#149 Login Problem

[Anonymous]

Hi my Authentication is set to default after a successfull install however I can't seem to be able to login with the default credentials

[Alessandro Briosi]

check if the database is correctly populated.
Did you use the setup script or manual installation?

Logs usually tell if something i failing.

[Anonymous]

same problem, cant login with user:admin, i cant create new users and they appear in the users table of de database, but confirmation email seems doesnt send to my gmail´s account.

i set the user to "active" manually and the same error.

in the error.log of apache appears this:

"PHP Strict Standards: Declaration of defaultAuth::useredit() should be compatible with authBase::useredit($user) in /var/www/openupload/lib/modules/auth/default.inc.php on line 72, referer: http://nemeberry.no-ip.org/openupload/index.php?action=login
"

thanks and sorry for my poor english :S

[Anonymous]

P.D: i followed the interactive setup and set the level of DB to restrictive

[Anonymous]

I'm having the same issue. I followed automatic installation and set it to private
I don't get any errors on Apache, but allways access denied.
I have manually set the admin user password to blank but that didnt help.
I have tried using the crypt function manualy to create the hash but that didnt help.
Help ;)
Thank you

[Anonymous]

Same issue here. Private setup. Nothing in PHP error log, the user exists in the database and it's not called admin just like I entered it during setup.

What might be noteworthy is that the reg_date value is incorrect. No matter at what time I create the user, the field always states '2009-01-01 00:00:00'. The clock on the machine is running fine.

[Anonymous]

I found the issue. The password field in the database users table is a varchar(100) column. Changed the altered the lib/modules/auth/default.inc.php by injecting:

---

$dothedebug = "The user is: " . $user['login'] . "\n" .
    "The user password is: " . $user['password'] . "\n" .
    "Passed password is: " . $password . "\n\n" .
    "Crypt thingy: " . crypt($password,$user['password']) . "<br><br>\n\n" .
    "Crypt function just password: " . crypt($password) . "\n" .
    "Crypt thingy crypted pw = salt: " . crypt($password, $user['password']) . "\n\n";
file_put_contents('/tmp/whoopie', $dothedebug);

---

between
$user = $res[0];
<insert here="">
if ($user['login']==$login and crypt($password,$user['password'])==$user['password']) {
return true;
...

under the authenticate function.

This clearly showed the first listed password had 2 characters less than the middle and the last one.

Not sure your salt is safe either, you seem to salt the password like this:
crypt($password,crypt($password));

The PHP manual states that not using a salt can cause unpredictable results. The end result is salted, but the used salt is an unsalted crypt of the password. According to the manual this would mean the salt is thus unpredictable which makes the entire thing unpredictable :).

I ran a simple

alter table users change column password password varchar(140);

on the database and inserted the correct value for the password as gotten from /tmp/whoopie the above code outputted after a login attempt.

Thanks for the software. Had a hard time finding one. Finding one that actually worked was even worse. This was fixed pretty easily :).

[Anonymous]

hi

Well i applied your "fix" but every time i try to login i got nothing on the Whoopie file...the file is created meaning the code works (at least the part which creates the Whoopie) but nothing's written on that files...just empty, can you help me ? thanks a lot , i'm getting mad trying to install openupload (which seems so easy to install at fist sight !!!)

[Alessandro Briosi]

the fix is not the woopie file creation part!!
Simply enlarge the password field in the database. Set the password field to be a varchar(255)

Run this query:
alter table users change column password password varchar(250);

P.S. I don't do a crypt of a crypt like state above. I know the result is unpredictable, but it's based on the system it's used.

[Anonymous]

Hi Alessandro !

Thanks for answering me so quickly !

I've already tried to only alter varchar but i still got the same issue ! (I use a ubuntu x64 12.10 server distrib on Virtual box) Everything's fine till the configuration saves...when i come to the login page i simply cannot login (even with the default credentials...)...and as the password is crypted...it seems not possible to alter it on the mysql directly, it would have been too easy..and not secure...

Any idea ?
++

[Alessandro Briosi]

ok, but have you altered the password? If it was populated by the setup script it won't work.

to generate the password:
php -r 'echo crypt("password")."\n";'

then put the generated string into the password field and login with "password"

Alessandro

[John Doe]

Yes old post but that alter query fixed my issue too (fresh install)
Thanks!!

alter table users change column password password varchar(250);