Menu

#137 default credentials fail new install

0.9
closed
nobody
None
1
2015-02-09
2013-11-13
Anonymous
No

fresh install of ubuntu , default credentials fail - saw other ticket (#40 Default password not working) with similar problem but no resolution…

what am I missing?

====output of database====

mysql> use phpipam;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select * from users;
+----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
| id | username | password | groups | role | real_name | email | domainUser | widgets | lang | editDate |
+----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
| 1 | Admin | d10bb806e97d3538fb13b5581db11e9e | | Administrator | phpIPAM Admin | admin@domain.local | 0 | statistics;top10_hosts_v4;top10_hosts_v6;top10_percentage;access_logs;error_logs; | 1 | NULL |
+----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
1 row in set (0.00 sec)

Related

Bugs: #137

Discussion

  • Miha Petkovsek

    Miha Petkovsek - 2013-11-13

    Hi, just tried it myself and have no errors, works fine.

    Can you try with some different browsers, there was a problem once with Firefox lower-casing username automatically or smth similar...

    brm

     
  • Anonymous

    Anonymous - 2013-11-13

    Tried IE10, Chrome, Firefox, all same result - failed to login... will try re-install i guess..

     
  • Anonymous

    Anonymous - 2013-11-24

    Hello

    I have the same error.

     
  • Marcio Merlone

    Marcio Merlone - 2014-02-10

    Same here. Now what?

     
  • Miha Petkovsek

    Miha Petkovsek - 2014-02-11

    Hi, can you try to enter this query, that is used to authenticate local user and post the result?

    select * from users where username = binary "Admin" and password = BINARY "d10bb806e97d3538fb13b5581db11e9e" and domainUser = "0" limit 1;

     
  • Marcio Merlone

    Marcio Merlone - 2014-02-11

    Sure:

    # id, username, password, groups, role, real_name, email, domainUser, widgets, lang, editDate
    '1', 'Admin', 'd10bb806e97d3538fb13b5581db11e9e', '', 'Administrator', 'phpIPAM Admin', 'admin@domain.local', ?, 'statistics;top10_hosts_v4;top10_hosts_v6;top10_percentage;access_logs;error_logs;', '1', NULL

    The '?' is a blob value, but you may already know. :)

     
  • Miha Petkovsek

    Miha Petkovsek - 2014-02-11

    Can you open functions/functions-install.php and search for function checkLogin, and after $query = add newline with print $query;

    $query      = 'select * from `users` where `username`...
    print $query;
    

    You will get the query now in login result.

     
  • Marcio Merlone

    Marcio Merlone - 2014-02-11

    There it goes:

    select * from users where username = binary "admin" and password = BINARY "d" and domainUser = "0" limit 1;

     
  • Miha Petkovsek

    Miha Petkovsek - 2014-02-11

    Well password is not ok for sure... You entered username/pass as Admin/ipamadmin (mind capitals)? Change
    print $query
    with
    print_r($_POST);

    To see what is sent from login form.

     
  • Marcio Merlone

    Marcio Merlone - 2014-02-11

    Yes, I did...

    select * from users where username = binary "admin" and password = BINARY "d" and domainUser = "0" limit 1;

    var_dump($_REQUEST):
    array(2) {
    ["ipamusername"]=>
    string(5) "admin"
    ["ipampassword"]=>
    string(9) "ipamadmin"
    }

     
  • Marcio Merlone

    Marcio Merlone - 2014-02-11

    Before you ask: no fancy config on apache's virtual host, phpipam is a subdir of my intranet like http://intranet.domain.tld/ipam. It is puzzling me too.

     
  • Miha Petkovsek

    Miha Petkovsek - 2014-02-11

    Well lower-case admin is not ok for sure, this must be browser related. You can simply change username to admin in sql directly:

    update `users` set `username` = "Admin" where `username` = "admin";
    

    Still what bothers me password part, maybe something is not ok with md5() function? What does the "print $md5password;" return in checklogin function?

     
    • Marcio Merlone

      Marcio Merlone - 2014-02-11

      Hi,

      Edited site/login/loginCheck.php and var_dumped the array $ipampassword:
      echo '

      ';
      var_dump($ipampassword);
      echo '
      ';

      got:
      string(9) "dpamadmin"

      Now I see a probable var collision, I am using "register_globals on"
      due to a legacy app:

      $_POST['ipampassword'] versus $ipampassword... will adjust the server
      setting for this location and return with results.

      On Tue, Feb 11, 2014 at 10:14 AM, Miha Petkovsek myha@users.sf.net wrote:

      Well lower-case admin is not ok for sure, this must be browser related. You
      can simply change username to admin in sql directly:

      update users set username = "Admin" where username = "admin";

      Still what bothers me password part, maybe something is not ok with md5()
      function? What does the "print $md5password;" return in checklogin function?


      [bugs:#137] default credentials fail new install

      Status: open
      Created: Wed Nov 13, 2013 01:34 AM UTC by Anonymous
      Last Updated: Tue Feb 11, 2014 12:08 PM UTC
      Owner: nobody

      fresh install of ubuntu , default credentials fail - saw other ticket (#40
      Default password not working) with similar problem but no resolution...

      what am I missing?

