search

kumarsivarajan / mollify

Automatically exported from code.google.com/p/mollify
0 stars 0 forks source link

Password hashing error #485

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. install mollify_2.2.2
2. add user=123 password=generate
3. see Request failed

error log:

MOLLIFY
ERROR: PHP error #2, is_readable(): open_basedir restriction in effect. 
File(/dev/urandom) is not within the allowed path(s):
(/var/www/site/data:.)
(/var/www/site/data/www/files.site.ru/backend/vendor/phpass/PasswordHash.php:51)
\n{0:{function:globalErrorHandler,
args:{0:2, 1:is_readable(): open_basedir restriction in effect.
File(/dev/urandom) is not within the allowed path(s):
(/var/www/site/data:.),
2:/var/www/site/data/www/files.site.ru/backend/vendor/phpass/PasswordHash.php,
3:51, 4:{count:16, output:}}}............

Original issue reported on code.google.com by SerChe...@gmail.com on 29 Oct 2013 at 11:27

GoogleCodeExporter commented 8 years ago 
last version 2.1.9 work normal

Original comment by SerChe...@gmail.com on 29 Oct 2013 at 11:37

GoogleCodeExporter commented 8 years ago 
Version 2.2 uses more secure hashing using PHPass 
(http://www.openwall.com/phpass/), which tries to access "/dev/urandom".

Can you try adding this to allowed list according to this post: 
http://stackoverflow.com/questions/1846882/open-basedir-restriction-in-effect-fi
le-is-not-within-the-allowed-paths

Original comment by samuli.j...@gmail.com on 29 Oct 2013 at 11:41

GoogleCodeExporter commented 8 years ago 
Or, if this is not possible, try modifying 
"backend/vendor/phpass/PasswordHash.php" line 51

        if (is_readable('/dev/urandom') &&
into
        if (@is_readable('/dev/urandom') &&

ie add @-sign

Original comment by samuli.j...@gmail.com on 29 Oct 2013 at 11:45

GoogleCodeExporter commented 8 years ago 
sorry, i have already installed 2.1.9 version..
user added without problems
but

i press "create new folder" in main filder, input name and see
Request failed

log:

MOLLIFY
ERROR: PHP error #8, Undefined index: folder_actions 
(/var/www/site/data/www/files.site.ru/backend/include/Features.class.php:48)\n{0
:{file:/var/www/site/data/www/files.site.ru/backend/include/Features.class.php,
line:48, function:globalErrorHandler, args:{0:8, 1:Undefined index:
folder_actions,
2:/var/www/site/data/www/files.site.ru/backend/include/Features.class.php,
3:48, 4:{feature:folder_actions}}},
1:{file:/var/www/site/data/www/files.site.ru/backend/include/Features.class.php,
line:52, function:isFeatureEnabled, class:Features, object:Features, type:->, 
args:{0:folder_actions}}, 
2:{file:/var/www/site/data/www/files.site.ru/backend/include/filesystem/Filesyst
emController.class.php,
line:507, function:assertFeature, class:Features, object:Features, type:->, 
args:{0:folder_actions}}, 
3:{file:/var/www/site/data/www/files.site.ru/backend/include/services/Filesystem
Services.class.php,
line:337, function:createFolder, class:FilesystemController, 
object:FILESYSTEMCONTROLLER, type:->, args:{0:FILESYSTEMITEM Folder
(LocalFilesystem): [526fa0704f296] =
'\xd0\x92\xd1\x8b\xd1\x81\xd1\x82\xd0\xb0\xd0\xb2\xd0\xba\xd0\xb0' (), 1:123}}, 
4:{file:/var/www/site/data/www/files.site.ru/backend/include/services/Filesystem
Services.class.php......................

