Bob Hutchinson wrote: > On Sunday 26 Mar 2006 19:42, Robin Bowes wrote: > >>Bill Shupp wrote: >> >>>Perhaps it's missing in the form. Can you verify that? If so, I'm >>>surprised this has not been reported before. >> >>Bill, >> >>I've done some more checking. I've turned on the mysql query log, and >>the query that is being sent when I try to login with test@test.com/test >>is: >> >> Email='test@test.com' and >> Password='543e1d35c7c833e578709d2baabdc79c' and >> Status='active' LIMIT 1 >> >>Looking in the accounts table, this is not the md5 hash of "test": >> >>mysql> select md5('test'), password from accounts; >>+----------------------------------+----------------------------------+ >> >>| md5('test') | password | >> >>+----------------------------------+----------------------------------+ >> >>| 098f6bcd4621d373cade4e832627b4f6 | 098f6bcd4621d373cade4e832627b4f6 | >> >>+----------------------------------+----------------------------------+ >>1 row in set (0.00 sec) >> >>Also, looking in index.php, I see this block of code: >> >>} else if($_REQUEST['state'] == "login_screen") { >> >> // LOGIN SCREEN >> >> $smarty->display('header.tpl'); >> require('src/login_screen.php'); >> $smarty->display('footer.tpl'); >> exit; >> >>The file 'login_screen.php' does not exist: >> >>[EMAIL PROTECTED] vegadns-0.9.9.1]# pwd >>/var/www/vegadns/vegadns-0.9.9.1 >>[EMAIL PROTECTED] vegadns-0.9.9.1]# find . -name login_screen.php >> >>Does that shed any light on the issue? > > > looks to me like you have found a piece of leftover code, you could try > replacing the > require('src/login_screen.php'); > with > $smarty->display('login_screen.tpl'); > > I have to admit I have never stumbled across this bug, probably because > > $_REQUEST['state'] == "login_screen" is never called AFAICT > > vegadns-0.9.9.1 > grep -rni 'login_screen' * > index.php:112: $smarty->display('login_screen.tpl'); > index.php:128:} else if($_REQUEST['state'] == "login_screen") { > index.php:133: require('src/login_screen.php'); > > Are you managing to log in at all? > Have a look at the db with phpmyadmin or somesuch, it might help you resolve > this
When I first connect after a clean install I am logged in automatically. It appears that I can use most of the functionality but checking the logs reveals that several variables are not being passed between forms (cid being one example that prevent login). If I log out I am unable to log back in again even with the original password. I've checked with phpmyadmin (and mysql command line) and the username/password remains unchanged. The MySQL query log actually shows that the app. is submitting the wrong md5 hashed password (see above). I'm sure there's a logical explanation for all this but I can't put my finger on it just at the moment... R.