[geeklog-devel] Strange storage of strings (and other data) ingl_conf_values

Blank, Jessica Jessica.Blank at mtvnmix.com
Mon Mar 3 16:02:22 EST 2008


I can't log in locally at all. I see the 'Admin' user in the gl_users
table, but the password 'password' did not work when I attempted to log
in as this user.

Note that I do have some detritus in the users table from the live
version of the database I copied it from; I admit that my users table is
NOT stock. However, I should still be able to log in!

I am confused that most of the 'passwd' fields seem to contain...
floating point numbers?  Most of the passwords are stored as large
floating-point numbers between 0 and 1, e.g. 0.2239629378419284. What
sort of hashing algorithm is this?

In any case, some of the passwd fields do contain identifiable DES
hashes, prepended with '{crypt}'. I thus attempted to change the
password of 'Admin' to 'password' myself, by generating a DES hash of
the string 'password' using Perl's crypt() function, prepending the text
'{crypt}', and changing 'Admin''s passwd field to contain the result.
Still no go.

I can't get into the system at all via local authentication. I haven't
touched the remote authentication stuff since [backing up and] wiping
out my old 1.4.1 files and doing a clean 1.5 install from CVS.

Any ideas? How can I get into this system? The 'Admin' login seems to be
kaput.

--Jessica

-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Mark R.
Evans
Sent: Monday, March 03, 2008 3:18 PM
To: Geeklog Development
Subject: Re: [geeklog-devel] Strange storage of strings (and other data)
ingl_conf_values

Jessica,

I'm going to make a couple of assumptions, hopefully they are valid.

1. I assume you upgraded an existing GL141 site to the latest CVS
snapshot?  If that is true, I'm assuming when GL141 was installed, it
created the standard admin login called Admin with a password of
'password'.  That user should still be valid?

2. Since you are using the upgraded GL150cvs code, none of your remote
authentication code is in place yet, hence the ability to login locally
using Admin/password.

If these assumptions are invalid, then you may need to take a new
approach to setting up your GL150cvs development system.  You might be
better off creating a completely new site from scratch, running the
standard install and letting the install create the local Admin user.
>From there, you can then start porting your LDAP remote authentication
code and probably address the questions you've already asked, how to
convey root privileges to a remote user.

Good luck!
Mark

On Mon, 3 Mar 2008, Blank, Jessica wrote:

> Danke. I still don't know how to create a root login though. How can I

> do this? And what if I use remote authentication; how do I confer root

> powers to a user authenticated via a remote system?
>
> ________________________________
>
> From: geeklog-devel-bounces at lists.geeklog.net
> [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Mark R.
> Evans
> Sent: Monday, March 03, 2008 3:02 PM
> To: Geeklog Development
> Subject: Re: [geeklog-devel] Strange storage of strings (and other 
> data) ingl_conf_values
>
>
> Jessica,
>
> Look for the neat new link under Admins Only called Configuration.  
> From there, you can change it all!
>
> Thanks!
> Mark
>
>
> On Mon, