forum.coppermine-gallery.net
Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: Nibbler on July 01, 2005, 03:54:53 pm
-
Isn't letting me disable the bridge, I suspect it does not support md5 passwords.
-
It doesn't, must have been forgotten when MD5-encryption was introduced. Volunteers?
-
I've painted myself in that corner once or twice, I had to use phpmyadmin and reset the config var.
What exactly do you want to happen to what files? I'll check into it.
-
This bit:
$temp_user_table = $CONFIG['TABLE_PREFIX'].'users';
$results = cpg_db_query("SELECT user_id, user_name, user_password FROM $temp_user_table WHERE user_name = '" . addslashes($_POST['username']) . "' AND BINARY user_password = '" . addslashes($_POST['password']) . "' AND user_active = 'YES' AND user_group = '1'");
Needs to be modified to check if md5 passwords are enabled and hash the entered password if so.
-
There also appears to be a problem if you are missing some of the bridged tables.
You can't get bridgemanager to run at all. It dies with:
While executing query "SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as priv_upl_need_approval FROM cpg14x_usergroups WHERE group_id in (1)" on 0
mySQL error: Table 'smf.cpg14x_usergroups' doesn't exist
I believe it's because calling pageheader starts incuding all of the coppermine stuff, I'm thinking we need to separate bridgemanager a little bit more from the main of coppermine.
-
No problem with that: as the bridge manager is only visible for admin only I could well live with it only using the simple UI of the installer and update.
-
To fix the missing tables problem from a botched bridge setup I set it to always run bridge manager un-bridged by editing this in init.inc.php.
// Set UDB_INTEGRATION if enabled in admin
if ($CONFIG['bridge_enable'] == 1 && !defined('BRIDGEMGR_PHP')) {
$BRIDGE = cpg_get_bridge_db_values();
} else {
To make bridgemanager-recovery honor encrypted passwords I added/modified the following in bridgemanager.php:
// Check if encrypted passwords are enabled
if ($CONFIG['enable_encrypted_passwords']) {
$encpassword = md5(addslashes($_POST['password']));
} else {
$encpassword = addslashes($_POST['password']);
}
$results = cpg_db_query("SELECT user_id, user_name, user_password FROM $temp_user_table WHERE user_name = '" . addslashes($_POST['username']) . "' AND BINARY user_password = '" . $encpassword . "' AND user_active = 'YES' AND user_group = '1'");
if (mysql_num_rows($results)) {
$retrieved_data = mysql_fetch_array($results);
}
if ($retrieved_data['user_name'] == $_POST['username'] && $retrieved_data['user_password'] == $encpassword && $retrieved_data['user_name'] != '' ) {
Fixes committed, can someone verify it works as expected?
-
Works fine now, thanks.