[Xerte] Cannot Log In as Admin

Patrick Lockley Patrick.Lockley at nottingham.ac.uk
Fri May 22 13:49:09 BST 2009

I got opensesame?


Googling round it seems md5 is the default option, but blowfish is


Then again O'Reilly suggests I can alter the salt setting in crypt to a
user definable one - that would seem stronger than straight encryption
as it least protects against some of the known algorithm attacks.


So we have a choice


1)    Modify the logindetails table to allow for user roles - and modify
the is_user_admin function to check to see the role


Pros (perceived by me)

-Scope for different roles

-Customisable by yourselves as well for roles

-More secure (no passwords stored outside of LDAP)



-Tables need altering

-Slightly slower

-involves work

-Need to role management work on management.php


2)    Encryption option




-User customisable

-Less work



-None of the pros the other option has.

-Modifies setup and config.php

-Possibly needs some direct PHP customising to allow for this




From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 22 May 2009 12:46
To: Xerte list
Subject: RE: [Xerte] Cannot Log In as Admin




Subject: RE: [Xerte] Cannot Log In as Admin
Date: Fri, 22 May 2009 11:46:25 +0100
From: Julian.Tenney at nottingham.ac.uk
To: xerte at lists.nottingham.ac.uk

Here's a password hashed in the one way uncrackable MD5 algorithm:




Now, go and paste that into google and see how long it takes you to work
out the actual password...


From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Patrick
Sent: Friday, May 22, 2009 11:41 AM
To: Xerte discussion list
Subject: RE: [Xerte] Cannot Log In as Admin




Yes management.php, it is LDAP free.


If you go to your sitedetails table, you can set the admin_username and
admin_password. Assuming these are set, and it sounds like they are -
does it just say they aren't correct. Mine works fine - I think
Johnathan's works as well - pretty sure Ron's works too.


Re MD5 - yep, over sight on my part - reasoning - we had a lot of people
with 0.5 and 0.8 installs where there was no admin role. When we moved
to 0.9 and 1.0 originally we modded the logindetails table to allow for
a user role flag, but this would mean everyone with an install modding
their tables. Which seemed a hassle. So I put the admin username into
the sitedetails table at the last minute instead, and left it.


You're welcome to MD5 it yourself though - you'd just need to put an un
md5 command into config.php. 


I'll put it in the list for the next version.




From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Jeremy
Sent: 22 May 2009 11:32
To: xerte at lists.nottingham.ac.uk
Subject: [Xerte] Cannot Log In as Admin


Hello All,


I have installed the full version Xerte on a linux virtual server. All
seemed to go according to plan until I came to log in.


I cannot log in using the administrators username and password. I have
re-installed / checked fields in database etc and it still will not
allow me in.


I have not got LDAP running yet, but am assuming that LDAP is not
required for the admin account, and that admin is completely independent
of the normal routines with the credential residing in the sitedetails
table? (would it not be better to MD5 the password in site details?)


Has anyone else experienced this problem?


Thanks, Jeremy



Hotmail(r) has a new way to see what's up with your friends. Check it

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20090522/9eac6d67/attachment.html

More information about the Xerte mailing list