[Vtigercrm-commits] [vtiger development] #7015: Problems with user passwords

vtiger development vtiger-tickets at trac.vtiger.com
Thu Feb 10 10:06:45 PST 2011 

#7015: Problems with user passwords
------------------------+---------------------------------------------------
 Reporter:  joebordes   |       Owner:  developer 
     Type:  patch       |      Status:  new       
 Priority:  unassigned  |   Milestone:  Unassigned
Component:  vtigercrm   |     Version:  5.2.1     
 Keywords:              |  
------------------------+---------------------------------------------------
 I'm trying to address here all the problems related to passwords that have
 come up since PHP5.3.

 == Problem 1: ==

 The user_password field in vtiger_users was too short before
 vtigercrm5.2.0. If you have migrated to vtigercrm5.2.x from an older
 version you'll have this problem too. You can fix it by executing this SQL
 statement:

 ''ALTER TABLE `vtiger_users` CHANGE `user_password` `user_password`
 VARCHAR( 128 )''

 == Problem 2: ==

 The crypt() function gets called with bad salt parameters, this can lead
 to unexpected results in some cases. The attached patch is for
 vtigercrm5.2.1 and tries to fix the code so that it works regardless of
 PHP version and OS. It needs testing, so please comment here with your
 results.

 == Problem 3: ==

 Your passwords might be already messed up by the previous code. If you
 applied the previous patch it's advisable to fix them by executing this
 SQL statement to set passwords to the username:

 ''UPDATE vtiger_users SET user_password = encrypt( user_name, concat(
 '$1$', substr( rpad( user_name, 8, '0' ) , 1, 8 ) , '$' ) ) , user_hash =
 md5( user_name ), crypt_type = 'MD5'''

 This SQL won't work on Windows, but you can set all passwords to 'admin'
 with the following statement:

 ''UPDATE vtiger_users SET user_password =
 '$1$admin000$ydoH7w5R.5aaj7/wYp9Vm1' , user_hash = md5( 'admin' ),
 crypt_type = 'MD5'''

 ----
 Please, test and leave your feedback here.

-- 
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7015>
vtiger development <http://trac.vtiger.com/>
vtigerCRM

More information about the vtigercrm-commits mailing list