Original comment by SerChe...@gmail.com on 29 Oct 2013 at 12:01

GoogleCodeExporter commented 8 years ago 
php 5.4.19

Original comment by SerChe...@gmail.com on 29 Oct 2013 at 12:02

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
Yes, that was fixed in 2.2. You can add following line into Features.class.php

"folder_actions" => TRUE,

Original comment by samuli.j...@gmail.com on 29 Oct 2013 at 1:09

GoogleCodeExporter commented 8 years ago 
i have installed 2.1.7 version.. it works fine, no error

Original comment by SerChe...@gmail.com on 29 Oct 2013 at 1:22

GoogleCodeExporter commented 8 years ago 
2.1.7 version not work with internet explorer(((

installed 2.1.7 version again

corrected:
if (is_readable('/dev/urandom') &&
into
if (@is_readable('/dev/urandom') &&

add following line into Features.class.php
"folder_actions" => TRUE,

...

log in on main page
see
"Request failed"

MOLLIFY ERROR: ServiceException: INVALID_CONFIGURATION=User auth info missing 
1, referer: http://www.files.site.ru/index.html

MOLLIFY ERROR: 
{0:{file:/var/www/site/data/www/files.site.ru/backend/include/Authentication.cla
ss.php, line:114, function:auth, class:Authentication, type:->, args:{0:{id:1, 
name:login, lang:, email:}, 1:, 2:password}}, 
1:{file:/var/www/site/data/www/files.site.ru/backend/include/services/SessionSer
vices.class.php, line:59, function:login, class:Authentication, type:->, 
args:{0:login, 1:password}}, 
2:{file:/var/www/site/data/www/files.site.ru/backend/include/services/SessionSer
vices.class.php, line:51, function:authenticate, class:SessionServices, 
type:->, args:{}}, 
3:{file:/var/www/site/data/www/files.site.ru/backend/include/services/ServicesBa
se.class.php, line:59, function:processPost, class:SessionServices, type:->, 
args:{}}, 
4:{file:/var/www/site/data/www/files.site.ru/backend/include/MollifyBackend.clas
s.php, line:82, function:processRequest, class:ServicesBase, type:->, args:{}}, 
5:{file:/var/www/site/data/www/files.site.ru/backend/r.php, line:63, 
function:processRequest, class:MollifyBackend, type:->, args:{0:Request}}}, 
referer: http://www.files.site.ru/index.html

Original comment by SerChe...@gmail.com on 29 Oct 2013 at 5:27

GoogleCodeExporter commented 8 years ago 
and not work in internet explorer
see error index.html string 30

Original comment by SerChe...@gmail.com on 29 Oct 2013 at 5:32

GoogleCodeExporter commented 8 years ago 
You have corrupted your installation, the error "INVALID_CONFIGURATION=User 
auth info missing 1" cannot be from 2.1.7. The message refers to new password 
hashing, so it is from 2.2. And in 2.2 you don't have to put the 
"folder_actions" into the Features.class.php.

If you switch versions, start from clean db and clean www folder so you don't 
end up using different files from different versions.

Original comment by samuli.j...@gmail.com on 29 Oct 2013 at 5:56

GoogleCodeExporter commented 8 years ago 
I haven't tested with IE for a long time, haven't decided yet what versions I 
will support. Propably nothing under 9, perhaps only 10. But I'll see how the 
latest works in IE 9.

Original comment by samuli.j...@gmail.com on 29 Oct 2013 at 5:58

GoogleCodeExporter commented 8 years ago 
- start from clean db and clean www folder
- install mollify_2.2.2
- add in php_admin_value open_basedir "...:/dev/urandom:"
all work fine, but 
i press "create new folder" in main folder and see
"!en:mainviewCreateFolderTitle"
, input name and see
Request failed

help please

Original comment by SerChe...@gmail.com on 29 Oct 2013 at 7:23

GoogleCodeExporter commented 8 years ago 
Just released 2.2.3 with UI improvements, like the missing text (was due to 
localization syntax change).

For the request failed, I need the PHP error log.

Original comment by samuli.j...@gmail.com on 29 Oct 2013 at 7:52

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
- start from clean db and clean www folder
- install mollify_2.2.3
- add in php_admin_value open_basedir "...:/dev/urandom:"

all work fine!!! in firefox)

thank you!

Original comment by SerChe...@gmail.com on 30 Oct 2013 at 5:54

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
Merging this

Original comment by samuli.j...@gmail.com on 30 Oct 2013 at 1:57