Threaded Mode | Linear Mode

rycardo74 · 07-17-2008 04:02 AM

Hi I found a strange issue on administrator passwords control.
Im use a password style like this "alphanumeric.54"

the problem is that I can login with "alphanumeric" or "alphanumeric.54"

is not beautiful

somebody have the same problem

sci2tech · 07-17-2008 05:11 AM

Please try to change the password with same password (admin/password_change.php) and check if is happend again.

rycardo74 · 07-17-2008 06:56 PM

All ok
instalation issue ?
however i change on the fly my password when Finished the istallation.

sci2tech · 07-17-2008 10:22 PM

It`s not an issue, it`s a feature Tongue

. When administrator password is crypted is used DES algoritm not MD5 or Blowfish->only first 8 characters are relevant when hash is created. So there are 2 option:
Change in ispcp/engine/setup/ispcp-setup.pl line 719 from

Code:

my $admin_password = crypt_data($main::ua{'admin_password'});

to

Code:

my $admin_password = crypt_md5_data($main::ua{'admin_password'});

or change in ispcp/engine/ispcp_common_methods.pl starting with line 1055

Code:

sub crypt_data {

    my ($data) = @_;

    push_el(\@main::el, 'crypt_data()', 'Starting...');

    if (!defined($data) || $data eq '') {

        push_el(\@main::el, 'crypt_data()', "ERROR: Undefined input data, data: |$data| !");

        return (-1, '');

    }

    my ($rs, $rdata) = gen_rand_num(2);

    return (-1, '') if ($rs != 0);

    $rdata = crypt($data, $rdata);

    push_el(\@main::el, 'crypt_data()', 'Ending...');

    return (0, $rdata);

}

in

Code:

sub crypt_data {

    my ($data) = @_;

    push_el(\@main::el, 'crypt_data()', 'Starting...');

    if (!defined($data) || $data eq '') {

        push_el(\@main::el, 'crypt_data()', "ERROR: Undefined input data, data: |$data| !");

        return (-1, '');

    }

    my ($rs, $rdata) = gen_rand_num(8);

    $rdata="\$1\$".$rdata;

    print STDOUT $rdata."\n";

    return (-1, '') if ($rs != 0);

    $rdata = crypt($data, $rdata);

    push_el(\@main::el, 'crypt_data()', 'Ending...');

    return (0, $rdata);

}

to force MD5 algorithm. A better solution is expected from someone who really know perl, because I do not know it at all. When the track will be back online i`ll open a ticket about this issue (i think this is really a serious one) and hope that Rats (or one of the other devs) will fix it shortly.
For thous witch still use admin password created by setup, change it using gui, to force MD5 algorithm, otherwise your password will be truncated at 8 chars

***RatS*** · 07-18-2008 05:04 PM

good point; crypt_md5_data is already written and can be reuses but needs a salt of 8 instead of 2 (like it is now).

Threaded Mode \| Linear Mode admin password issues with a dot
Author	Message