View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Supportez nous sur Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - [SOLVED] PHP 7.4 - Page 2 - ProjeQtOr

Prochaines sessions de formation

Les prochaines formations et démonstrations sont ouvertes, inscrivez-vous rapidement !

 

Démonstration de ProjeQtOr

(gratuit, sur inscription)

Mardi 23 avril (10h30-12h)

Jeudi 16 mai (16h-17h30)

Jeudi 13 juin (10h30-12h)

  
 

Planifiez avec ProjeQtOr

3 et 4 avril (9h - 12h30)

  
 

Administrez avec ProjeQtOr

10 et 11 avril (9h - 12h30)

  

 

 
 

[SOLVED] PHP 7.4

More
10 Jan 2020 17:22 #7 by Thierry94
Replied by Thierry94 on topic PHP 7.4
thanks.

I just ran the following test again:
- password reset on the S3 server.
- login, from my PC, in a private browsing session, with the new password :ok
- change password
- logout
- Attempt to reconnect (in the same private browsing session) impossible.

Please Connexion or Create an account to join the conversation.

More
10 Jan 2020 18:00 #8 by babynus
Replied by babynus on topic PHP 7.4
Even on private session, cache and cookies are kept if you do not close browser.
Close browser between tests or use another browser for second test.

When you reconnect, you enter the new changed password, I guess.
Could you check in DB if password stored is the old one or a new one (value stores is not the password you enter, but you may see change)
Babynus
Administrator of ProjeQtOr web site
The following user(s) said Thank You: Thierry94

Please Connexion or Create an account to join the conversation.

More
10 Jan 2020 18:38 #9 by Thierry94
Replied by Thierry94 on topic PHP 7.4
ok, i will test that tomorrow.

i don't have time now.

thanks a lot.

Please Connexion or Create an account to join the conversation.

More
11 Jan 2020 16:37 #10 by Thierry94
Replied by Thierry94 on topic PHP 7.4
hi,
here is my new test.
a) SQL Update with new password (admin/admin), content of password column for table resource (id=1)
084cf5c804c917fa349e0012a4432271

b) in chromium browser ( instead of FF that i always use) : clean history (everything), quit the browser, then reopen the browser.
c) first launch of the app in chromium. Projeqtor ask me for a new password (he told me it’s ok). I changed it in the app and check the content of table resource
content of password column for table resource (id=1)
cd0972eea8cbc92b1bc66224528306ca67532aa13724f1cf1f7944f5af5b9c06

it seems to be the new password.

d) i disconnect from projeqtor and try to reconnect (in chromium) with my new password.
Got the following error in the log file :
2020-01-11 16:33:24.150 ..... SCRIPT .... 192.168.1.13 ->/tool/loginCheck.php
2020-01-11 16:33:24.152
DEBUG
loginCheck : current db version = 'V8.3.1'
2020-01-11 16:33:24.158
DEBUG
User->authenticate('admin', 'bwLJQMTqGV7xNexhvwVenPsFwHCbm6gXBY0=')
2020-01-11 16:33:24.161
DEBUG
User->authenticate : sha256 encryption
2020-01-11 16:33:24.166 ..... SCRIPT .... 192.168.1.13 getProfile(objectOrIdProject=User #1)
2020-01-11 16:33:24.169 ..... SCRIPT .... 192.168.1.13 getProfile(objectOrIdProject=User #1)
2020-01-11 16:33:24.178 ..... SCRIPT .... 192.168.1.13 getProfile(objectOrIdProject=History #)
2020-01-11 16:33:24.184 ..... SCRIPT .... 192.168.1.13 getProfile(objectOrIdProject=History #)
2020-01-11 16:33:24.393
DEBUG
User->authenticate : wrong password ec7371b06441eb823bba7aaab436f4be2eb1ae4756aabddac18087e8c13a9e61!=bwLJQMTqGV7xNexhvwVenPsFwHCbm6gXBY0= (exit)
2020-01-11 16:33:24.393
DEBUG
loginCheck : unidentified incorrect authentification
2020-01-11 16:33:24.393 ===== TRACE ===== Login error for user 'admin'

Please Connexion or Create an account to join the conversation.

More
11 Jan 2020 17:35 #11 by babynus
Replied by babynus on topic PHP 7.4
Ji,

Thanks for testing and complete report.

