“Username and password do not match or you do not have an account yet” Error – Cause and Fix

Yesterday evening we had a very interesting call from a new client. The new client told us that when trying to login to the frontend of his Joomla website, he’s always greeted with the following error message:

“Username and password do not match or you do not have an account yet”

He told us that he just migrated his website from Joomla 1.5 to Joomla 2.5, and he’s not able to login with any of his frontend users, even after resetting their passwords from the backend.

So, we tested the website and indeed, were were not able to login to the frontend even after resetting the password from the backend. We disabled SEF, we disabled caching, we disabled all 3rd party plugins, yet we still had the same problem.

We then thought, what if we reset the password from phpMyAdmin? So, we logged in to to phpMyAdmin and set the password of a random user in the #__users table to the MD5 equivalent of “password”. We then tried to login, and, to our surprise, the login worked!

So we compared that user’s password to another password, and we noticed that all the other users (that were not able to login), had a strong password. A strong password is a password that starts with $P$. For some reason, strong passwords were not working, and the reset functionality, as well as the user creation functionality, were generating strong passwords.

So, what did we do to fix the problem?

The fix was extremely easy, all we needed to do was to ensure that any password generation/reset uses the MD5 encryption. Here’s what we did in order for that to happen:

  • We opened the file helper.php located under the libraries/joomla/user folder.
  • We added the following line to the beginning of the hashPassword function in the aforementioned file:

    return md5($password);

  • We re-uploaded the file to its corresponding place.

  • The problem was solved.

We didn’t have enough time to investigate why strong passwords were not working (and why only MD5 encrypted passwords were working), but we suspect this has something to do with a wrong migration of the users’ data, as well as the presence of some legacy files from the old Joomla website. We’re really not sure on this one.

What we know, however, is that our fix worked! In case you have the same problem, then try the above quick fix and see if it works for you. If it doesn’t, well, all you need to do is to contact us. We’ll fix it for you in as little time as possible and for a very affordable fee.

6 Responses to ““Username and password do not match or you do not have an account yet” Error – Cause and Fix”
  1. Comment by Paol8tto — May 12, 2014 @ 9:49 am

    Thank you for your resolution, my website was affected from the same problem and your fix solved the problem.
    Good work!

  2. Comment by Marty — June 15, 2014 @ 12:41 am

    I have the same issue in Joomla 3.2.3 however my helper.php file does not have any “hashPassword” function.

    Could you please investigate where I must place the return md5($password) in the new file version?

  3. Comment by Marty — June 16, 2014 @ 8:25 am

    I am glad to let you know that I found a solution.

    If anyone else encounters the same problem on Joomla 3.2.3 I am happy to provide this solution for you:

    Edit /libraries/joomla/user/helper.php:

    1. Change

    $encrypted = ($salt) ? md5($plaintext . $salt) : md5($plaintext);

    to

    $encrypted = ($salt) ? md5($plaintext . $salt) . ':' . $salt : md5($plaintext);

    Edit /libraries/joomla/user/user.php:

    2. Change

    $array['password'] = $crypt . ':' . $salt;

    to

    $array['password'] = $crypt;

    Edit /components/com_users/models/reset.php:

    3. Change

    $password = $crypted . ':' . $salt;

    to

    $password = $crypted;

    4. Change

    if (!($crypt == $testcrypt))

    to

    if (!($user->activation == $testcrypt))

    5. Change

    $testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt);

    to

    $testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt, 'md5-hex');

    Edit /plugins/authentication/joomla/joomla.php:

    6. Change

    if ($crypt == $testcrypt)

    to

    if ($result->password == $testcrypt)

    Now, attempt to login again. If you are met with the same error message, simply reset your password using the forgot your password method (which will now function as intended, accepting the verification token) and you will be able to login again.

    Cheers,
    Marty

  4. Comment by Fadi — June 16, 2014 @ 8:27 am

    Hi Marty,

    Thanks a lot for the solution. For those of you reading Marty’s solution above for Joomla 3.2.3, please note that we have not tested it at itoctopus, so please proceed at your own risk.

    Again, thanks Marty for sharing this excellent information with us!

  5. Comment by Jane Jackson — July 28, 2014 @ 2:20 pm

    I am running 2.5.2 but can not locate the the hashPassword function in the helper.php file?

    Please advise what line it is on…

  6. Comment by Fadi — July 28, 2014 @ 3:10 pm

    Hi Jane,

    In the 2.5.x version the function is: getCryptedPassword. You will need to add:

    return md5($plaintext);

    to the beginning of that function.

Leave a comment