Menu
▾
▴
[phpesp-dev] [ phpesp-Bugs-971098 ] mysql PASSWORD() incompatibility
|
From: SourceForge.net <no...@so...> - 2005-10-25 15:22:31
|
Bugs item #971098, was opened at 2004-06-11 07:43 Message generated for change (Comment added) made by greggmc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=971098&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: SQL Group: None Status: Closed Resolution: None Priority: 5 Submitted By: Tedar (tedar) Assigned to: Matthew Gregg (greggmc) Summary: mysql PASSWORD() incompatibility Initial Comment: root authentication will fail if the mysql db is version > 4.0. previous to version 4.1 the PASSWORD('$pass') will generate a 11 bit string, as of version 4.1 PASSWORD('$pass') will generate a 64 bit string. this hack solves the problem for users with a mysq version 4.1. (should be backwards compatible) eregi("[0-9]+(.)[0-9]+(.)[0-9]+",mysql_get_server_info(mysql_connect($GLOBALS['ESPCONFIG']['db_host'], $GLOBALS['ESPCONFIG']['db_user'], $GLOBALS['ESPCONFIG']['db_pass'])),$mysql_version); $mysql_version = $mysql_version[0]; if ($mysql_version > "4.0.0") { $sql = "SELECT * FROM designer WHERE username = '$username' AND password = OLD_PASSWORD('$password') AND disabled = 'N' AND (expiration = '0' OR expiration > NOW())"; } else { $sql = "SELECT * FROM designer WHERE username = '$username' AND password = PASSWORD('$password') AND disabled = 'N' AND (expiration = '0' OR expiration > NOW())"; } ---------------------------------------------------------------------- >Comment By: Matthew Gregg (greggmc) Date: 2005-10-25 10:22 Message: Logged In: YES user_id=14116 You might be using PHP that isn't compiled against mysql 4.1.x libraries? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2005-10-25 09:51 Message: Logged In: NO I added this code to the espauth-default.inc file, just above function manage_auth($username, $password, $raw_password="") { .... It did not resolve the problem, I still received the error message "Client does not support authentication protocol requested by server;" I got the dba to use the old_password() to change the setting on the server and was able to get in. We are running mysql 4.1.14 on unix with php 4.3 Am I missing something? mik...@la... ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-03-08 15:23 Message: Logged In: YES user_id=14116 Fixed in CVS. ---------------------------------------------------------------------- Comment By: James Flemer (jimmerman) Date: 2004-09-14 13:55 Message: Logged In: YES user_id=39444 We should add some code that detects the version and transparently migrates the passwords. Accompany this with a note in the docs/faq that says DO NOT DOWNGRADE mysql. Psedo-code for what I'm thinking: if (user.pass != PASSWD($pass) && new_mysql && user.pass = OLD_PASSWD($pass)) { update user.pass with PASSWD($pass); allow login; } else { reject; } ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2004-09-14 11:19 Message: Logged In: YES user_id=14116 ADODB still uses the builtin PASSWORD function. I think it will effect users that upgrade. Users with 11 bit pre 4.1 hashes that upgrade to 4.1 will fail with the new PASSWORD function, right? How do you think we should handle this? ---------------------------------------------------------------------- Comment By: James Flemer (jimmerman) Date: 2004-09-14 10:53 Message: Logged In: YES user_id=39444 Matthew (greggmc), Do you know if this is an issue now that we use adodb? ---------------------------------------------------------------------- Comment By: Tedar (tedar) Date: 2004-06-11 09:05 Message: Logged In: YES user_id=1061542 forgot to say which file: in espauth-default.inc line 146 (v 1.6) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=971098&group_id=8956 |