First, a hint :
When you try and set default password, I don't know where you get the string 084cf5c804c917fa349e0012a443227 to set as new password value
but it may be more easy to enter password in clear text (admin) and set crypto to null

Second :
I hope that after changing the password through the application, when you try to reconnect, you use the password you entered in the application as new password, not the one stored in the db (cd0972eea8cbc92b1bc66224528306ca67532aa13724f1cf1f7944f5af5b9c06) as this one is result of encryption of the password

Last :
To have more clue, change in model/UserMain.php, line 1243 from
      if ($this->crypto=='sha256') {
        debugTraceLog("User->authenticate : sha256 encryption");
        $expected=$this->password.getSessionValue('sessionSalt');
        $expected=hash("sha256", $expected);
to
      if ($this->crypto=='sha256') {
        debugTraceLog("User->authenticate : sha256 encryption");
        $expected=$this->password.getSessionValue('sessionSalt');
        debugTraceLog("*** sha encrypted password ***");
        debugTraceLog("stored password = ".$this->password);
        debugTraceLog("session salt = ".getSessionValue('sessionSalt'));
        $expected=hash("sha256", $expected);
Then, in browser, open console on network tab, and filter result on getHash
Try and reconnect (with refused password)
Look at response for last request getHask.php : the last word (after last ;) must be exactly the same as what you will find in the log file after "
DEBUG
session salt ="
If it's not the case, you have a session issue.
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

More
11 Jan 2020 19:51 #12 by Thierry94
Replied by Thierry94 on topic PHP 7.4
Thanks for your answer.

New test
1)
→ UPDATE resource SET password='newpasswd', crypto=NULL, isLdap=0 WHERE id=1;

select * from resource where id=1;
→ resource.password is equal ti ‘newpasswd’


2) Clear chromium, exit + launch chromium, projeqtor landing page.
Login with admin/newpasswd : OK
3°) projeqtor ask me to changepasswd, then i did it with a new one, and log out
4°) i tried to log in with admin/ the password i set at step 3
5°) error in log file :

2020-01-11 19:39:34.171 ..... SCRIPT .... 192.168.1.13 =====/tool/getHash.php
2020-01-11 19:39:34.204 ..... SCRIPT .... 192.168.1.13 Page=getHash.php
2020-01-11 19:39:34.204 ..... SCRIPT .... 192.168.1.13 refreshParameters()
2020-01-11 19:39:34.358 ..... SCRIPT .... 192.168.1.13 =====/tool/loginCheck.php
2020-01-11 19:39:34.391 ..... SCRIPT .... 192.168.1.13 Page=loginCheck.php
2020-01-11 19:39:34.391 ..... SCRIPT .... 192.168.1.13 refreshParameters()
2020-01-11 19:39:34.424 ..... SCRIPT .... 192.168.1.13 ->/tool/loginCheck.php
2020-01-11 19:39:34.426
DEBUG
loginCheck : current db version = 'V8.3.1'
2020-01-11 19:39:34.433
DEBUG
User->authenticate('admin', '8QDpHGYWGl6wallAO5be/4RBIryZPPFjUmo=')
2020-01-11 19:39:34.435
DEBUG
User->authenticate : sha256 encryption
2020-01-11 19:39:34.435
DEBUG
*** sha encrypted password ***
2020-01-11 19:39:34.435
DEBUG
stored password = 2aacc0a69b3803b630b11934307d43b21ad7954c5ff68cfec93bf003db736a49
2020-01-11 19:39:34.435
DEBUG
session salt = b382b3591b7741bd5a408fcb6b605aea
2020-01-11 19:39:34.441 ..... SCRIPT .... 192.168.1.13 getProfile(objectOrIdProject=User #1)
2020-01-11 19:39:34.445 ..... SCRIPT .... 192.168.1.13 getProfile(objectOrIdProject=User #1)
2020-01-11 19:39:34.454 ..... SCRIPT .... 192.168.1.13 getProfile(objectOrIdProject=History #)
2020-01-11 19:39:34.460 ..... SCRIPT .... 192.168.1.13 getProfile(objectOrIdProject=History #)
2020-01-11 19:39:34.651
DEBUG
User->authenticate : wrong password f432065c17779a84c33bd1e9b3b4b30939c88fe3a9acdd8c1b816cb132130fed!=8QDpHGYWGl6wallAO5be/4RBIryZPPFjUmo= (exit)
2020-01-11 19:39:34.651
DEBUG
loginCheck : unidentified incorrect authentification
2020-01-11 19:39:34.651 ===== TRACE ===== Login error for user 'admin'

– in chromium (network console)
request header :
http://192.168.1.247/tool/getHash.php?username=OQB1qGYWGl7ic9VFVg%3D%3D
GET /tool/getHash.php?username=OQB1qGYWGl7ic9VFVg%3D%3D HTTP/1.1
Host: 192.168.1.247
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36
X-Requested-With: XMLHttpRequest
Accept: */*
Referer: http://192.168.1.247/view/main.php
Accept-Encoding: gzip, deflate
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=p1lkq6j0ohrsn3p6mqn20uoj80


response

sha256;440c5bfd2beacc722fa848a6b41331856b354a7df4a7a029edd7b3344478f383;b382b3591b7741bd5a408fcb6b605aea

i think what your looking for is b382b3591b7741bd5a408fcb6b605aea which is the same in the log file & in the response in the browser.

Please Connexion or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.043 seconds

Paramétrages de cookies

×

Cookies fonctionnels

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Veuillez vous connecter pour voir vos activités!

Autres cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form