08799: Administration login using a link with one time password -> Version 2.05+ Build 140302

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

08799	Bug reports	Authentication	public	2014-03-03 15:04	2014-03-17 13:14

Reporter	msorriano	Assigned To	mdekker
Priority	high	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	2.05+
Fixed in Version	2.05+

Summary	08799: Administration login using a link with one time password -> Version 2.05+ Build 140302
Description	What is URL for administration loging on Limesurvey v2 please ? http://www.yourdomain.org/limesurvey/admin/admin.php?user=nomutilisateur&onepass;=motdepassesecret (http://manual.limesurvey.org/Manage_users) not work. Regards, Maxime Sorriano
Steps To Reproduce	Make a random password and insert in mysql : for ($i=0; $i<10; $i++) { $d=rand(1,30)%2; $password .= $d ? chr(rand(65,90)) : chr(rand(48,57)); } mysql_query('UPDATE lime_users SET one_time_pw="' . md5($password) . '" WHERE users_name LIKE "' . $login . '"'); and redirect : header("Location: " . $URLadmin . "index.php/admin/authentication/login?user=" . $login . "&onepass=" . $password);
Tags	No tags attached.

Bug heat	6
Complete LimeSurvey version number (& build)	140302
I will donate to the project if issue is resolved	No
Browser	All
Database type & version	5.5.35
Server OS (if known)	Debian
Webserver software & version (if known)	Apache/2.2.22 (Debian)
PHP Version	5.4.4-14+deb7u7

User List	There are no users monitoring this issue.

c_schmitz 2014-03-03 15:31 administrator ~29076	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13967

c_schmitz 2014-03-03 15:31 administrator ~29077	Please check if the fix above does help.

msorriano 2014-03-03 15:56 reporter ~29080	Thanks a lot for your help. But sorry, now i have an other error on /index.php/admin/authentication/sa/login : "Incorrect username and/or password!"

mdekker 2014-03-06 12:52 reporter ~29115	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13982

mdekker 2014-03-06 12:53 reporter ~29116	Make sure the setting 'use_one_time_passwords' is also set to true in your config file.

msorriano 2014-03-06 14:53 reporter ~29117	Thank you very much, it's perfect :) Thank you for your response, and congratulations for this wonderful application. Have a nice day

c_schmitz 2014-03-17 13:14 administrator ~29276	2.05+ Build 140317 released

LimeSurvey: master b5b00652 2014-03-03 14:30:54 c_schmitz Details Diff	Fixed issue 08799: One time passwords not working	Affected Issues 08799
	mod - application/controllers/admin/authentication.php	Diff File
LimeSurvey: master 1f54eafe 2014-03-06 11:52:36 mdekker Details Diff	Fixed 08799: Administration login using a link with one time password	Affected Issues 08799
	mod - application/controllers/admin/authentication.php	Diff File
	mod - application/core/plugins/Authdb/Authdb.php	Diff File

Date Modified	Username	Field	Change
2014-03-03 15:04	msorriano	New Issue
2014-03-03 15:29	c_schmitz	Assigned To	=> c_schmitz
2014-03-03 15:29	c_schmitz	Status	new => assigned
2014-03-03 15:31	c_schmitz	Changeset attached	=> LimeSurvey master b5b00652
2014-03-03 15:31	c_schmitz	Note Added: 29076
2014-03-03 15:31	c_schmitz	Resolution	open => fixed
2014-03-03 15:31	c_schmitz	Note Added: 29077
2014-03-03 15:31	c_schmitz	Status	assigned => resolved
2014-03-03 15:31	c_schmitz	Fixed in Version	=> 2.05+
2014-03-03 15:56	msorriano	Note Added: 29080
2014-03-03 15:56	msorriano	Status	resolved => feedback
2014-03-03 15:56	msorriano	Resolution	fixed => reopened
2014-03-06 12:52	mdekker	Assigned To	c_schmitz => mdekker
2014-03-06 12:52	mdekker	Status	feedback => assigned
2014-03-06 12:52	mdekker	Changeset attached	=> LimeSurvey master 1f54eafe
2014-03-06 12:52	mdekker	Note Added: 29115
2014-03-06 12:53	mdekker	Note Added: 29116
2014-03-06 14:53	msorriano	Note Added: 29117
2014-03-06 15:35	mdekker	Status	assigned => resolved
2014-03-06 15:35	mdekker	Resolution	reopened => fixed
2014-03-17 13:14	c_schmitz	Note Added: 29276
2014-03-17 13:14	c_schmitz	Status	resolved => closed