google-code-backups / yii-usergroups

Automatically exported from code.google.com/p/yii-usergroups
0 stars 0 forks source link

Salt is time zone dependent #13

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Have 2 identical system in different time zones.

What is the expected output? What do you see instead?
You can't login into system

What version of the product are you using? On what operating system?
1.6.8 1.7

Please provide any additional information below.
I think in the UserGroupsUser.php you should use:

public function getSalt()
{
// turn the creation_date into the corresponding timestamp
list($date, $time) = explode(' ', $this->creation_date);
$date = explode('-', $date);
$time = explode(':', $time);

//with this command mktime will return identical value
date_default_timezone_set('UTC');

$timestamp = mktime($time[0], $time[1], $time[2], $date[1], $date[2], $date[0]);
// create the salt
$salt = $this->username . $timestamp;
// add the additional salt if it's provided
if (Yii::app()->controller->module->salt)
    $salt .= Yii::app()->controller->module->salt;
return $salt;
}

Original issue reported on code.google.com by yenyas...@gmail.com on 4 Jun 2011 at 11:57

GoogleCodeExporter commented 8 years ago
done! i'll make the release asap

thanks a lot for the support

Original comment by nic...@creationgears.com on 6 Jun 2011 at 7:44

GoogleCodeExporter commented 8 years ago
I think people might have problems when they upgrade module because salt might 
be change. Please, to think about it.

Original comment by yenyas...@gmail.com on 6 Jun 2011 at 7:59

GoogleCodeExporter commented 8 years ago
unfortunately being the passwords cripted i cannot automatically change them on 
the db.

they will all have to reset their passwords (that's what i did).

i'll give the proper instruction anyway, thanks a lot ^^

Original comment by nic...@creationgears.com on 6 Jun 2011 at 8:13