Can't login superadmin - Githubissues

afterlogic / webmail-lite-8

Open-source webmail script for existing IMAP server

https://afterlogic.org/webmail-lite-8

GNU Affero General Public License v3.0

335 stars 72 forks source link

Can't login superadmin #2

Closed mynpt closed 6 years ago

mynpt commented 7 years ago

I has downloaded source from https://afterlogic.org/webmail-lite-8 I can't login as superadmin with blank password. Please help me check it, thanks!

afterlogic-support commented 7 years ago

Make sure data/ directory of the installation is recursively writeable by webserver, as mentioned at: https://afterlogic.com/docs/webmail-lite-8/installation/installation-instructions Let us know if that has helped.

mynpt commented 7 years ago

I has set chmod and chown for data/ directory. capture But it not work.

afterlogic-support commented 7 years ago

Please check if you have data/settings/config.json file in place, and that AdminPassword is indeed set to empty string as follows:

"AdminPassword": [
    "",
    "string"
],

If it actually has some value there, set it to empty string and try logging in.

mynpt commented 7 years ago

Here is my config file in data/settings: config.json.txt

afterlogic-support commented 7 years ago

Ok, thank you. Are you getting any errors when trying to login? Or you're simply redirected back to login page? Also, if you check cookies in the browser console (F12 in Google Chrome, Application tab) - do you see AuthToken cookie there?

mynpt commented 7 years ago

Login failed with "The username or password you entered is incorrect." message in the login page. I can't found AuthToken cookie: untitled

mynpt commented 7 years ago

This is log file: log-2017-07-14.txt

vasil-sokolov commented 7 years ago

Hello, For some reason admin authentication logic can't check password. It seems crypt() method didn't work correctly. We need more debug info. Please replace modules/AdminAuth/Module.php file with this one. Module.php.zip Then clear logs and do login roundtrip.

Also please specify version of php you are using.

Will not be superfluous, if you turn on displaying of error reports by adding lines below

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

to top of index.php

Then you will be able to see and tell us how server response looks with errors. )

We are interested in request with these parametes in it Module "StandardLoginFormWebclient" Method "Login"

mynpt commented 7 years ago

I use php version 5.4.25. This is logfile: log-2017-07-17.txt In my case, I had to edit all empty() function as: $bCorrectEmptyPass = empty($aArgs['Password']) && empty($oSettings->GetConf('AdminPassword')); To: $AdminPassword = $oSettings->GetConf('AdminPassword'); $bCorrectEmptyPass = empty($aArgs['Password']) && empty($AdminPassword);

empty($oSettings->GetConf('AdminPassword')) is Fatal error: Can't use method return value in write context

vasil-sokolov commented 7 years ago

Hello, I can confirm your solution is the right one. Thank you for your help with this issue, it's a bug we will fix in the nearest release.

afterlogic-support commented 6 years ago

In the current version 8.1.6 of the product, the issue is corrected.