| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| QdbS - Quote database System :: Forums :: Bug Reports | |||
|
|||
 A couple bugs |
| Author | Post |
| Se7enLC |
| ||
 Joined: Fri Mar 21 2008, 17:48:21 Posts: 3 | First - great app! I was hoping to find the same software that bash.org uses, but this is a pretty good emulation of it. Now - A couple bug reports and the fixes I made: MySQL Passwords: For whatever reason, my admin password didn't work. I looked into the code and found out that the MD5 hash in the dB and the one being calculated in the PHP code were not the same. There was a lowercase vs uppercase discrepancy. I added a call to strtolower to make sure that they are the same. I think this was because I manually edited the table using the MD5 MySql command, which puts the passwords in uppercase. Extra "\" characters in quotes. Anytime an apostrophe was used, it threw an extra \ in the quote on display. I added calls to "stripslashes" to remove them. Intentional \ characters are retained, since the mysql_real_escape_string doubles them properly when storing. I also changed the font sizes in the css to be a little bigger. 8 point is a little hard on the eyes. Again, great little app! Feel free to incorporate these changes into your next revision if you want. [ Edited Fri Mar 21 2008, 17:56:30 ] | ||
| Back to top |
| pockyrevolution |
| ||
Joined: Wed Mar 26 2008, 05:50:21 Posts: 3 | Se7enLC, can you post how you patched the lowercase/uppercase problem? I can't login to my admin panel because my database password is mixed case. Thanks!! | ||
| Back to top |
| Se7enLC |
| ||
Joined: Fri Mar 21 2008, 17:48:21 Posts: 3 | I didn't solve the problem of mixed case passwords. I added another user to the database manually using the commandline mysql client. The problem I had was that the MD5() function in mysql puts the hex in with capital letters, but with php it uses lowercase. This is the change I made: Line 171 of admin/index.php
| ||
| Back to top |
| pockyrevolution |
| ||
Joined: Wed Mar 26 2008, 05:50:21 Posts: 3 | Thanks for the reply. I was able to modify the index.php Could you elaborate on how to edit the database to add a new manual? I am looking at qdbs_admin via phpmyadmin | ||
| Back to top |
| Jobe |
| ||
   Joined: Mon Oct 08 2007, 15:54:30 Posts: 32 | I am unable to replicate the escaping issue? Do you by any chance have "magic_quotes_gpc" enabled in your servers PHP config? You should be able to add admins using the admin control panel (usually at admin/ in your QdbS directory) Either way, the bug will be fixed in the next release. Sorry for the slow response, have been a little caught up in other matters. At "" you should be able to manually add admins using the following SQL statement (If you used a table prefix replace "admins" with the full table name):
INSERT INTO `admins` (`username`, `password`, `level`) VALUES ('<username>', LCASE(MD5('<password>')), '2');
[ Edited Fri Mar 28 2008, 01:23:47 ] | ||
| Back to top |
| Se7enLC |
| ||
Joined: Fri Mar 21 2008, 17:48:21 Posts: 3 | yeah, it looks like I do have magic quotes on. It wasn't something I intentionally enabled, so it must have been that way by default. ahh, I think I see what caused by admin password/account problem, now. My admin account for mySQL is case-sensitive, so when I used it to create the databases, it worked, but then I wasn't able to log in using it, because whatever I was entering into the box was being converted to lowercase before being md5 summed. My fix was to add a user manually and give him privileges to the database. I didn't use the LCASE(MD5()), so I was stuck with capital md5 passwords, which didn't work. That's why I ended up adding in the php strtolower calls. If I'd added the user the way you suggested, it would have needed no code changes, and I could have just manually added the user. So is there any particular reason passwords are case-insensitive? Wouldn't be a problem at all, had it not been for the re-using of the sql admin password as the qdb password. Perhaps if the installer asked for a new password that would eliminate the problem? Or maybe it should do two things - one, make it lowercase and md5 it for the admin account, but use it in its case-sensitive form to actually do the initial install. Just a suggestion - it's working great for me as-is anyway. | ||
| Back to top |
| Jobe |
| ||
Joined: Mon Oct 08 2007, 15:54:30 Posts: 32 | Again sorry for the slow reply, I have in the SVN repository (yet to be released) added case sensitivity to the passwords. I will have to at some point add a warning that all previously set passwords are in lower case only though. The reason is, up until the change, the actual users input for the password was converted to lower case before the hashing. As for the MD5 issue, I have also made it force the MD5 hash to lower case in the comparison and setting/changing the password. As for the magic quotes, that just means I'm going to have to look into doing a test to see if it's on or not. Thank you for your assistance. [ Edited Mon Mar 31 2008, 23:46:22 ] | ||
| Back to top |
| Moderators: Jobe |
Welcome Online Latest Forum Posts
Re: search question search question Re: vBulletin front-end bridging v1.5 IMPORTANT UPDATE! Re: vBulletin front-end bridging v1.5 IMPORTANT UPDATE! Re: vBulletin front-end bridging v1.5 IMPORTANT UPDATE!
