vb.org Archive - Same username+password as live but login with it locally.

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)

- - Same username+password as live but login with it locally. (https://vborg.vbsupport.ru/showthread.php?t=307889)

leitel

02-03-2014 09:49 PM

Same username+password as live but login with it locally.

I am staging for an upgrade from 4.1x to 4.2.2.
I pull down db+code, run upgrade, go to login as admin and it rejects credentials.
I compare live/local password+salt for userid=1 and they are the same.

I run the following using the ACTUAL admin password:

Code:

UPDATE `user`

SET `password` = MD5(CONCAT(MD5('****'), `user`.`salt`))

WHERE `userid` = 1;

I can now login. HOWEVER, I compare previous/updated password values and they are DIFFERENT!!!!

Is the updated codebase using a different hashing method being used?

What's going on?

Thank You :)

kh99	02-03-2014 09:57 PM

Quote:

Originally Posted by leitel (Post 2478872)

Is the updated codebase using a different hashing method being used?

That is strange, but the hashing algorithm hasn't changed, and if it had your update wouldn't have fixed the problem.

leitel

02-03-2014 10:04 PM

As a precaution, I suppose I can force users to reset their password after this upgrade. The site was hacked a little while back. I slapped on a temporary bandage. So forcing users to reset their password with this upgrade wouldn't be a bad thing.

ozzy47

02-03-2014 10:05 PM

That sounds like a good idea, will ensure you are secure then. :)

kh99	02-03-2014 10:11 PM

I wonder if it could be a difference in character sets between databases? Forcing users to change password might not be a bad idea, but if you want to figure out why you're having a problem, maybe you could put some test code in includes/functions_login.php, in function verify_authentication, to see what's happening.

leitel

02-03-2014 10:35 PM

Good catch!

Live collation: utf8_unicode_ci

I created local as: utf8_general_ci

Thank you!! :)

--------------- Added [DATE]1391471124[/DATE] at [TIME]1391471124[/TIME] ---------------

Since we are on the subject, I forget why it was ever set to utf8_unicode_ci. The site is an English language site. Is there a problem with leaving it as utf8_unicode_ci?

kh99	02-03-2014 11:03 PM

Quote:

Originally Posted by leitel (Post 2478890)

Since we are on the subject, I forget why it was ever set to utf8_unicode_ci. The site is an English language site. Is there a problem with leaving it as utf8_unicode_ci?

To be honest I don't know. I guess if the site is working then it's best to leave it that way.

All times are GMT. The time now is 06:48 PM.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01026 seconds Memory Usage 1,725KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (7)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: