and comparing if the username was equal to the user who was logged in or if the password was equal to the "old password" that was supplied. Since this user's password was the same as those other three users, it changed the first one that matched instead.
I made the change in the code and republished and everything worked as expected. I submitted a bug to the creators of BlogEngine.NET, we'll see what they have to say about my repairs
Home
© Rapidparts, Inc 2008 | 2950 Walkent Ct. NW, Grand Rapids, MI 49544 | Phone 616.647.2500 | info@rpionline.com