PostNuke users not getting logged into CPG PostNuke users not getting logged into CPG
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

PostNuke users not getting logged into CPG

Started by AutoWebMedia, April 01, 2006, 11:47:35 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

AutoWebMedia

Hi,

I've been using pnCPG 2.x with Postnuke successfully for a while now on www.trackdayheroes.com, so I'm no pnCPG virgin ;)

My challenge is to move all our sites from their current software versions to one normalised build, the biggest and the one I'm doing first being www.rs246.com

My base build is pretty simple:

PostNuke 0.762
PNphpBB2 1.2g
pnCPG 3.3
CPG 1.4.4

The migration process I am using is a little unorthodox...  Install the base build above as a fresh install, and then import the tables from the old install (Making the changes where required to ensure that I'm only importing the data that is required).  This process has worked fine, but pnCPG isn't loging users into Coppermine.  I've attached some screenshots below.

Please Note:  The public sites are not running the new build yet, the screenshots are from the pre-production machine/sites.

Any help appreciated.

Thanks,

PhilT.
PhilT

AutoWebMedia

Oh and is there any chance we could have a longer "Coppermine Table Prefix" field.  I did try the code below, but reverted back to the original settings to try and fix the issue above.

Replace:

    $row[] = $output->FormText('_prf', pnModGetVar('pnCPG', '_prf'),10,10);

With:

    $row[] = $output->FormText('_prf', pnModGetVar('pnCPG', '_prf'),20,20);

I'm not a php expert by far, so I'm unsure if this is sufficient.
PhilT

casNuy

Let's make sure we have all the data we need.
What was the previous version of Coppermine you were using ?
Remember that after the 1.3 series the passwords have been encrypted within Coppermine.
There is a setting in the config-table which will allow you to undo that.
Cause of your way of upgrading, installing from scratch and copying old data, this very well could be one of the causes.
With a clean install of Coppermine 1.4.4 passwords will be encrypted where as in your database they might be unencrypted.

pnCPG offers 2 solutions to deal with this:
1. Change password setting back to unencrypted (see docs)
2. Make use of Dynamic User Data (see docs)
Option 1 will work for as long as there is an option to switch ecryption off. This might not be available in the future. Since my hacks try to stay away from changing core code, option 2 is more future proof and actually offers more flexability.
Cas

AutoWebMedia

Quote from: casNuyWhat was the previous version of Coppermine you were using ?

As far as this test system is concerned, the pnCPG and CPG installs are vanilla.  The only table that is related that has been imported is the PostNuke Users table.  The CPG Users table has entries as I have selected the "Update Coppermine Users from Postnuke previously".

Quote from: casNuyRemember that after the 1.3 series the passwords have been encrypted within Coppermine.

In the approach that I'm taking the pnCPG and CPG install is like having a fresh install with an existing PN site.....  This isn't really an upgrade

Quote from: casNuyThere is a setting in the config-table which will allow you to undo that.
Cause of your way of upgrading, installing from scratch and copying old data, this very well could be one of the causes.

I'm only importing selected PN and PNphpBB tables, not CPG tables.

Quote from: casNuyWith a clean install of Coppermine 1.4.4 passwords will be encrypted where as in your database they might be unencrypted.

This is basically a clean install.

Quote from: casNuypnCPG offers 2 solutions to deal with this:
1. Change password setting back to unencrypted (see docs)
2. Make use of Dynamic User Data (see docs)
Option 1 will work for as long as there is an option to switch ecryption off. This might not be available in the future. Since my hacks try to stay away from changing core code, option 2 is more future proof and actually offers more flexability.

Agreed, and hence why I went for the second option.

One thing I have seen which may help to understand better is this:

1. Login to PN as User_1 go to Gallery http://www.sitename.com/index.php?name=pnCPG
2. User is _not_ logged in automatically, so I go through the CPG "Lost Password"
3. Reset the password, and login to CPG.
4. Logout of PN, then log back in as User_2.
5. Go to gallery and it's says I'm logged in as User_1.  i.e. Logged into PN as User_2, but logged into CPG as User_1.

