Old password is not valid.

[paul-nagorney-icrossing]

Describe the bug When user tries to change password, they get an error: Old password is not valid.

To Reproduce Steps to reproduce the behavior:

1. Register an account
2. User gets the generated password from email, and logs in to the game to ensure its working
3. Go back to website, click Change Password
4. Enter username, old password, and new password in the modal
5. Click Change password on the modal
6. When the POST happens and page reloads, the user sees the error "Old password is not valid."

Expected behavior Its expected that user's new password is accepted and changed in the game server

Screenshots

Desktop (please complete the following information):

• OS: ubuntu linux 20
• Server core: CMaNGOS latest version
• Core repository: https://github.com/cmangos/mangos-classic
• Game version: 1.12.1
• PHP version: 8.2
• Browser: Chrome
• Apache Version: Apache/2.4.57 () OpenSSL/1.0.2k-fips PHP/8.2.3

Additional context I have validated that the POST going from my browser to the server contains the proper values Using google recaptcha v2 $config['server_core'] = 5; $config['srp6_support'] = true; $config['soap_for_register'] = false;

verifySRP6 is returning false on line 388 of user.php

gmp is enabled in php (verified via phpinfo)

[wsh123321]

I also encountered the same problem and found that the verification of SRP6 did not pass. I checked and found that the account verification for both CMANGOS and VMANGOS was the same Here is the difference in verifying passwords, hoping to find a solution.