Bug when change admin password

Discussion in 'Developers' Forum' started by voltron81, Sep 10, 2009.

  1. voltron81

    voltron81 New Member

    Hello to everybody,
    I want just tell to the community that I found a bug in ISPConfig (3.0.0.3 and 3.0.0.4).
    Basically, after the installation, I can enter in ISPConfig with admin/admin as username and password.
    When I change the password (Tools->Password and Language) and after I log out, I can not enter anymore in ISPConfig.
    A week ago a my colleague had a look to the code and discover that whas a problem with the encryption of the password.
    He solve it, but now I've to reinstall everything and I'll have the same problem... and he's in holday now for next 2 weeks.
    So, somebody have an idea how to fix this bug?

    Thanks
    Michele
     
  2. falko

    falko Super Moderator

    Please update to 3.0.1.4.
     
  3. voltron81

    voltron81 New Member

    I' m sorry, but it's happening even with ISPConfig 3.0.1.4... :confused:
     
  4. mzerbe

    mzerbe New Member

    I had the same issue with the 3.0.1.4 beta version.

    There is a forum threat somewhere, that explains how to change the admin password by using phpmyadmin.

    All you need are the credentials for the database, and knowledge (or an website) to create a new md5 password.


    Hope that helps.
     
  5. till

    till Super Moderator

    Did you entered any special chars? I tested it several times now and I was not able to reproduce it yet. Maybe someone can send me a password that caused this beahviour on his server together with the used ispconfig and php and linux version as pm or to dev [at] ispconfig [dot] org so we get this fixed in the next release.
     
  6. mzerbe

    mzerbe New Member

    Hi Till,

    in my case, the password was containing a single # at the end of the password, everything before Numbers and Normal characters.

    Password length: 11 characters (and # was the 11th)


    Hope that helps to found the root cause.

    EDIT: Forgot to mention:

    # uname -a
    Linux 2.6.26-2-amd64 #1 SMP Fri Aug 14 07:12:04 UTC 2009 x86_64 GNU/Linux

    # cat /etc/debian_version
    5.0.3

    MySQL Server Version: 5.0.51a-24+lenny2
    Apache 2.2.9
    PHP version 5.2.6-1+lenny3
    Locale en_US, de_DE, th_TH

    ISPConfig 3.0.1.4 beta from SVN (At the time as that happened to me)
     
    Last edited: Sep 17, 2009
  7. till

    till Super Moderator

    I tested it on a current debian lenny install and I was not able to reproduce it here. the only difference that i see is that my system here is 32bit.

    Please create a file:

    /usr/local/ispconfig/interface/web/test.php

    with the content:

    Code:
    <?php
    if (CRYPT_MD5 == 1) {
        echo 'MD5:          ' . crypt('rasmuslerdorf', '$1$rasmusle$') . "\n";
    }
    ?>
    call it in the browser

    http://yourserver:8080/test.php

    and post the output. The output on my system is:

    Code:
    MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0
    Update:

    I was able to test it also on a 64Bit CentOS 5.3 system now and changing the password worked there.
     
    Last edited: Sep 24, 2009
  8. mzerbe

    mzerbe New Member

    No difference in OUTPUT:

    Code:
    MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0
     
  9. xaver

    xaver New Member

    Hi,

    i had this problem too. But is long ago, i had trouble with my mysql-server (5.1) and i went back to 5.0.

    If you use firefox try Tamper Data addon. It get every send Data between your pc and the Server. You can look into the informations. Maybe some problem by sending the password.
     

Share This Page