[Phpwiki-bugs] [ phpwiki-Bugs-752218 ] User authentication sends passwd in clear text

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Bugs item #752218, was opened at 2003-06-10 14:58
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=106121&aid=752218&group_id=6121

Category: All databases
Group: User Authentication
Status: Open
Resolution: None
Priority: 5
Submitted By: John Sechrest (sechrest)
Assigned to: Nobody/Anonymous (nobody)
Summary: User authentication sends passwd in clear text

Initial Comment:
It looks to me like the process of taking a username
and then the password sends that password back to the 
server in clear text.

Either the server needs to collect the password in 
SSL , or it needs to use the userAuth process to 
collect and encrypt the password at the browser.

when I added user authentication to the old version
of php wiki for myself, I used the browser to do the encryption
using this library:
<?PHP
///  Auth example
///  how to do authentication
///  Assume a database like this:
///       create table members (
///                 member_id   int auto_increment primary key,
///                 firstname  varchar(40),
///                 lastname   varchar(40),
///                 address     varchar(60),
///                 city        varchar(40),
///                 State       varchar(16),
///                 zip         varchar(16),
///                 Phone       varchar(16),
///                 bphone      varchar(16),
///                 email       varchar(60),
///                 login       varchar(16),
///                 passwd      varchar(16),
///                 team        int,
///                 admin       int,
///                 comment     varchar(255)
///                 );
/// Note, this need to add encryption on the passwd, which it 
does not do.
/// Constants for the php database access
/// auth code 
/// started from 
http://www.zend.com/zend/tut/authentication.php#Heading1
1

     $auth = false; // Assume user is not authenticated 
     if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) { 

             // Connect to MySQL 

        mysql_connect( $authhost, $authdblogin, 
$authdbpasswd ) 
            or die ( 'Unable to connect to server.' ); 

        // Select database on MySQL server 

        mysql_select_db( $authdatabase ) 
            or die ( 'Unable to select database.' ); 

        // Formulate the query 

        $authsql = "SELECT * FROM $authtable WHERE 
                login = '$PHP_AUTH_USER' AND 
                passwd = '$PHP_AUTH_PW'"; 

        // Execute the query and put results in $result 

        $authresult = mysql_query( $authsql ) 
        or die ( 'Unable to execute query for login.' ); 

        // Get number of rows in $result. 

        $authnum = mysql_numrows( $authresult ); 

        if ( $authnum != 0 ) { 

            // A matching row was found - the user is 
authenticated. 

        for ($i = 0; $i < $authnum; $i++) {
                $admin = mysql_result($authresult, $i, "admin");   
        /// debug echo " admin  = $admin\n" ;
                }

            $auth = true; 

          }

        }

        if ( ! $auth ) { 

        header( 'WWW-Authenticate: Basic realm=$wwwrealm' 
); 
        header( 'HTTP/1.0 401 Unauthorized' ); 
        echo 'Authorization Required.'; 
        echo ' You need to register';
        exit; 
         } 
?>

I am getting feedback that I need to fix this security hole
for our use of the wiki. What will it take for that to happen?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=106121&aid=752218&group_id=6121