Current time: 11-22-2024, 11:14 PM Hello There, Guest! (LoginRegister)


Post Reply 
admin password issues with a dot
Author Message
rycardo74 Offline
Junior Member
*

Posts: 19
Joined: Jun 2008
Reputation: 0
Post: #1
admin password issues with a dot
Hi I found a strange issue on administrator passwords control.
Im use a password style like this "alphanumeric.54"

the problem is that I can login with "alphanumeric" or "alphanumeric.54"

is not beautiful

somebody have the same problem
07-17-2008 04:02 AM
Find all posts by this user Quote this message in a reply
sci2tech Away
Senior Member
****

Posts: 1,285
Joined: Jan 2007
Reputation: 23
Post: #2
RE: admin password issues with a dot
Please try to change the password with same password (admin/password_change.php) and check if is happend again.
07-17-2008 05:11 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rycardo74 Offline
Junior Member
*

Posts: 19
Joined: Jun 2008
Reputation: 0
Post: #3
RE: admin password issues with a dot
All ok
instalation issue ?
however i change on the fly my password when Finished the istallation.
07-17-2008 06:56 PM
Find all posts by this user Quote this message in a reply
sci2tech Away
Senior Member
****

Posts: 1,285
Joined: Jan 2007
Reputation: 23
Post: #4
RE: admin password issues with a dot
It`s not an issue, it`s a feature Tongue. When administrator password is crypted is used DES algoritm not MD5 or Blowfish->only first 8 characters are relevant when hash is created. So there are 2 option:
Change in ispcp/engine/setup/ispcp-setup.pl line 719 from
Code:
my $admin_password = crypt_data($main::ua{'admin_password'});
to
Code:
my $admin_password = crypt_md5_data($main::ua{'admin_password'});
or change in ispcp/engine/ispcp_common_methods.pl starting with line 1055
Code:
sub crypt_data {
    my ($data) = @_;
    push_el(\@main::el, 'crypt_data()', 'Starting...');
    if (!defined($data) || $data eq '') {
        push_el(\@main::el, 'crypt_data()', "ERROR: Undefined input data, data: |$data| !");
        return (-1, '');
    }
    my ($rs, $rdata) = gen_rand_num(2);
    return (-1, '') if ($rs != 0);
    $rdata = crypt($data, $rdata);
    push_el(\@main::el, 'crypt_data()', 'Ending...');
    return (0, $rdata);
}
in
Code:
sub crypt_data {
    my ($data) = @_;
    push_el(\@main::el, 'crypt_data()', 'Starting...');
    if (!defined($data) || $data eq '') {
        push_el(\@main::el, 'crypt_data()', "ERROR: Undefined input data, data: |$data| !");
        return (-1, '');
    }
    my ($rs, $rdata) = gen_rand_num(8);
    $rdata="\$1\$".$rdata;
    print STDOUT $rdata."\n";
    return (-1, '') if ($rs != 0);
    $rdata = crypt($data, $rdata);
    push_el(\@main::el, 'crypt_data()', 'Ending...');
    return (0, $rdata);
}
to force MD5 algorithm. A better solution is expected from someone who really know perl, because I do not know it at all. When the track will be back online i`ll open a ticket about this issue (i think this is really a serious one) and hope that Rats (or one of the other devs) will fix it shortly.
For thous witch still use admin password created by setup, change it using gui, to force MD5 algorithm, otherwise your password will be truncated at 8 chars
07-17-2008 10:22 PM
Visit this user's website Find all posts by this user Quote this message in a reply
RatS Offline
Project Leader
******

Posts: 1,854
Joined: Oct 2006
Reputation: 17
Post: #5
RE: admin password issues with a dot
good point; crypt_md5_data is already written and can be reuses but needs a salt of 8 instead of 2 (like it is now).
07-18-2008 05:04 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)