      ====output of database====

      mysql> use phpipam;
      Reading table information for completion of table and column names
      You can turn off this feature to get a quicker startup with -A

      Database changed
      mysql> select * from users;
      +----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
      | id | username | password | groups | role | real_name | email | domainUser
      | widgets | lang | editDate |
      +----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
      | 1 | Admin | d10bb806e97d3538fb13b5581db11e9e | | Administrator | phpIPAM
      Admin | admin@domain.local | 0 |
      statistics;top10_hosts_v4;top10_hosts_v6;top10_percentage;access_logs;error_logs;
      | 1 | NULL |
      +----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
      1 row in set (0.00 sec)


      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/phpipam/bugs/137/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

      --
      Marcio Merlone

       

      Related

      Bugs: #137

      • Marcio Merlone

        Marcio Merlone - 2014-02-11

        So, I changed register_globals to off, updated Admin to admin on db
        and now it works on Google Chrome. Tested case on Firefox and it works
        with 'Admin'.

        So, for the record:
        1. register_globals must be off.
        2. Google Chrome lower-cases username, so either run from Firefox or
        update users set username = 'admin' where username = 'Admin'.

        Case closed, thanks for your time and effort. :)

        Regards.

        On Tue, Feb 11, 2014 at 10:27 AM, Marcio Merlone mmerlone@gmail.com wrote:

        Hi,

        Edited site/login/loginCheck.php and var_dumped the array $ipampassword:
        echo '

        ';
        var_dump($ipampassword);
        echo '
        ';

        got:
        string(9) "dpamadmin"

        Now I see a probable var collision, I am using "register_globals on"
        due to a legacy app:

        $_POST['ipampassword'] versus $ipampassword... will adjust the server
        setting for this location and return with results.

        On Tue, Feb 11, 2014 at 10:14 AM, Miha Petkovsek myha@users.sf.net wrote:

        Well lower-case admin is not ok for sure, this must be browser related. You
        can simply change username to admin in sql directly:

        update users set username = "Admin" where username = "admin";

        Still what bothers me password part, maybe something is not ok with md5()
        function? What does the "print $md5password;" return in checklogin function?


        [bugs:#137] default credentials fail new install

        Status: open
        Created: Wed Nov 13, 2013 01:34 AM UTC by Anonymous
        Last Updated: Tue Feb 11, 2014 12:08 PM UTC
        Owner: nobody

        fresh install of ubuntu , default credentials fail - saw other ticket (#40
        Default password not working) with similar problem but no resolution...

        what am I missing?

        ====output of database====

        mysql> use phpipam;
        Reading table information for completion of table and column names
        You can turn off this feature to get a quicker startup with -A

        Database changed
        mysql> select * from users;
        +----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
        | id | username | password | groups | role | real_name | email | domainUser
        | widgets | lang | editDate |
        +----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
        | 1 | Admin | d10bb806e97d3538fb13b5581db11e9e | | Administrator | phpIPAM
        Admin | admin@domain.local | 0 |
        statistics;top10_hosts_v4;top10_hosts_v6;top10_percentage;access_logs;error_logs;
        | 1 | NULL |
        +----+----------+----------------------------------+--------+---------------+---------------+--------------------+------------+-----------------------------------------------------------------------------------+------+----------+
        1 row in set (0.00 sec)


        Sent from sourceforge.net because you indicated interest in
        https://sourceforge.net/p/phpipam/bugs/137/

        To unsubscribe from further messages, please visit
        https://sourceforge.net/auth/subscriptions/

        --
        Marcio Merlone

        --
        Marcio Merlone

         

        Related

        Bugs: #137

  • Marcio Merlone

    Marcio Merlone - 2014-02-11

    So, I changed register_globals to off, updated Admin to admin on db
    and now it works on Google Chrome. Tested case on Firefox and it works
    with 'Admin'.

    So, for the record:
    1. register_globals must be off.
    2. Google Chrome lower-cases username, so either run from Firefox or

    update users set username = 'admin' where username = 'Admin';
    

    Case closed, thanks for your time and effort. :)

    Regards.

     
  • Miha Petkovsek

    Miha Petkovsek - 2014-02-11

    Hi, good news. Can you tell me which os/browser you are using so I can test this username lowercasing? On OsX it works fine.

     
  • Marcio Merlone

    Marcio Merlone - 2014-02-11

    So, I changed register_globals to off, updated Admin to admin on db
    and now it works on Google Chrome. Tested case on Firefox and it works
    with 'Admin'. Using latest linux Mint (Ubuntu based).

    So, for the record:
    1. register_globals must be off.
    2. Google Chrome lower-cases username, so either run from Firefox or
    update users set username = 'admin' where username = 'Admin'.

    Case closed, thanks for your time and effort. :)

    Regards.

     
  • Anonymous

    Anonymous - 2014-02-17

    Hello, Register_Globals was also the key for me (Ubuntu, phpipam 0.9) thankies !

     
  • Miha Petkovsek

    Miha Petkovsek - 2014-03-03
    • status: open --> closed
     
  • Anonymous

    Anonymous - 2014-03-16

    I'm having the same issue.
    Just looking at the Admin row data, in my DB it shows domainUser=30 yet your line in the function is looking for domainUser="0" ?

    Could this be it?

     
  • Miha Petkovsek

    Miha Petkovsek - 2014-03-17

    Yes, set it to 0.

     
  • Anonymous

    Anonymous - 2014-04-11

    I have same problem with the login...

     
  • Anonymous

    Anonymous - 2015-02-09

    Same problem. Php 5.6, so register_globals was removed at all. Cannot register. When I run "update users set password='1a1dc91c907325c69271ddf0c944bc72' where username='admin';" I can register with "admin/pass" (the hash is from 'pass' password). After register run "select password,domainUser from users". Got - *0,0. Then - logout, cannot register, run sql to update hash, register, so on. The domain auth works well. What to do with local? OpenSUSE 13.2 64 bit.

     

Anonymous
Anonymous

Add attachments
Cancel





Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.