Page 1 of 1

Protect > Users

Posted: 03 Mar 2019, 10:54
by raffi
Hi Karl,

Looks like last update reseted ALL my exciting users accounts :(
I don't know if this can help but please note that Chrome saved user was displayed and added 1+1+1+1+1+ endless ...

All my  Protect > Link have also been reseted to zéro :(

I guess there's no way to fix that dammage ? :(

Re: Protect > Users

Posted: 03 Mar 2019, 11:23
by raffi
New user I creat looks to be delete !!!!
+ I have many users appearing in real time one by one just in front of me !

Can this be due to LastPass application ? 


Image
https://snag.gy/CszwRI.jpg

Re: Protect > Users

Posted: 03 Mar 2019, 11:31
by raffi
I confirm LastPass autofill was the issue regarding the multiple creation of account ...
So I guess that everything has been lost by my fault :(

Re: Protect > Users

Posted: 03 Mar 2019, 11:32
by mjau-mjau
raffi wrote:Looks like last update reseted ALL my exciting users accounts :(
Panel users accounts for panel login? Or PROTECT username for frontend login?

I assume you mean PROTECT (as in your topic title). It is not clear to me if you mean the 1) Passwords were reset immediately after updating, or 2) Passwords were reset after you tried to SAVE from panel > protect.

On the update itself, your stored passwords in /config/protect.php are not touched. If something went wrong when you tried to save new passwords (after updating), I will need to see if I can re-create it.
raffi wrote:I don't know if this can help but please note that Chrome saved user was displayed and added 1+1+1+1+1+ endless ...
You mean from login page? X3 doesn't add the users here, but your browser might do it. Surely you had to edit the username to something else prior to logging in anyway?

Sounds all a bit mysterious to me. Something going on with your browser?
raffi wrote:All my  Protect > Link have also been reseted to zéro :(
But this is the same as above no? Your panel protect users have been removed.
raffi wrote:I guess there's no way to fix that dammage ? :(
Perhaps no, but it is not entirely clear to me what is wrong and what went wrong. If you have panel login and FTP login, I can do a thorough check.

Re: Protect > Users

Posted: 03 Mar 2019, 11:35
by mjau-mjau
raffi wrote:I confirm LastPass autofill was the issue regarding the multiple creation of account ...
So I guess that everything has been lost by my fault :(
It's still not clear to me if you mean panel USERS or panel > PROTECT website users.

About LastPass autofill ... You mean it autofilled something into all your username/passwords in the protect page? You can login by FTP and open the file /config/protect.php, and see what's inside. I guess logins have been overwritten.

Re: Protect > Users

Posted: 03 Mar 2019, 11:38
by raffi
Speaking about PROTECT panel yes (not main login).

You access have been recreated. Please see PM.

Re: Protect > Users

Posted: 03 Mar 2019, 11:48
by mjau-mjau
raffi wrote:You access have been recreated. Please see PM.
You mean I need to search through our previous message history to locate panel login? Panel login will allow me to check if the issue can be recreated, or if I can find a bug. I can't do anything else from your panel. You can check the /config/protect.php yourself to see what users/passwords are stored.

If this is something with your browser auto-filling usernames, there is not much I can do. It is unclear to me how this happened ... If indeed the browser did auto-fill usernames, then surely it would keep the logins but with changed usernames.

Can you reproduce the issue? If not, there is not much I can do if your browser has hi-jacked usernames in protect at the same time as you have chosen to save.

Re: Protect > Users

Posted: 03 Mar 2019, 11:52
by raffi
LastPass is a famous software, can be an idea to try to reproduice the issue from your end to prevent this for other futurs users.

Looks fixed with the autofill OFF 
So "just" have to creat again some/last users credentials ...

NOT critical at all (and so happy you react so fast).

Re: Protect > Users

Posted: 03 Mar 2019, 22:11
by mjau-mjau
raffi wrote: LastPass is a famous software, can be an idea to try to reproduice the issue from your end to prevent this for other futurs users.
I assume LastPass looks for input fields with [name] attribute set to "username" or "password", in which case it can be circumvented by renaming the fields in X3. I will look into it!

Modern browsers (eg Firefox/Chrome) will already autofill LOGIN pages, without any extensions and without mistakingly editing non-login pages (like "protected"). I wonder why LastPass does it differently ...

Re: Protect > Users

Posted: 04 Mar 2019, 06:03
by raffi
I agree with your last comment.
LastPass is used to store and share access without sharing password (that's pretty cool).

Re: Protect > Users

Posted: 05 Mar 2019, 11:02
by mjau-mjau
A fix for this issue has been implemented into X3.27.6. We basically renamed all the input fields under the X3 panel [protect] page, so that password managers won't identify the fields as [username] or [password] login fields.