Password manually entered during setup is stored in the database incorrectly

[cfeet77]

Password manually entered during setup is stored in the database incorrectly. This causes inability to login at first login as admin, requiring tweaking the wp_users table manually.

Environment: WP 3.5.2, Windows Vista Business 32-bit, apache 2.2, php 5.2.17, mysql.EXE Ver 14.12 Distrib 5.0.18, for Win32 (ia32).

Steps to reproduce: run install.php, enter strong password for admin, see it matching (green "Strong"), proceed. You will get to the login page. Try entering the password and see that it fails.

After manually tweaking the wp_users table using md5sum as described in one of the support posts to reset the password, the problem is gone.

This makes an unpleasant impression for a first-time user that WP does not work from day 1.

[johnbillion]

Does your password contain a backslash or a quote mark? If so, this is a known bug and has been fixed in the upcoming WordPress 3.6. See #24367.

[SergeyBiryukov]

#24367 fixed the issue that only was in trunk (introduced in [23634]), not in the 3.5 branch.

#17018 is the original ticket for the quotes issue, but it only affected the email sent to a new user, not the actual login.

Steps to reproduce: run install.php, enter strong password for admin, see it matching (green "Strong"), proceed. You will get to the login page. Try entering the password and see that it fails.

Your steps imply that *any* strong password fails, which is clearly not the case. I've tried to set ! " ? $ % ^ & ) as a password on a new 3.5.2 install, and it works for me. Could you provide more details?

[cfeet77]

My password consists only of lowercase and uppercase English letters and numbers, i.e. [a-zA-Z0-9]+. It is very trivial and it does not contain any special characters like quotes or whatever. It was standard WP 3.5.2 English distro. "Strong" here only means that the password is long enough and contains all (lowercase, uppercase, digits). I did not imply that it fails for any password. I only said that I dowloaded WP for the first time ever in my life to my Windows box, and the password thing did not work from the very first attempt (I was diligently following all the installation instructions I found on the official web pages). I did not do any second attempt to install the thing either, because I found a workaround (SQL DB fix) that solved my particular problem and I do not work for the testing dept. of WP :) to install things over and over again to provide more solid statistics on failed/passed cases.

I don't know, it could be related to the fact that I run on Windows which might be unusual, but then again I expect it to be a mainstream to do local tryouts on a local Windows box before transferring it to production Linux.

[dd32]

Tested with a password of [a-zA-Z0-9]+, 100 characters long, works for me.

Potentially there could've been issues with trailing/leading whitespace.