Bob Hutchinson wrote:
> On Sunday 26 Mar 2006 19:42, Robin Bowes wrote:
>
>>Bill Shupp wrote:
>>
>>>Perhaps it's missing in the form. Can you verify that? If so, I'm
>>>surprised this has not been reported before.
>>
>>Bill,
>>
>>I've done some more checking. I've turned on the mysql query log, and
>>the query that is being sent when I try to login with test@test.com/test
>>is:
>>
>> Email='test@test.com' and
>> Password='543e1d35c7c833e578709d2baabdc79c' and
>> Status='active' LIMIT 1
>>
>>Looking in the accounts table, this is not the md5 hash of "test":
>>
>>mysql> select md5('test'), password from accounts;
>>+----------------------------------+----------------------------------+
>>
>>| md5('test') | password |
>>
>>+----------------------------------+----------------------------------+
>>
>>| 098f6bcd4621d373cade4e832627b4f6 | 098f6bcd4621d373cade4e832627b4f6 |
>>
>>+----------------------------------+----------------------------------+
>>1 row in set (0.00 sec)
>>
>>Also, looking in index.php, I see this block of code:
>>
>>} else if($_REQUEST['state'] == "login_screen") {
>>
>> // LOGIN SCREEN
>>
>> $smarty->display('header.tpl');
>> require('src/login_screen.php');
>> $smarty->display('footer.tpl');
>> exit;
>>
>>The file 'login_screen.php' does not exist:
>>
>>[EMAIL PROTECTED] vegadns-0.9.9.1]# pwd
>>/var/www/vegadns/vegadns-0.9.9.1
>>[EMAIL PROTECTED] vegadns-0.9.9.1]# find . -name login_screen.php
>>
>>Does that shed any light on the issue?
>
>
> looks to me like you have found a piece of leftover code, you could try
> replacing the
> require('src/login_screen.php');
> with
> $smarty->display('login_screen.tpl');
>
> I have to admit I have never stumbled across this bug, probably because
>
> $_REQUEST['state'] == "login_screen" is never called AFAICT
>
> vegadns-0.9.9.1 > grep -rni 'login_screen' *
> index.php:112: $smarty->display('login_screen.tpl');
> index.php:128:} else if($_REQUEST['state'] == "login_screen") {
> index.php:133: require('src/login_screen.php');
>
> Are you managing to log in at all?
> Have a look at the db with phpmyadmin or somesuch, it might help you resolve
> this
When I first connect after a clean install I am logged in automatically.
It appears that I can use most of the functionality but checking the
logs reveals that several variables are not being passed between forms
(cid being one example that prevent login).
If I log out I am unable to log back in again even with the original
password.
I've checked with phpmyadmin (and mysql command line) and the
username/password remains unchanged.
The MySQL query log actually shows that the app. is submitting the wrong
md5 hashed password (see above).
I'm sure there's a logical explanation for all this but I can't put my
finger on it just at the moment...
R.
