11220: Admin authentication always fails with Postgresql - LimeSurvey bugs and feature requests

This issue affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update
11220	Bug reports	Authentication	public	2016-05-20 01:29	2016-05-24 09:55

Reporter	rloomans	Assigned To	c_schmitz
Priority	none	Severity	crash
Status	closed	Resolution	no change required
Product Version	2.50.x

Summary	11220: Admin authentication always fails with Postgresql
Description	Any attempt to log into the admin pages fails after installing with a Postgresql database. Clicking the forgot password link resets the password and sends email successfully, but that password doesn't work either. Ditto for resetting the password from the command line. Dropping the config and reconfiguring with a MySQL database works fine. It looks like the workaround in AuthDB for Postgresql isn't working in this case. (The field is a resource type, but the value it gets back from the DB is not the same as the calculated hash)
Tags	No tags attached.
Attached Files	phpinfo().mht (138,363 bytes)

Bug heat	6
Complete LimeSurvey version number (& build)	160512
I will donate to the project if issue is resolved	No
Browser
Database type & version	Postgresql 9.5.2
Server OS (if known)	Linux CentOS 6.7
Webserver software & version (if known)	Apache 2.4.12
PHP Version	5.5.21

User List	There are no users monitoring this issue.

ollehar 2016-05-20 15:49 administrator ~38703	I am using postgresql locally, and never had this problem. My version is (PostgreSQL) 9.3.12, Ubuntu.

ollehar 2016-05-20 15:51 administrator ~38704	Do you get any error message? Check the error log, and please enable debug=2 in application/config/config.php.

rloomans 2016-05-23 07:35 reporter ~38712 Last edited: 2016-05-23 10:58	No error message. The code that's failing is in Authdb.php: if ($sStoredPassword !== hash('sha256', $password)) Adding some debug code above that: die('password: ' . CVarDumper::dumpAsString($password) . ' hash(password): ' . CVarDumper::dumpAsString(hash('sha256', $password)) . ' sStoredPassword: ' . CVarDumper::dumpAsString($sStoredPassword)); The output I get is: password: 'password' hash(password): '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8' sStoredPassword: 'x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438' The contents of the database: I'll also attach the contents of phpinfo(). Perhaps it's because php's postgres drivers are compiled against 8.4 libraries?

rloomans 2016-05-23 08:37 reporter ~38714	FYI, I've tried versions 9.5.2, 9.4.7, 9.3.12 and 9.3.9 of postgres.

ollehar 2016-05-23 10:08 administrator ~38720	How did you install? Did you update from a previous version or is it a clean install?

c_schmitz 2016-05-23 10:55 administrator ~38723	\x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438 is the hexadecimal representation of 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 so it is stored alright.

c_schmitz 2016-05-23 10:57 administrator ~38724	You probably need to run ALTER DATABASE <your_limeSurvey_db> SET bytea_output='escape'; on your database.

rloomans 2016-05-24 02:34 reporter ~38738	@olle It was a clean install.

rloomans 2016-05-24 02:39 reporter ~38739	@c_schmitz that worked. Thanks! Is this something that the installer should do?

c_schmitz 2016-05-24 09:03 administrator ~38740	The installer does it - probably it had no permission to execute it?

rloomans 2016-05-24 09:14 reporter ~38741	I connected to the database on the command line using the same username and password that limesurvey's installer used. The database already existed in postgres, so the install just created the tables. Will the installer still alter the database if it already exists?

c_schmitz 2016-05-24 09:46 administrator ~38742	I checked and I can see now that we dropped this statement some time ago because it was not needed anymore and was causing other issues. I just test-installed on a Postgres 9.4 and and 9.5.3 it works fine without that setting. I really think the problem is that your PHP's postgres drivers are compiled against 8.4 libraries.

c_schmitz 2016-05-24 09:55 administrator ~38756	After consideration this is a no-fix as we only support Postgres 9.x and up (with related drivers :-) ) (Postgres 8 is out of support for two years now and it should not be hard to update the PDO driver libraries.

Date Modified	Username	Field	Change
2016-05-20 01:29	rloomans	New Issue
2016-05-20 15:49	ollehar	Note Added: 38703
2016-05-20 15:51	ollehar	Note Added: 38704
2016-05-20 15:51	ollehar	Assigned To	=> ollehar
2016-05-20 15:51	ollehar	Status	new => feedback
2016-05-23 07:35	rloomans	Note Added: 38712
2016-05-23 07:35	rloomans	Status	feedback => assigned
2016-05-23 08:11	rloomans	Note Edited: 38712
2016-05-23 08:12	rloomans	Note Edited: 38712
2016-05-23 08:14	rloomans	File Added: phpinfo().mht
2016-05-23 08:37	rloomans	Note Added: 38714
2016-05-23 10:08	ollehar	Note Added: 38720
2016-05-23 10:55	c_schmitz	Note Added: 38723
2016-05-23 10:57	c_schmitz	Note Added: 38724
2016-05-23 10:58	c_schmitz	Note Edited: 38712
2016-05-23 10:58	c_schmitz	Status	assigned => feedback
2016-05-23 10:58	c_schmitz	Assigned To	ollehar => c_schmitz
2016-05-24 02:34	rloomans	Note Added: 38738
2016-05-24 02:34	rloomans	Status	feedback => assigned
2016-05-24 02:39	rloomans	Note Added: 38739
2016-05-24 09:03	c_schmitz	Note Added: 38740
2016-05-24 09:14	rloomans	Note Added: 38741
2016-05-24 09:46	c_schmitz	Note Added: 38742
2016-05-24 09:55	c_schmitz	Note Added: 38756
2016-05-24 09:55	c_schmitz	Status	assigned => closed
2016-05-24 09:55	c_schmitz	Resolution	open => no change required

View Issue Details

Users monitoring this issue

Activities

Issue History