#42 mmcache_password failures

closed
nobody
None
5
2003-09-26
2003-09-22
No

Upgraded to version 2.4.0 and noticing that I couldn't
access mmcache.php stats page anymore. I re-ran the
mmcache_password.php file and entered the new
information into php.ini but it still would not let me
connect.

I thought maybe I just made a typo so ran
mmcache_password again and noticed it gave a
completely different password string. In fact I ran this
numerous times and each time it gave another answer
though I always used the same username and password.

Discussion

  • Jason Carlson

    Jason Carlson - 2003-09-22

    Logged In: YES
    user_id=391860

    Did some more digging on this problem. First I learned that
    crypt always would give a different output string when the
    key (salt) is not fixed so that obviously wasn't the issue.

    Also discovered that if the mmcache.php file is not in a
    directory with an apache password (determined
    with .htaccess) it works as it is supposed to. However, if
    there is a password protecting the directory mmcache.php is
    in then mmcache.php will popup the authorization window but
    will still fail.

    Before my upgrades I was still able to go into a .htaccess
    password protected directory, run mmcache.php and if the
    username/passwords were the same it would just let me in
    and if they were different it would let me enter the new login
    info and I could be in to use the program. Since the upgrade
    it just won't let me be in a .htaccess password protected
    directory AND use the security I can set in the php.ini file for
    mmcache.php.

    Also of note: My linux distro had recent updates to apache,
    open_ssl, and mod_ssl so perhaps it is a change in apache
    that caused this. I tried rebuilding php again from source and
    then rebuilding turck-mmcache to see if this solved the
    problem and the problem still exists.

     
  • Nobody/Anonymous

    Logged In: NO

    as far as I know it is generally not possible to have this:

    The directory is password-protected by apache e.g.
    with .htaccess and the same time a php script simulates a
    password dialog-request.

    I think this won't work because when you satisfy
    apaches .htaccess with user/pass #1 you do not
    satisfy php with user/pass #2 and vice versa.

    I had a similar problem with another application
    and it did not work.

    And I think this is usual, because you cannot
    satisfy #1 and #2 at the same time when #1 and
    #2 are different user/pass combinations.

    Its like 2 doors in a row and you either have one
    key for the first or another for the second.

    You won't be able to open both doors with just
    one key, except the key is identical.

    Hint: Also check for the "REALM" name. This is
    the text that appears in the user/pass dialog-box.

    It might help when the "REALM" names are identical.
    But #1 and #2 user/pass have to be identical, too
    for that... Then it might work depending on your browser.

     
  • Dmitry Stogov

    Dmitry Stogov - 2003-09-26
    • status: open --> closed
     
  • Dmitry Stogov

    Dmitry Stogov - 2003-09-26

    Logged In: YES
    user_id=124551

    If you use mmcache.php in password protected directory then
    MMCache's admin name and password must be the same as
    for this directory.

     
  • Jason Carlson

    Jason Carlson - 2003-09-26

    Logged In: YES
    user_id=391860

    I had them as the same username and password... It used to
    work before I upgraded to 2.4.0 then this broke. I was in IE
    at the time and closed the window and reopened a new one
    so the session should of been broken just in case that was
    the source but it still wouldn't let me in.

    Realistically I didn't need the directory password protected as
    well as the file so I'm not too worried about it at this point.
    Just wanted you folks to know that somehow the behaviour
    changed. It of course could be in the new redhat apache
    patch that was applied about the same time as well.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks