View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Supportez nous sur Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Connection issue : Password encryption - ProjeQtOr

Prochaines sessions de formation

Les prochaines formations et démonstrations sont ouvertes, inscrivez-vous rapidement !

 

Démonstration de ProjeQtOr

(gratuit, sur inscription)

Mardi 23 avril (10h30-12h)

Jeudi 16 mai (16h-17h30)

Jeudi 13 juin (10h30-12h)

  
 

Planifiez avec ProjeQtOr

3 et 4 avril (9h - 12h30)

  
 

Administrez avec ProjeQtOr

10 et 11 avril (9h - 12h30)

  

 

 
 

Connection issue : Password encryption

More
25 Jan 2017 16:45 #1 by mhendawi
Password encryption was created by mhendawi
Hello ProjeQtor team,
I'm a new user (installed 3 days ago only) and have a serious athentification pbm.
I problem with password encryption.
----- DEBUG ----- User->authenticate : wrong password

The issue is diffcult to handle beacause, from one side, it seems related to the client machine environment but frome another side it seems rather independant from the client beacause behavior changes in the time (pbm appears and disappears).
Let's be accurate:
  • 2days ago: we noticed the pbm on mac with chrome but is worked with safari and a windows machine (the mine) with chrome
  • yestrday: it works fine from a specific client machine (the mine) but only with IE11
  • today: it still working fine ONLY on my client machine but with all navigator (ir11, chrome 48, firefox50.1)

We put level debug to 4
We did some modifications on the scripts to make the verbeuse and to decrypt the hashed the sha256 password
  • We remarak that when authentification is OK , decryption is KO, cf. first bloc of the log file
  • We remarak that when authentification is KO , decryption is OK, cf. 2ndbloc of the log file


1st bloc:


2017-01-25 15:03:54.387 ..... SCRIPT .... xxx.xxx.40.66 /projeqtor/tool/getHash.php
2017-01-25 15:03:54.418 ..... SCRIPT .... xxx.xxx.40.66 Page=getHash.php
2017-01-25 15:03:54.472 ..... SCRIPT .... xxx.xxx.40.66 /projeqtor/tool/loginCheck.php
2017-01-25 15:03:54.504 ..... SCRIPT .... xxx.xxx.40.66 Page=loginCheck.php
2017-01-25 15:03:54.506 ..... SCRIPT .... xxx.xxx.40.66    ->/tool/loginCheck.php
2017-01-25 15:03:54.510 ----- DEBUG ----- loginCheck : sessionSalt --> a3094ad806849ba23de18048b8d0cde6
2017-01-25 15:03:54.511 ----- DEBUG ----- loginCheck : passwd from post --> 4af31e4c2ba8f968b7233308897466146128861d8c5540669ff2000585cde919
2017-01-25 15:03:54.517 ----- DEBUG ----- loginCheck : current db version = 'V6.0.5'
2017-01-25 15:03:54.522 ----- DEBUG ----- loginCheck : clear passwd from post --> n▒Y▒▒SH*▒f▒^Hӝs_/▒.+▒]▒▒-▒▒▒n#▒▒▒
2017-01-25 15:03:54.524 ----- DEBUG ----- User->authenticate('utest', '4af31e4c2ba8f968b7233308897466146128861d8c5540669ff2000585cde919')
2017-01-25 15:03:54.527 ----- DEBUG ----- User->authenticate : received passwd --> 7f4f9aa7351d1f54edcb91893b5f30c81f9ed83617dc61c0f838781977eee396
2017-01-25 15:03:54.528 ----- DEBUG ----- User->authenticate : received passwd in the db  --> 4af31e4c2ba8f968b7233308897466146128861d8c5540669ff2000585cde919
2017-01-25 15:03:54.529 ----- DEBUG ----- User->authenticate : crypto  --> sha256
...
...
..
2017-01-25 15:03:54.532 ----- DEBUG ----- User->authenticate : sha256 encryption
2017-01-25 15:03:54.533 ----- DEBUG ----- User->authenticate : Successfull login
2017-01-25 15:03:54.535 ===== TRACE ===== NEW CONNECTED USER 'utest'

2nd bloc
2017-01-25 15:04:52.827 ..... SCRIPT .... xxx.xxx.33.229 Page=getHash.php
2017-01-25 15:04:52.864 ..... SCRIPT .... xxx.xxx.33.229 /projeqtor/tool/loginCheck.php
2017-01-25 15:04:52.895 ..... SCRIPT .... xxx.xxx.33.229 Page=loginCheck.php
2017-01-25 15:04:52.898 ..... SCRIPT .... xxx.xxx.33.229    ->/tool/loginCheck.php
2017-01-25 15:04:52.900 ----- DEBUG ----- loginCheck : sessionSalt --> add6e8a8692a7b3608e924d9f3a71dc8
2017-01-25 15:04:52.902 ----- DEBUG ----- loginCheck : passwd from post --> QgNjsYSwiFixlT3LAmJLxQ==
2017-01-25 15:04:52.907 ----- DEBUG ----- loginCheck : current db version = 'V6.0.5'
2017-01-25 15:04:52.910 ----- DEBUG ----- loginCheck : clear passwd from post --> passtest
2017-01-25 15:04:52.912 ----- DEBUG ----- User->authenticate('utest', 'QgNjsYSwiFixlT3LAmJLxQ==')
2017-01-25 15:04:52.915 ----- DEBUG ----- User->authenticate : received passwd --> 7f4f9aa7351d1f54edcb91893b5f30c81f9ed83617dc61c0f838781977eee396
2017-01-25 15:04:52.916 ----- DEBUG ----- User->authenticate : received passwd in the db  --> QgNjsYSwiFixlT3LAmJLxQ==
2017-01-25 15:04:52.918 ----- DEBUG ----- User->authenticate : crypto  --> sha256
..
..
..
2017-01-25 15:04:52.920 ----- DEBUG ----- User->authenticate : sha256 encryption
2017-01-25 15:04:52.922 ----- DEBUG ----- [color=red]User->authenticate : wrong password[/color] c7f1ef03755dcc93f73bef87c10b214bb7da94621151d4dd3f9768a65091eecf != QgNjsYSwiFixlT3LAmJLxQ== (exit)
2017-01-25 15:04:52.923 ----- DEBUG ----- loginCheck : unidentified incorrect authentification
2017-01-25 15:04:52.925 ===== TRACE ===== Login error for user 'utest'

for information, you will have attached the very verbose log file and the <Installdir>/projeqtor/files/config/parameters.php(renamed to .txt)

I need really your help

Best regards
Attachments:

Please Connexion or Create an account to join the conversation.

More
26 Jan 2017 22:02 #2 by babynus
Replied by babynus on topic Password encryption
Hi,

It is most likely a cache cookie/issue.

Try and clean cache and cookies to check if ti works best.
Also try to connect with browser in private mode : if it works fine, cookie / cahce issue is confirmed.
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

More
27 Jan 2017 20:11 #3 by mhendawi
Replied by mhendawi on topic Password encryption

babynus wrote: Hi,

It is most likely a cache cookie/issue.

Try and clean cache and cookies to check if ti works best.
Also try to connect with browser in private mode : if it works fine, cookie / cahce issue is confirmed.


Hello babynus
Thank you for the hint
I still have the pbm whatever cache and cookies deleted, or in private navigation
I have the pbm on machines where projeqtor never has been launched

I guess there is a bug between projeqtor and the DB may be
I don't know how to fix
Is there any prerequisite from client side? (OS, navigator,...)

For information, I'm on v6.0.5

Best regards

Please Connexion or Create an account to join the conversation.

More
28 Jan 2017 14:06 #4 by babynus
Replied by babynus on topic Password encryption
Please try with browser without any extension.

Some extensions are well known to set a mess in pages : Skype click to call, AdBlock,
Even sometimes Google Docs sets issues : I've seen use case with problem on planning that was fixed disabling Google docs plugin. And most strange is that enabling again Google docs did not reproduce issue any more...
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

More
31 Jan 2017 22:53 - 01 Fév 2017 10:10 #5 by mhendawi
Replied by mhendawi on topic Password encryption
Hello
Resolved but the real reason still unknown

We know the reason now: Projector is installed behind a proxy on an other machine
The pbm appears with local projeqtor account independently of using or not the proxy

Later I put localhost rather than 127.0.0.1 (configurated in the msql DB) and I remove the "remeber me option) ==> pbm still exist behind the proxy BUT it WORKS without the proxy

NOTE: From LDAP, authentification works well behin the proxy server too

Best regards
Last edit: 01 Fév 2017 10:10 by mhendawi. Reason: to be more accurate

Please Connexion or Create an account to join the conversation.

More
01 Fév 2017 09:53 #6 by babynus
Replied by babynus on topic Password encryption
Maybe you should add projeqtor server in the "trusted" list of your proxy, to avoid to have the proxy interact with requests.
Login phase uses encryption (to assume security even without SSL) so changing one single bit in the request or response will generate errors.
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.038 seconds

Paramétrages de cookies

×

Cookies fonctionnels

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Veuillez vous connecter pour voir vos activités!

Autres cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form