View Issue Details

Jump to NotesJump to History
This issue affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
12475Bug reportsAuthenticationpublic2017-06-19 09:142017-06-20 09:39
Reporterdomago Assigned Toc_schmitz  
PrioritynoneSeveritycrash 
Status closedResolutionunable to reproduce 
Product Version2.65.x 
Summary12475: Use one_time_pw
Description

I have just updated LS: version 2.4 to version 2.65.4 + 170612.

With the old version, I used the 'unique password' function that worked perfectly.
Since the new version, it does not work anymore. Yet all criteria are respected:

  • setting the config.php,
  • Pre-registration of the MP (SHA 256) in the one_time_pw column of the lime_users table,
  • address www.example.org/limesurvey/index.php/admin/authentication/login?user=xxx&onepass=xxx

'Debug = 2' does not return any errors.

Steps To Reproduce

PHP

$sql_update_LS = "UPDATE lime_users SET one_time_pw=xxx WHERE users_name=xxx";
$req_update_LS = mysqli_query($connexion,$sql_update_LS) or die('Erreur SQL !
'.$sql_update_LS.'
'.mysqli_error());
header('Location: index.php/admin/authentication/login?user=xxx&onepass=xxx');

TagsNo tags attached.
Bug heat4
Complete LimeSurvey version number (& build)2.65.4+170612
I will donate to the project if issue is resolvedYes
Browser
Database type & versionVersion du serveur MySQL : 5.5.55-0+deb8u1
Server OS (if known)Debian
Webserver software & version (if known)Apache/2.4.10
PHP Version7.0.18-1~dotdeb+8.1

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2017-06-19 13:42

administrator   ~43937

You are aware that this needs an MD5 hash, right?
domago

domago

2017-06-19 14:49

reporter   ~43938

Yes of course. My PW registration code is : SHA2('mypassword',256)
c_schmitz

c_schmitz

2017-06-19 15:00

administrator   ~43939

SHA2 is not MD5. Please check again.
domago

domago

2017-06-19 15:24

reporter   ~43940

Already tested with md5. But it does not work either.
domago

domago

2017-06-19 15:27

reporter   ~43941

My complete php code :

$user = 'user_name';
$onepass = 'mypassword';
$onepassmd5 = md5('".$onepass."') ;
$sql_update_LS = "UPDATE lime_users SET one_time_pw='".$onepassmd5."' WHERE users_name='".$user."'";
$req_update_LS = mysqli_query($connexion,$sql_update_LS) or die('Erreur SQL !
'.$sql_update_LS.'
'.mysqli_error());
header('Location: index.php/admin/authentication/login?user='.$user.'&onepass='.$onepass);
c_schmitz

c_schmitz

2017-06-19 16:26

administrator   ~43942

Works fine here. Did you activate one time passwords in config.php?

See https://manual.limesurvey.org/Optional_settings#Use_one_time_passwords
domago

domago

2017-06-19 19:33

reporter   ~43943

I wrote in config.php : $config['use_one_time_passwords'] = true;
And works not fine here...
c_schmitz

c_schmitz

2017-06-20 09:38

administrator   ~43947

Well, then you did it wrong.
Check out https://manual.limesurvey.org/Optional_settings#How_to_modify_optional_settings
For further discussion please use the forum. Thank you.

Issue History

Date Modified Username Field Change
2017-06-19 09:14 domago New Issue
2017-06-19 13:42 c_schmitz Assigned To => c_schmitz
2017-06-19 13:42 c_schmitz Status new => feedback
2017-06-19 13:42 c_schmitz Note Added: 43937
2017-06-19 14:49 domago Note Added: 43938
2017-06-19 14:49 domago Status feedback => assigned
2017-06-19 15:00 c_schmitz Note Added: 43939
2017-06-19 15:24 domago Note Added: 43940
2017-06-19 15:27 domago Note Added: 43941
2017-06-19 16:26 c_schmitz Status assigned => resolved
2017-06-19 16:26 c_schmitz Resolution open => unable to reproduce
2017-06-19 16:26 c_schmitz Note Added: 43942
2017-06-19 19:33 domago Note Added: 43943
2017-06-20 09:38 c_schmitz Note Added: 43947
2017-06-20 09:39 c_schmitz Status resolved => closed