Bug when change admin password

[voltron81]

Hello to everybody,
I want just tell to the community that I found a bug in ISPConfig (3.0.0.3 and 3.0.0.4).
Basically, after the installation, I can enter in ISPConfig with admin/admin as username and password.
When I change the password (Tools->Password and Language) and after I log out, I can not enter anymore in ISPConfig.
A week ago a my colleague had a look to the code and discover that whas a problem with the encryption of the password.
He solve it, but now I've to reinstall everything and I'll have the same problem... and he's in holday now for next 2 weeks.
So, somebody have an idea how to fix this bug?

Thanks
Michele

[falko]

Please update to 3.0.1.4.

[voltron81]

I' m sorry, but it's happening even with ISPConfig 3.0.1.4...

[mzerbe]

I had the same issue with the 3.0.1.4 beta version.

There is a forum threat somewhere, that explains how to change the admin password by using phpmyadmin.

All you need are the credentials for the database, and knowledge (or an website) to create a new md5 password.


Hope that helps.

[till]

Did you entered any special chars? I tested it several times now and I was not able to reproduce it yet. Maybe someone can send me a password that caused this beahviour on his server together with the used ispconfig and php and linux version as pm or to dev [at] ispconfig [dot] org so we get this fixed in the next release.

[mzerbe]

Hi Till,

in my case, the password was containing a single # at the end of the password, everything before Numbers and Normal characters.

Password length: 11 characters (and # was the 11th)


Hope that helps to found the root cause.

EDIT: Forgot to mention:

# uname -a
Linux 2.6.26-2-amd64 #1 SMP Fri Aug 14 07:12:04 UTC 2009 x86_64 GNU/Linux

# cat /etc/debian_version
5.0.3

MySQL Server Version: 5.0.51a-24+lenny2
Apache 2.2.9
PHP version 5.2.6-1+lenny3
Locale en_US, de_DE, th_TH

ISPConfig 3.0.1.4 beta from SVN (At the time as that happened to me)

[till]

I tested it on a current debian lenny install and I was not able to reproduce it here. the only difference that i see is that my system here is 32bit.

Please create a file:

/usr/local/ispconfig/interface/web/test.php

with the content:

Code:

<?php
if (CRYPT_MD5 == 1) {
    echo 'MD5:          ' . crypt('rasmuslerdorf', '$1$rasmusle$') . "\n";
}
?>

call it in the browser

http://yourserver:8080/test.php

and post the output. The output on my system is:

Code:

MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0

Update:

I was able to test it also on a 64Bit CentOS 5.3 system now and changing the password worked there.

[mzerbe]

No difference in OUTPUT:

Code:

MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0

[xaver]

Hi,

i had this problem too. But is long ago, i had trouble with my mysql-server (5.1) and i went back to 5.0.

If you use firefox try Tamper Data addon. It get every send Data between your pc and the Server. You can look into the informations. Maybe some problem by sending the password.