Reseting the password through CPG caused the entry below in the password table:

PhilT

casNuy

If hyou go in the userdata within PostNuke, can you find the password there for Coppermine ?
If so, can you logon with that password in Coppermine ?

Cas

AutoWebMedia

Does pnCPG 3.3 add three extra fields in the pn_users table?

`user_group_cp` INT( 11 ) DEFAULT '2' NOT NULL
`user_group_list` VARCHAR( 100 ) DEFAULT '2' NOT NULL
`user_active_cp` ENUM( 'YES', 'NO' ) DEFAULT 'YES' NOT NULL
PhilT

AutoWebMedia

Here is the pn_user_data structure:

Quotepn_uda_id      int(11)
pn_uda_propid     int(11)
pn_uda_uid     int(11)
pn_uda_value     mediumblob

The entries look like this:

Quote1     18     44     [BLOB - 4 Bytes]
2    19    44    [BLOB - 3 Bytes]
3    18    1741    [BLOB - 0 Bytes]
4    19    1741    [BLOB - 2 Bytes]
5    18    22    [BLOB - 4 Bytes]
6    19    22    [BLOB - 2 Bytes]
7    18    3    [BLOB - 4 Bytes]
8    19    3    [BLOB - 17 Bytes]
9    18    1270    [BLOB - 4 Bytes]
10    19    1270    [BLOB - 25 Bytes]
11    18    1689    [BLOB - 0 Bytes]
12    19    1689    [BLOB - 0 Bytes]
13    18    1060    [BLOB - 0 Bytes]

PhilT

AutoWebMedia

I think I'm getting closer......

At what stage of the pnCPG install should the following be created?

Quote`user_group_cp` INT( 11 ) DEFAULT '2' NOT NULL
`user_group_list` VARCHAR( 100 ) DEFAULT '2' NOT NULL
`user_active_cp` ENUM( 'YES', 'NO' ) DEFAULT 'YES' NOT NULL

Let me explain the scenario....

1. Import PN old user db, and drop `user_group_cp`, `user_group_list`, and `user_active_cp`(Old CPG tables are not imported).  Why? Because I want to start as if pnCPG & CPG had never been installed.
2. Install CPG via http://www.sitename.com/modules/pnCPG/Coppermine/install.php
3. Activate pnCPG in PN Administration -> Settings -> Modules
4. Configure pnCPG via Administration -> 3rd Party -> pnCPG (inc populate user checked)

The three fileds are not added to pn_users.....
PhilT

AutoWebMedia

OK, so I built a completely fresh site and it still doesn't work.....   No messing with the DB, this is vanilla.  Did the install and then logged out of PN, created a fresh PN account (New User), logged into PN, and when I go to gallery I'm logged in as the first user!?!?!?!?

More details on the environment.

Debian 3.1 r1a
MySQL 4.0.24_Debian-10sarge1-log
PHP Version 4.3.10-16
Apache/2.0.54 (Debian GNU/Linux)
PHP/4.3.10-16
PostNuke 0.762
pnCPG 3.3
CPG 1.4.4
PhilT

casNuy

#9
pnCPG does not add fields to the database but makes use of Dynamic User data. This is described in the docs. Do not mind helping but it would be better if I could see this in action.

In the mean time saw your Private message. When I accesssed  that site, it only seems to contain a testpage.
Suggest you send me an email on cas@nuy.info so we can take care of this issue.
As preparation, simply install all )PostNuke and Coppermine)vanilla and do not yet activate pnCPG.
With the access data provided, we should be able to solve this.

Cas

AutoWebMedia

It's true Cas is a God, and I should RTFM  :-[

I'd missed this part:

1. Logon to postnuke as administrator
2. Go to the admin section, system tab
3. Go to the User section
4. Go to the Dynamic user data
5. Add the field "_CPGPWD", type "string", length 10
PhilT

casNuy

That makes one, now just waiting for the other billions to believe it! ;)
I know that manuals are created to be skipped, my documentation is not that good but as stated here it can help to have a look.

Have fun using Coppermine!

Cas