OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



password salt --- ojs 1.1 login issue when after DB move

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

password salt --- ojs 1.1 login issue when after DB move

Postby timmcgeary » Fri Sep 07, 2007 11:32 am

Greetings,

We have a journal still on version 1.1 for a number of reasons. We did an OS upgrade on the server in which resides last month and the editor discovered his login failed. The tblusers is intact, and I can do a query on users through SQL, but I think there is a problem with the encoding process in login.php. I see in the code there is this $passwd_salt, but I had no idea what it meant. Then in my password agent application I discovered that I have a password salt key listed, but I have no idea what to do with it to ensure the login process will work. I can't find documentation to tell me what I might need to do in order to get the login to read this password salt properly.

Help!

Thanks,
Tim
timmcgeary
 
Posts: 29
Joined: Wed Aug 15, 2007 1:15 pm

Re: password salt --- ojs 1.1 login issue when after DB move

Postby asmecher » Fri Sep 07, 2007 11:46 am

Hi Tim,

OJS 1.x uses MySQL's "encode" and "decode" functions to store encrypted passwords in the database. You can get the salt from the tbljournalconfig table:
Code: Select all
SELECT chPasswordSalt FROM tbljournalconfig;
Then use the password salt to get the decrypted passwords from the tblusers table, e.g. to get the first 5:
Code: Select all
SELECT chUsername, decode(chPassword, 'put salt value here') FROM tblusers LIMIT 5;
If you don't get coherent passwords back, it's probably because the MySQL ENCODE and DECODE functions are behaving differently or the DBMS upgrade changed the character set configuration. You may need to restore your database on an older version of MySQL and migrate the passwords manually. If you're able to get the passwords to decode coherently on another machine, I can provide instructions on the migration process.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8618
Joined: Wed Aug 10, 2005 12:56 pm

Re: password salt --- ojs 1.1 login issue when after DB move

Postby timmcgeary » Fri Sep 07, 2007 12:00 pm

Hi Alec,

Thank you for your quick reply. I ran the:
SELECT chUsername, decode(chPassword, 'put salt value here') FROM tblusers LIMIT 5;

with the salt in tbljournalconfig in MySQL 5.x and I was able to see the coherent passwords just fine. The editor person confirmed that the password I saw was indeed the one he chose.

So it appears that maybe something else is going on. When I try to login with the editor's username and password, on the screen I get the following error message:
Login failed. Sorry, the username you entered was incorrect.


Nothing appears in the error logs... Suggestions?

Tim
timmcgeary
 
Posts: 29
Joined: Wed Aug 15, 2007 1:15 pm

Re: password salt --- ojs 1.1 login issue when after DB move

Postby asmecher » Fri Sep 07, 2007 1:52 pm

Hi Tim,

The loginUser function in login.php, which is responsible for logging users in, is not written in OJS 1.x to deal with MySQL errors. I'd suggest turning on MySQL query logging temporarily to find out what queries it's running (or if it's running them at all); then proceed from there to debug further.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8618
Joined: Wed Aug 10, 2005 12:56 pm

Re: password salt --- ojs 1.1 login issue when after DB move

Postby timmcgeary » Fri Sep 07, 2007 8:05 pm

Forgive my ignorance, but I've never had to worry about MySQL query logging in the past. Where do I set this configuration? I'm using a standard MySQL install from CentOS4 through yum.
timmcgeary
 
Posts: 29
Joined: Wed Aug 15, 2007 1:15 pm

Re: password salt --- ojs 1.1 login issue when after DB move

Postby asmecher » Fri Sep 07, 2007 9:21 pm

Hi Tim,

Looking through /etc/mysql/my.cnf (though the location of my.cnf may be different on your install), I see:
Code: Select all
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
#log            = /var/log/mysql/mysql.log
Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8618
Joined: Wed Aug 10, 2005 12:56 pm

Re: password salt --- ojs 1.1 login issue when after DB move

Postby timmcgeary » Mon Sep 10, 2007 8:40 am

Alec,

I turned on the mysql logging, but nothing is being logged for this error. I'm still just getting

Login failed. Sorry, the username you entered was incorrect.


when I try to login with a valid username/password.

Tim
timmcgeary
 
Posts: 29
Joined: Wed Aug 15, 2007 1:15 pm

Re: password salt --- ojs 1.1 login issue when after DB move

Postby asmecher » Mon Sep 10, 2007 9:27 am

Hi Tim,

MySQL logging, when enabled, should record all the queries that are sent to the database, so you should see queries like:
Code: Select all
SELECT nUserID, chUsername, fkEditorID FROM tblusers WHERE chUsername = 'myUsernameHere' AND chPassword = encode('myPasswordHere', 'passwordSaltHere');
Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8618
Joined: Wed Aug 10, 2005 12:56 pm

Re: password salt --- ojs 1.1 login issue when after DB move

Postby asmecher » Mon Sep 10, 2007 1:08 pm

Hi all,

FYI, the problem was caused by register_long_arrays in php.ini being disabled.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 8618
Joined: Wed Aug 10, 2005 12:56 pm


Return to OJS Technical Support

Who is online

Users browsing this forum: No registered users and 4 guests