Check out the LimeSurvey source code on GitHub!

Problem with password encryption after transferring installation

More
2 years 7 months ago #110676 by kmc13
Hi there,

I have just managed to get my LS installation transferred to a new server, logged in and everything appears to be working as normal. Well almost everything..

There is some issues with the password encryption, the passwords are not working in there regular format. I see they are saved in the Database in hashed bytea form (eg. "582f443f5477a4d6f50f33c14edb1abcbf2048eccc130f430caj4s8hp6e54cdd"). If I copy paste this into the password box I can log in but it fails if I enter the regular/ non encrypted password.

Not sure how to fix this.. any ideas?

I'm running LS version 2.00+ on Apache 2.2 with PHP 5.4.

Cheers,

Keith.

Please Log in to join the conversation.

More
2 years 7 months ago #110731 by DenisChenu
Hard to detect without testing in my postgre install (and no time actually).

But PG 8.x seems have some issue .

Try editing application/core/UserIdentity.php
if (gettype($user->password)=='resource')
                {
                    $sStoredPassword=stream_get_contents($user->password,-1,0);  // Postgres delivers bytea fields as streams :-o
                }
                else
                {
                    $sStoredPassword=$user->password;
                }
to
if (false && gettype($user->password)=='resource')
                {
                    $sStoredPassword=stream_get_contents($user->password,-1,0);  // Postgres delivers bytea fields as streams :-o
                }
                else
                {
                    $sStoredPassword=$user->password;
                }

And we use sha256 to validate password:
elseif ($sStoredPassword !== hash('sha256', $this->password))

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
The following user(s) said Thank You: kmc13

Please Log in to join the conversation.

More
2 years 7 months ago #110736 by kmc13
Thanks for your reply, I have just figured out.. It was the Postgres database that I hadn't set up correctly.. I had to define the Variable 'bytea_output' = escape and I also replicated the Privileges that were on the old DB.
The following user(s) said Thank You: DenisChenu

Please Log in to join the conversation.

More
2 years 7 months ago #110758 by DenisChenu

kmc13 wrote: Thanks for your reply, I have just figured out.. It was the Postgres database that I hadn't set up correctly.. I had to define the Variable 'bytea_output' = escape and I also replicated the Privileges that were on the old DB.

Hi,

Maybe you can put some information for other PostGre user on our manual : manual.limesurvey.org/Installation_FAQ can be a good place.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form