#6426 closed defect (bug) (invalid)
wp 2.5.rc1 causes passwords to break on pre 2.5 releases using shared user table
Reported by: | jsherk | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 2.5 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
I have 5 production installs of WP 2.3.3 on my host, and have installed v2.5.RC1 in my sandbox on the same host. They all share a common user table for the user names and passwords.
I can no longer log into my 2.3.3 blogs using any user that has logged into 2.5.rc1... it gives a password incorrect error.
I have to physically go into the database and change the md5 password to something else in order to able to log back into the 2.3.3 blogs. It will then work fine again, until I use that username to login to the 2.5.rc1 blog, and then it no longer works again on the 2.3.3 blogs.
I noticed that the problem occurs because when I log into 2.5.rc1 it actually CHANGES the password in the database!!!
It may not be an issue if all your blogs that share the user table are all updated at the same time, but I'm not sure.
I posted this problem here:
http://wordpress.org/support/topic/163529
Not a bug.
WordPress 2.5 has much improved cookies and password hashing.
See #5367.