View Issue Details

IDProjectCategoryView StatusLast Update
0000700OXID eShop (all versions)6. ------ Setup -------public2009-04-15 14:47
ReporterNico_Klein 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionwon't fix 
Product Version4.0.0.2 revision 14842 
Target VersionFixed in Version 
Summary0000700: Passwords won't be convert to MD5 code
DescriptionThe following steps were executed:

- installing a fresh Oxid PE 4.0.0.0_13895
- log in to the admin area with the default admin user name and password
- open 2 admin accounts with cryptic passwords (VlI8Lz9WS+Kn42idQlNa 6JlCZz1AyydsL3Tk2DyD)
- open 1 admin account with password "tester"
- accomplish the patches 13895 -> 14455 and 14455 -> 14842

result: the short passwords (admin and tester) were converted to a MD5 code
and the cryptic passwords were not converted.

Probably a bug in the update.php in patch 14455 to 14842
TagsNo tags attached.
Theme
BrowserAll
PHP Version5.2.6
Database Version5.0.33

Activities

dainius.bigelis

2009-04-01 15:32

reporter   ~0000668

There was a bug in the update.php script and this case occurs only for users, which had password longer than 32 chars. As this was separate script for updating in some previous eShop versions, the fix will not be prepared for this case.
Thank you for your reports.

arvydas_vapsva

2009-04-15 14:47

reporter   ~0000765

if you have login to admin problems after update (admin passwords does not work), you can reset admin password by executing this SQL in admin (replace _ADMIN_USER_ID_ with admin user id - OXID field value):

  UPDATE oxuser SET oxpasssalt = '', oxpassword = MD5('admin') WHERE oxid = '_ADMIN_USER_ID_';