06925: Administration login using a link with one time password (Limesurvey v2) -> one modification

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

06925	Bug reports	Authentication	public	2012-11-22 10:59	2012-11-28 10:14

Reporter	msorriano	Assigned To	c_schmitz
Priority	high	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	2.00+
Fixed in Version	2.00+

Summary	06925: Administration login using a link with one time password (Limesurvey v2) -> one modification
Description	Hello, http://bugs.limesurvey.org/view.php?id=6873 Just one modification in application/controllers/UserIdentity.php 59 //elseif ($sStoredPassword !== hash('sha256', $this->password)) 60 //{ 61 // $this->errorCode = self::ERROR_PASSWORD_INVALID; 62 //} because $sStoredPassword is different from hash('sha256', $this->password) so url authentication don't work. Regards
Additional Information	Désolé pour mon anglais je suis français. Sorry for my english, i'm french. J'ai remonté un bogue, il y a quelques semaines : http://bugs.limesurvey.org/view.php?id=6873 Mais l'authentification n'a pas marché. J'ai regardé dans le code et en enlevant les lignes 59 à 62 : //elseif ($sStoredPassword !== hash('sha256', $this->password)) //{ // $this->errorCode = self::ERROR_PASSWORD_INVALID; //} ça a marché. Je pourrai garder mon code mais à la prochaine mise à jour, il sera écraser. Vous pouvez modifier le votre svp? Merci, Cordialement
Tags	No tags attached.

Bug heat	4
Complete LimeSurvey version number (& build)	121116
I will donate to the project if issue is resolved	No
Browser	All
Database type & version	164
Server OS (if known)	Debian
Webserver software & version (if known)	Debian + apache + php + mysql
PHP Version	5.3

User List	There are no users monitoring this issue.

c_schmitz 2012-11-25 20:48 administrator ~22490	I am sorry but I don't see the reason for that. That part is never used because the previous if clause: `if ($sOneTimePassword!='' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword)==$user->one_time_pw) { $user->one_time_pw=''; $user->save(); $this->id = $user->uid; $this->user = $user; $this->errorCode = self::ERROR_NONE; }` If you need to comment the following part then you are doing something wrong.

msorriano 2012-11-26 17:01 reporter ~22546	I made a mistake, it isn't application/controllers/UserIdentity.php but application/core/UserIdentity.php, Sorry. I understand where is my problem : LSYii_Application Object ( [config:protected] => Array ( ... [use_one_time_passwords] => ... While in my file / config.php : ... // Debug Settings $debug = 0; $use_one_time_passwords = true; I am looking why the variable is not true just before if ($sOneTimePassword!='' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword)==$user->one_time_pw)

msorriano 2012-11-28 10:06 reporter ~22614	I found it! I add "'use_one_time_passwords'=>true" at the end of /application/config/config.php like it : `'debug'=>0, 'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2 'use_one_time_passwords'=>true )` ); and it work. Thank you for your help

Date Modified	Username	Field	Change
2012-11-22 10:59	msorriano	New Issue
2012-11-24 01:14	c_schmitz	Assigned To	=> c_schmitz
2012-11-24 01:14	c_schmitz	Status	new => assigned
2012-11-24 23:17	c_schmitz	Relationship added	related to 06873
2012-11-25 20:48	c_schmitz	Note Added: 22490
2012-11-25 20:48	c_schmitz	Status	assigned => feedback
2012-11-26 17:01	msorriano	Note Added: 22546
2012-11-26 17:01	msorriano	Status	feedback => assigned
2012-11-28 10:06	msorriano	Note Added: 22614
2012-11-28 10:14	c_schmitz	Status	assigned => closed
2012-11-28 10:14	c_schmitz	Resolution	open => fixed
2012-11-28 10:14	c_schmitz	Fixed in Version	=> 2.00+

View Issue Details

Relationships

Users monitoring this issue

Activities

Issue History