Reset to factory default breaks encrypted galleries. Reset to factory default breaks encrypted galleries.
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Reset to factory default breaks encrypted galleries.

Started by Nibbler, December 02, 2005, 05:17:36 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Nibbler

Factory defaults sets encrypted passwords to off in config, although it fails to reverse md5 the passwords in the user table.
Factory defaults sets encrypted passwords to on in config.

It should just need an extra query to set the config table back to the current $CONFIG value of enable_encrypted_passwords after the reset.

donnoman

Actually the problem is the REVERSE.

Basic.sql enables encrypted passwords. When someone who has upgraded thier gallery from 1.3 and not enabled encrypted passwords resets thier gallery to 1.4 defaults, encrypted passwords is set to on.

I see two options:
#1 Don't let them reset to defaults until they have enabled encrypted passwords.
#2 Automatically convert the system to encrypted passwords when they select reset to defaults.

I think #2 is what we were trying to avoid, so I think #1 is the least evil option.

reference: http://forum.coppermine-gallery.net/index.php?topic=24516.msg113319#msg113319


Paver

I like Nibbler's suggestion better; it seems more natural to what people upgrading would expect (when they hit "restore factory defaults").  In admin.php, before executing basic.sql (after isset($_POST['restore_config'])), modify the offending line with the current value in $CONFIG, then execute.

donnoman



Hussein

I upgraded from 1.3.2 to 1.4.2 and accidentally hit the restore factory settings and now I can't login as admin.  I didn't understand how to resolve the problem.  Can someone explain in layman terms?

Nibbler

Please use the support board, this board is strictly for discussing the bug itself.