Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-03-2014, 09:49 PM
leitel leitel is offline
 
Join Date: Mar 2003
Location: Costa Rica
Posts: 118
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Same username+password as live but login with it locally.

I am staging for an upgrade from 4.1x to 4.2.2.
I pull down db+code, run upgrade, go to login as admin and it rejects credentials.
I compare live/local password+salt for userid=1 and they are the same.

I run the following using the ACTUAL admin password:

Code:
UPDATE `user`
SET `password` = MD5(CONCAT(MD5('****'), `user`.`salt`))
WHERE `userid` = 1;
I can now login. HOWEVER, I compare previous/updated password values and they are DIFFERENT!!!!

Is the updated codebase using a different hashing method being used?

What's going on?

Thank You
Reply With Quote
  #2  
Old 02-03-2014, 09:57 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by leitel View Post
Is the updated codebase using a different hashing method being used?

That is strange, but the hashing algorithm hasn't changed, and if it had your update wouldn't have fixed the problem.
Reply With Quote
  #3  
Old 02-03-2014, 10:04 PM
leitel leitel is offline
 
Join Date: Mar 2003
Location: Costa Rica
Posts: 118
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As a precaution, I suppose I can force users to reset their password after this upgrade. The site was hacked a little while back. I slapped on a temporary bandage. So forcing users to reset their password with this upgrade wouldn't be a bad thing.
Reply With Quote
  #4  
Old 02-03-2014, 10:05 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That sounds like a good idea, will ensure you are secure then.
Reply With Quote
  #5  
Old 02-03-2014, 10:11 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I wonder if it could be a difference in character sets between databases? Forcing users to change password might not be a bad idea, but if you want to figure out why you're having a problem, maybe you could put some test code in includes/functions_login.php, in function verify_authentication, to see what's happening.
Reply With Quote
Благодарность от:
ozzy47
  #6  
Old 02-03-2014, 10:35 PM
leitel leitel is offline
 
Join Date: Mar 2003
Location: Costa Rica
Posts: 118
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Good catch!

Live collation: utf8_unicode_ci

I created local as: utf8_general_ci

Thank you!!

--------------- Added [DATE]1391471124[/DATE] at [TIME]1391471124[/TIME] ---------------

Since we are on the subject, I forget why it was ever set to utf8_unicode_ci. The site is an English language site. Is there a problem with leaving it as utf8_unicode_ci?
Reply With Quote
  #7  
Old 02-03-2014, 11:03 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by leitel View Post
Since we are on the subject, I forget why it was ever set to utf8_unicode_ci. The site is an English language site. Is there a problem with leaving it as utf8_unicode_ci?
To be honest I don't know. I guess if the site is working then it's best to leave it that way.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:04 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04216 seconds
  • Memory Usage 2,218KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (1)post_thanks_box_bit
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete