nicokaiser
commented
10 years ago Thanks for the fix! It's released in version 1.0.1.
Closed fabianperrey closed 10 years ago
nicokaiser
commented
10 years ago Thanks for the fix! It's released in version 1.0.1.
Hi there,
First things first: Thank you for that very nice piece of software! Made me to finally join up github. =)
To the issue: I had some problems with your implementation of the crypt() function, resulting in "badauth" all the time.
In Users.php (line 25) you check the user password like this:
$salt = substr($matches[2], 0, 2); if (crypt($password, $salt) === $matches[2]) { $this->debug('Login successful for user ' . $user); return true; }
According to the php documentation the given password should be checked using the complete stored hash as salt to avoid problems with different hashing algorithms. So i changed it that way:
if (crypt($password, $matches[2]) === $matches[2]) { $this->debug('Login successful for user ' . $user); return true; }
Now when generating a password using htpasswd -d i had no problems.
See php documentation for crypt(): http://www.php.net/manual/en/function.crypt.php
Hope it might help.
Regards FP