Check out the LimeSurvey source code on GitHub!
Welcome, Guest
Username: Password:

TOPIC: Problem with password encryption after transferring installation

Problem with password encryption after transferring installation 2 years 1 month ago #110676

  • kmc13
  • kmc13's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 3
  • Thank you received: 1
  • Karma: 0
Hi there,

I have just managed to get my LS installation transferred to a new server, logged in and everything appears to be working as normal. Well almost everything..

There is some issues with the password encryption, the passwords are not working in there regular format. I see they are saved in the Database in hashed bytea form (eg. "582f443f5477a4d6f50f33c14edb1abcbf2048eccc130f430caj4s8hp6e54cdd"). If I copy paste this into the password box I can log in but it fails if I enter the regular/ non encrypted password.

Not sure how to fix this.. any ideas?

I'm running LS version 2.00+ on Apache 2.2 with PHP 5.4.

Cheers,

Keith.
The administrator has disabled public write access.

Problem with password encryption after transferring installation 2 years 1 month ago #110731

  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • Moderator Lime
  • Posts: 9305
  • Thank you received: 1330
  • Karma: 386
Hard to detect without testing in my postgre install (and no time actually).

But PG 8.x seems have some issue .

Try editing application/core/UserIdentity.php
if (gettype($user->password)=='resource')
                {
                    $sStoredPassword=stream_get_contents($user->password,-1,0);  // Postgres delivers bytea fields as streams :-o
                }
                else
                {
                    $sStoredPassword=$user->password;
                }
to
if (false && gettype($user->password)=='resource')
                {
                    $sStoredPassword=stream_get_contents($user->password,-1,0);  // Postgres delivers bytea fields as streams :-o
                }
                else
                {
                    $sStoredPassword=$user->password;
                }

And we use sha256 to validate password:
elseif ($sStoredPassword !== hash('sha256', $this->password))
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.
The following user(s) said Thank You: kmc13

Problem with password encryption after transferring installation 2 years 1 month ago #110736

  • kmc13
  • kmc13's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 3
  • Thank you received: 1
  • Karma: 0
Thanks for your reply, I have just figured out.. It was the Postgres database that I hadn't set up correctly.. I had to define the Variable 'bytea_output' = escape and I also replicated the Privileges that were on the old DB.
The administrator has disabled public write access.
The following user(s) said Thank You: DenisChenu

Problem with password encryption after transferring installation 2 years 1 month ago #110758

  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • Moderator Lime
  • Posts: 9305
  • Thank you received: 1330
  • Karma: 386
kmc13 wrote:
Thanks for your reply, I have just figured out.. It was the Postgres database that I hadn't set up correctly.. I had to define the Variable 'bytea_output' = escape and I also replicated the Privileges that were on the old DB.
Hi,

Maybe you can put some information for other PostGre user on our manual : manual.limesurvey.org/Installation_FAQ can be a good place.
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.323 seconds
Imprint                   Data Protection Statement                  Revocation information and revocation form