ispCP - Board - Support
admin password issues with a dot - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: System Setup & Installation (/forum-32.html)
+--- Thread: admin password issues with a dot (/thread-3776.html)

admin password issues with a dot - rycardo74 - 07-17-2008 04:02 AM

Hi I found a strange issue on administrator passwords control.
Im use a password style like this "alphanumeric.54"

the problem is that I can login with "alphanumeric" or "alphanumeric.54"

is not beautiful

somebody have the same problem

RE: admin password issues with a dot - sci2tech - 07-17-2008 05:11 AM

Please try to change the password with same password (admin/password_change.php) and check if is happend again.

RE: admin password issues with a dot - rycardo74 - 07-17-2008 06:56 PM

All ok
instalation issue ?
however i change on the fly my password when Finished the istallation.

RE: admin password issues with a dot - sci2tech - 07-17-2008 10:22 PM

It`s not an issue, it`s a feature Tongue. When administrator password is crypted is used DES algoritm not MD5 or Blowfish->only first 8 characters are relevant when hash is created. So there are 2 option:
Change in ispcp/engine/setup/ispcp-setup.pl line 719 from
Code:
my $admin_password = crypt_data($main::ua{'admin_password'});
to
Code:
my $admin_password = crypt_md5_data($main::ua{'admin_password'});
or change in ispcp/engine/ispcp_common_methods.pl starting with line 1055
Code:
sub crypt_data {
    my ($data) = @_;
    push_el(\@main::el, 'crypt_data()', 'Starting...');
    if (!defined($data) || $data eq '') {
        push_el(\@main::el, 'crypt_data()', "ERROR: Undefined input data, data: |$data| !");
        return (-1, '');
    }
    my ($rs, $rdata) = gen_rand_num(2);
    return (-1, '') if ($rs != 0);
    $rdata = crypt($data, $rdata);
    push_el(\@main::el, 'crypt_data()', 'Ending...');
    return (0, $rdata);
}
in
Code:
sub crypt_data {
    my ($data) = @_;
    push_el(\@main::el, 'crypt_data()', 'Starting...');
    if (!defined($data) || $data eq '') {
        push_el(\@main::el, 'crypt_data()', "ERROR: Undefined input data, data: |$data| !");
        return (-1, '');
    }
    my ($rs, $rdata) = gen_rand_num(8);
    $rdata="\$1\$".$rdata;
    print STDOUT $rdata."\n";
    return (-1, '') if ($rs != 0);
    $rdata = crypt($data, $rdata);
    push_el(\@main::el, 'crypt_data()', 'Ending...');
    return (0, $rdata);
}
to force MD5 algorithm. A better solution is expected from someone who really know perl, because I do not know it at all. When the track will be back online i`ll open a ticket about this issue (i think this is really a serious one) and hope that Rats (or one of the other devs) will fix it shortly.
For thous witch still use admin password created by setup, change it using gui, to force MD5 algorithm, otherwise your password will be truncated at 8 chars

RE: admin password issues with a dot - RatS - 07-18-2008 05:04 PM

good point; crypt_md5_data is already written and can be reuses but needs a salt of 8 instead of 2 (like it is now).