** Changed in: mahara
Status: New => Confirmed
** Changed in: mahara
Assignee: (unassigned) => Andrew Nicols (dobedobedoh)
** Changed in: mahara
Status: Confirmed => Fix Committed
--
Admin user unable to login after installation - salt issue
https://bugs.launchpad.net/bugs/676461
You received this bug notification because you are a member of Mahara
Committers, which is subscribed to Mahara.
Status in Mahara ePortfolio: Fix Committed
Bug description:
During installation, the final step is typically to set the admin password. At
present on master this isn't happening and the admin user is unable to login.
Looks like this is caused by a change in
e9151dd85cabeb527b7a3dc6d03699e9bb949634 to auth/internal/lib.php to the salt
system.
When the admin user is created, it's not created using an Auth object, but by
inserting directly into the database. The password is set in plaintext and
without salt. The installation then seesm to log in the admin user with that
plaintext password.
The salt change in the above commit removes the ability for users to log in
using a plaintext password if there's no salt.
I can see two ways forward:
* revert the salt change; or
* salt the admin password.
I've provided a fix for the latter in the attached file on the assumption that
the salt was changed for a reason that I'm not privy to, but I haven't applied
it to master in case the preferred option is to revert the salt change.
Rather than using auth/lib.php:encrypt_password() (which just returns
sha1($salt . $password)), I've just done the sha1. This is to avoid having to
include auth/lib.php just for one function. Obviously, this would break if
salting methodology changed in the future.
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
