[Xerte] Cannot Log In as Admin

[Patrick Lockley]

I got opensesame?

 

Googling round it seems md5 is the default option, but blowfish is
better?

 

Then again O'Reilly suggests I can alter the salt setting in crypt to a
user definable one - that would seem stronger than straight encryption
as it least protects against some of the known algorithm attacks.

 

So we have a choice

 

1)    Modify the logindetails table to allow for user roles - and modify
the is_user_admin function to check to see the role

 

Pros (perceived by me)

-Scope for different roles

-Customisable by yourselves as well for roles

-More secure (no passwords stored outside of LDAP)

 

Cons

-Tables need altering

-Slightly slower

-involves work

-Need to role management work on management.php

 

2)    Encryption option

 

Pros

-Fast

-User customisable

-Less work

 

Cons

-None of the pros the other option has.

-Modifies setup and config.php

-Possibly needs some direct PHP customising to allow for this

 

 

 

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 22 May 2009 12:46
To: Xerte list
Subject: RE: [Xerte] Cannot Log In as Admin

 


admin




________________________________

Subject: RE: [Xerte] Cannot Log In as Admin
Date: Fri, 22 May 2009 11:46:25 +0100
From: Julian.Tenney at nottingham.ac.uk
To: xerte at lists.nottingham.ac.uk

Here's a password hashed in the one way uncrackable MD5 algorithm:

 

e6078b9b1aac915d11b9fd59791030bf

 

Now, go and paste that into google and see how long it takes you to work
out the actual password...

 

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Patrick
Lockley
Sent: Friday, May 22, 2009 11:41 AM
To: Xerte discussion list
Subject: RE: [Xerte] Cannot Log In as Admin

 

Hello,

 

Yes management.php, it is LDAP free.

 

If you go to your sitedetails table, you can set the admin_username and
admin_password. Assuming these are set, and it sounds like they are -
does it just say they aren't correct. Mine works fine - I think
Johnathan's works as well - pretty sure Ron's works too.

 

Re MD5 - yep, over sight on my part - reasoning - we had a lot of people
with 0.5 and 0.8 installs where there was no admin role. When we moved
to 0.9 and 1.0 originally we modded the logindetails table to allow for
a user role flag, but this would mean everyone with an install modding
their tables. Which seemed a hassle. So I put the admin username into
the sitedetails table at the last minute instead, and left it.

 

You're welcome to MD5 it yourself though - you'd just need to put an un
md5 command into config.php. 

 

I'll put it in the list for the next version.

 

Pat

 

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Jeremy
Hopkins
Sent: 22 May 2009 11:32
To: xerte at lists.nottingham.ac.uk
Subject: [Xerte] Cannot Log In as Admin

 

Hello All,

 

I have installed the full version Xerte on a linux virtual server. All
seemed to go according to plan until I came to log in.

 

I cannot log in using the administrators username and password. I have
re-installed / checked fields in database etc and it still will not
allow me in.

 

I have not got LDAP running yet, but am assuming that LDAP is not
required for the admin account, and that admin is completely independent
of the normal routines with the credential residing in the sitedetails
table? (would it not be better to MD5 the password in site details?)

 

Has anyone else experienced this problem?

 

Thanks, Jeremy

 

________________________________

Hotmail(r) has a new way to see what's up with your friends. Check it
out.
<http://windowslive.com/Tutorial/Hotmail/WhatsNew?ocid=TXT_TAGLM_WL_HM_T
utorial_WhatsNew1_052009> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20090522/9eac6d67/attachment.html