Closed 4everGhost closed 1 year ago
in: /web/installation/2.php
When register a new account over the installation setup the code will insert the clear text password into the table "sf_guard_user" password field. The result is that you can't login in over the /web/admin.php site.
(email_address, username, algorithm, salt, password, is_active, is_super_admin, created_at, updated_at) VALUES ('".$_POST['email']."', '".$_POST['username']."', 'sha1', '".$salt."', '".$_POST['password']."', '1', '1', NOW(), NOW())");
email_address
username
algorithm
salt
password
is_active
is_super_admin
created_at
updated_at
as you can see it insert the $_POST['password'], not the SHA1 hash of the salt and password.
ps.: Else everything is working fine, I just manually updated the password field with the right SHA1 hash and was able to login.
in: /web/installation/2.php
When register a new account over the installation setup the code will insert the clear text password into the table "sf_guard_user" password field. The result is that you can't login in over the /web/admin.php site.
(
email_address,username,algorithm,salt,password,is_active,is_super_admin,created_at,updated_at) VALUES ('".$_POST['email']."', '".$_POST['username']."', 'sha1', '".$salt."', '".$_POST['password']."', '1', '1', NOW(), NOW())");as you can see it insert the $_POST['password'], not the SHA1 hash of the salt and password.
ps.: Else everything is working fine, I just manually updated the password field with the right SHA1 hash and was able to login.