Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Reset to factory default breaks encrypted galleries.  (Read 7677 times)

0 Members and 1 Guest are viewing this topic.

Nibbler

  • Guest
Reset to factory default breaks encrypted galleries.
« on: December 02, 2005, 05:17:36 pm »

Factory defaults sets encrypted passwords to off in config, although it fails to reverse md5 the passwords in the user table.
Factory defaults sets encrypted passwords to on in config.

It should just need an extra query to set the config table back to the current $CONFIG value of enable_encrypted_passwords after the reset.
« Last Edit: December 15, 2005, 07:19:35 pm by Nibbler »
Logged

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: Reset to factory default breaks encrypted galleries.
« Reply #1 on: December 04, 2005, 02:40:13 am »

Actually the problem is the REVERSE.

Basic.sql enables encrypted passwords. When someone who has upgraded thier gallery from 1.3 and not enabled encrypted passwords resets thier gallery to 1.4 defaults, encrypted passwords is set to on.

I see two options:
#1 Don't let them reset to defaults until they have enabled encrypted passwords.
#2 Automatically convert the system to encrypted passwords when they select reset to defaults.

I think #2 is what we were trying to avoid, so I think #1 is the least evil option.

reference: http://forum.coppermine-gallery.net/index.php?topic=24516.msg113319#msg113319

Logged

Paver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1609
  • Paul V.
Re: Reset to factory default breaks encrypted galleries.
« Reply #2 on: December 04, 2005, 02:50:03 am »

I like Nibbler's suggestion better; it seems more natural to what people upgrading would expect (when they hit "restore factory defaults").  In admin.php, before executing basic.sql (after isset($_POST['restore_config'])), modify the offending line with the current value in $CONFIG, then execute.
« Last Edit: December 04, 2005, 03:12:42 am by Paver »
Logged

donnoman

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 1615
  • From donovanbray.com
    • Donovan Bray
Re: Reset to factory default breaks encrypted galleries.
« Reply #3 on: December 04, 2005, 04:35:20 am »

I concur, Nibbler's suggestion is the best.
Logged

Nibbler

  • Guest
Re: Reset to factory default breaks encrypted galleries.
« Reply #4 on: December 15, 2005, 06:54:10 pm »

Fix commited to CVS.
Logged

Hussein

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: Reset to factory default breaks encrypted galleries.
« Reply #5 on: February 02, 2006, 06:30:33 pm »

I upgraded from 1.3.2 to 1.4.2 and accidentally hit the restore factory settings and now I can't login as admin.  I didn't understand how to resolve the problem.  Can someone explain in layman terms?
Logged

Nibbler

  • Guest
Re: Reset to factory default breaks encrypted galleries.
« Reply #6 on: February 02, 2006, 06:33:38 pm »

Please use the support board, this board is strictly for discussing the bug itself.
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 18 queries.