New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User Login Fails #56

Closed
gaia opened this Issue Apr 8, 2014 · 16 comments

Comments

Projects
None yet
5 participants
@gaia
Copy link

gaia commented Apr 8, 2014

All notices pointed to a successful upgrade. I then chose user/pword, but when I tried to login it gave me incorrect password. So I reset it. Three times. And I still can't get in.

Please advise.

@dopeh

This comment has been minimized.

Copy link
Member

dopeh commented Apr 8, 2014

Hi gaia,

That is strange, I have not seen that before. In order to login, you can change the hash in the database directly for now, the following hash wil set your password to "password": "$2y$10$uLRnO2EL9iGJra9DFxtH3ejrLxAmLo.BzIR0RwyYUNQbq1eSVQJMC"

To figure out why the password reset is not working, could you add the following line to your config.php file, this will enable debug mode and should display any PHP errors that occur:
define('PSM_DEBUG', true);

Let me know how that works out.

Regards,
Pep

@RagamuffinZong

This comment has been minimized.

Copy link

RagamuffinZong commented Apr 8, 2014

Hi together,

i just installed PHP Server Monitor v3.0.0 for the first time and i got the same problem like gaia (can't login). I just get a 'The information is incorrect.' response. Set PSM_DEBUG to true gives no additional output. If i set the password manually in database like described, i still can't login. If i try to reset the password by phpmon itself, the password hash in database will be deleted and a login is not possible again.

Best Regards,
Marcus

@gaia

This comment has been minimized.

Copy link

gaia commented Apr 8, 2014

Thanks. I will wait for a potential fix, since someone else is having the same problem. I upgraded from the latest version previous to 3.0

@dopeh

This comment has been minimized.

Copy link
Member

dopeh commented Apr 8, 2014

It appears the password hash functions don't return anything. Could you let me know what version of PHP you guys have by creating a new file with these contents:

<?php
phpinfo();
?>

and opening it in your browser?

Edit: and perhaps you can also add the results of this:

<?php
var_dump(function_exists('crypt'));
?>
@gaia

This comment has been minimized.

Copy link

gaia commented Apr 8, 2014

Attached.

Thanks!

@gaia

This comment has been minimized.

Copy link

gaia commented Apr 8, 2014

Try now https://drive.google.com/file------

edit by @dopeh: removing link to pdf invoice

@RagamuffinZong

This comment has been minimized.

Copy link

RagamuffinZong commented Apr 8, 2014

First:
PHP Version 5.3.3-7+squeeze19
Linux we305 2.6.32-5-amd64 #1 SMP Mon Sep 23 22:14:43 UTC 2013 x86_64
This server is protected with the Suhosin Patch 0.9.9.1

Second:
bool(true)

@dopeh

This comment has been minimized.

Copy link
Member

dopeh commented Apr 8, 2014

@gaia that is an amazon invoice..?
@RagamuffinZong the problem is the PHP version. The phpservermon password hash uses the "$2y$" prefix which is not supported prior to PHP 5.3.7 (see http://www.php.net/security/crypt_blowfish.php). While it is recommended to upgrade to 5.3.7 asap, I understand it may not be possible if you are on a shared host.. Let me get back to you on this.

The readme should have said 5.3.7+ required..

@gaia

This comment has been minimized.

Copy link

gaia commented Apr 8, 2014

ouch, yes, thanks for removing it.

here

https://drive.google.com/file/d/0B8M2G_l-f_g6VmdEMkVVWTJ4WWc/edit?usp=sharing

and bool(true)

it's a cheap vps. "apt-get upgrade" & "apt-get update" do not offer a higher version of PHP.

@RagamuffinZong

This comment has been minimized.

Copy link

RagamuffinZong commented Apr 8, 2014

Ah, ok. Yes, i tried to install on a shared host to observe a virtual server :-) Anyway, thanks for the fast reply! I will keep an eye on the phpservermon project.

@gaia

This comment has been minimized.

Copy link

gaia commented Apr 8, 2014

really didn't want to mess with this VPS now... could i just disable the auth? I already use another type of auth anyways (always had)

@dopeh

This comment has been minimized.

Copy link
Member

dopeh commented Apr 9, 2014

So the requirement should have been bumped up to PHP 5.3.7 for this release, sorry for not making that clear in the release. The current user implementation does not work with older versions, and I don't feel a lot like making it backwards compatible (we are talking about 2011 here and not a lot of users still running this).
As a temporary fix, in order to make sure you can reset your password and login, you could do the following:

  • Open src/includes/password_compatibility_library.inc.php
  • Replace on the following lines "$2y$" with "$2a$":
    line 79
    line 185
    line 188

This should allow you to use the 3.0.0 release with user authentication on old PHP 5.3 versions. As for future releases, I am not sure right now :-)

@gaia

This comment has been minimized.

Copy link

gaia commented Apr 9, 2014

79 was $2y$%02d$, replaced

185 was replaced

188 was $2y$%d$, replaced

And still can’t login

Thanks!

@dopeh

This comment has been minimized.

Copy link
Member

dopeh commented Apr 9, 2014

Did you reset your password again? Make sure you don't use any non-ASCII chars in your password because that was part of the problem they needed to fix.
If that still doesn't work, send me an email (pep -at- neanderthal-technology com) and maybe I can have a look for you.

@dopeh dopeh added the wontfix label Apr 10, 2014

@dopeh dopeh closed this Apr 10, 2014

@dopeh dopeh added this to the 3.0.1 milestone Apr 12, 2014

@dopeh dopeh self-assigned this Apr 12, 2014

@raenk

This comment has been minimized.

Copy link

raenk commented Jun 13, 2015

Same problem running 5.4.41

Tried everything

PHP 5.4.41 (cli) (built: May 14 2015 23:15:28)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies

@rorian

This comment has been minimized.

Copy link

rorian commented Mar 24, 2017

Sam problem,
it's the second time (last time i had to reinstall) now again:
did password reset, can't login, there'is no warning about wrong credentials, i see form data passes properly but in respond i get login screen again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment