View Issue Details

This bug affects 1 person(s).
 4
IDProjectCategoryView StatusLast Update
06925Bug reportsAuthenticationpublic2012-11-28 10:14
Reportermsorriano Assigned Toc_schmitz  
PriorityhighSeveritypartial_block 
Status closedResolutionfixed 
Product Version2.00+ 
Fixed in Version2.00+ 
Summary06925: Administration login using a link with one time password (Limesurvey v2) -> one modification
Description

Hello,

http://bugs.limesurvey.org/view.php?id=6873

Just one modification in application/controllers/UserIdentity.php

59 //elseif ($sStoredPassword !== hash('sha256', $this->password))
60 //{
61 // $this->errorCode = self::ERROR_PASSWORD_INVALID;
62 //}

because $sStoredPassword is different from hash('sha256', $this->password) so url authentication don't work.

Regards

Additional Information

Désolé pour mon anglais je suis français.
Sorry for my english, i'm french.

J'ai remonté un bogue, il y a quelques semaines : http://bugs.limesurvey.org/view.php?id=6873

Mais l'authentification n'a pas marché. J'ai regardé dans le code et en enlevant les lignes 59 à 62 :
//elseif ($sStoredPassword !== hash('sha256', $this->password))
//{
// $this->errorCode = self::ERROR_PASSWORD_INVALID;
//}

ça a marché.

Je pourrai garder mon code mais à la prochaine mise à jour, il sera écraser.
Vous pouvez modifier le votre svp?

Merci,
Cordialement

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)121116
I will donate to the project if issue is resolvedNo
BrowserAll
Database type & version164
Server OS (if known)Debian
Webserver software & version (if known)Debian + apache + php + mysql
PHP Version5.3

Relationships

related to 06873 closedc_schmitz Administration login using a link with one time password (Limesurvey v2) 

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2012-11-25 20:48

administrator   ~22490

I am sorry but I don't see the reason for that.
That part is never used because the previous if clause:

        if ($sOneTimePassword!='' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword)==$user->one_time_pw)
        {
            $user->one_time_pw='';
            $user->save();
            $this->id = $user->uid;
            $this->user = $user;
            $this->errorCode = self::ERROR_NONE;
        }

If you need to comment the following part then you are doing something wrong.

msorriano

msorriano

2012-11-26 17:01

reporter   ~22546

I made a mistake, it isn't application/controllers/UserIdentity.php but application/core/UserIdentity.php,
Sorry.

I understand where is my problem :

LSYii_Application Object
(
[config:protected] => Array
(
...
[use_one_time_passwords] =>
...

While in my file / config.php :

...
// Debug Settings
$debug = 0;

$use_one_time_passwords = true;

I am looking why the variable is not true just before if ($sOneTimePassword!='' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword)==$user->one_time_pw)

msorriano

msorriano

2012-11-28 10:06

reporter   ~22614

I found it!

I add "'use_one_time_passwords'=>true" at the end of /application/config/config.php like it :

            'debug'=>0,
            'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2
            'use_one_time_passwords'=>true
    )

);

and it work.

Thank you for your help

Issue History

Date Modified Username Field Change
2012-11-22 10:59 msorriano New Issue
2012-11-24 01:14 c_schmitz Assigned To => c_schmitz
2012-11-24 01:14 c_schmitz Status new => assigned
2012-11-24 23:17 c_schmitz Relationship added related to 06873
2012-11-25 20:48 c_schmitz Note Added: 22490
2012-11-25 20:48 c_schmitz Status assigned => feedback
2012-11-26 17:01 msorriano Note Added: 22546
2012-11-26 17:01 msorriano Status feedback => assigned
2012-11-28 10:06 msorriano Note Added: 22614
2012-11-28 10:14 c_schmitz Status assigned => closed
2012-11-28 10:14 c_schmitz Resolution open => fixed
2012-11-28 10:14 c_schmitz Fixed in Version => 2.00+