Can't login as user or admin since upgrade Can't login as user or admin since upgrade
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Can't login as user or admin since upgrade

Started by nytelifenyc, January 12, 2006, 05:13:50 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

nytelifenyc

I have upgraded using Fantastico, and now I am unable to login as a user or administrator.  My website is http://www.nytelifenyc.com/photo

my test username is

lainezja

password is

amalia90

I can't perform any administrator functions.  I think my database might not be linked to it, but I don't know how to tell.  I just did a straight up upgrade using fantastico.  I had initial problems with new registrations so I put go back to default settings and now I can't logiin as user or administrator.

I would appreciate your help.  I have been trying to fix this issue for the past month.

kding


Paver

It's a bad idea to post a password on a public board.

Clicking "reset to default settings" did you in.  There's a bug where that button sets the password encryption on but doesn't actually encrypt the passwords so things don't match up.

A simple solution is to add the following line to sql/update.sql (at the end) and then run update.php:
UPDATE `CPG_config` SET `value` = '0' WHERE `name`= 'enable_encrypted_passwords' LIMIT 1 ;

Afterwards, immediately change your password.

Here is a related thread for more info: http://forum.coppermine-gallery.net/index.php?topic=24609.

Paver

kding: I don't think your problem is the same as this one.

kding

#4
Paver, my problem is a close one. after updating to cpg1.43, all the passwords turn into plain english. Login became a problem. I tried two things after that. One is to register as a new user. I saw the new user's password was encrypted so login as the new user has no problem. Then I did a second try. this time I requested a new password via email. I used the program generated password to login and changed the password. Now, I saw my password in database is also encrypted. so the problem is in the updating process that has turn the encryted password back to plain text. I don't know whether it is a bug. I don't know whether all my users on the list have to request new passwords themselves, too. it will be painful to them.

in my case, do I need to do: UPDATE CPG_config SET value = '0' WHERE name = 'enable_encrypted_passwords' LIMIT 1 ; and update again? or should I change it via phpMyAdmin. which data table and variable should be delt with? 

thank you very much for your help.

Tranz

Quote from: kding on January 12, 2006, 06:41:35 AM
Paver, my problem is a close one. after updating to cpg1.43, all the passwords turn into plain english. Login became a problem. I tried two things after that. One is to register as a new user. I saw the new user's password was encrypted so login as the new user has no problem. Then I did a second try. this time I requested a new password via email. I used the program generated password to login and changed the password. Now, I saw my password in database is also encrypted. so the problem is in the updating process that has turn the encryted password back to plain text. I don't know whether it is a bug. I don't know whether all my users on the list have to request new passwords themselves, too. it will be painful to them.
Actually, there was no password encryption until cpg 1.4. So there's no way you could have had encrypted passwords get changed to plaintext by upgrading to 1.4, unless you had some hack that used encrypted passwords. Otherwise, pre-1.4 passwords were plaintext. Even then, it's not easy to decrypt encrypted passwords and make them plaintext and no one in their right mind would do that as part of an upgrade process.

Paver

kding: As TranzNDance said, encrypted passwords were added in 1.4.x.  Your problem may be similary to nytelifenyc's.  Your plain-text passwords from pre-1.4 are still in the database but your enable_encrypted_passwords setting is set to '1' which means Coppermine assumes your passwords are encrypted even though they are not.  So when you type in a password to login, Coppermine encrypts what you type in, then compares that to what's in the database.  Since the password in the database is unencrypted, they don't match and you cannot login.  Since your newly-created passwords are encrypted, it seems certain that enable_encrypted passwords is set to '1'.

To clean things up, you could use phpMyAdmin to set this setting (in the cpg_config table) to '0' or use my suggestion.  phpMyAdmin is preferable since it's the simplest.  My suggestion would require running the update script again and I don't know if there are any other issues since you've gone past that upgrade.

Afterwards, delete the newly-created users (that have encrypted passwords).  Then if you want to have encrypted passwords, set that setting on your config screen and Coppermine will convert your plain-text passwords into encyrpted passwords.  Note that you cannot go backwards to plain-text afterwards (Coppermine warns you of that).

Joachim Müller

bottom line: don't use Fantastico, it's buggy. Use the cpg1.4.3 package from our page and upgrade as suggested in the docs that come with it.