View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000527 | OXID eShop (all versions) | 5. ------ UpdateApp / Update ------ | public | 2009-01-20 15:46 | 2012-12-10 13:31 |
| Reporter | andreas_ziethen | Assigned To | |||
| Priority | urgent | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.0.0.2 revision 14842 | ||||
| Fixed in Version | 4.0.1.0 revision 15990 | ||||
| Summary | 0000527: Users without password cannot register - bug in update script generates wrong passwords | ||||
| Description | The update script (patch from 4.0.0.1_14455 to 4.0.0.2_14842) has a critcical bug: it generates salted passwords for users who did not have any password before. So such users can't register or buy anything in the shop. The bug is located in update.php in line 176: $sQ = "update oxuser set oxpassword = MD5( CONCAT( oxuser.oxpassword, UNHEX( oxuser.oxpasssalt ) ) ) where LENGTH( oxuser.oxpassword ) < 32 and oxuser.oxpassword not like 'ox\_%' and oxuser.oxpasssalt != '' limit {$iQty}"; Users without any password do get one here because the old password (empty) is concated with the new salt. | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | All | ||||
| PHP Version | 5.2.6 | ||||
| Database Version | 5.0.33 | ||||
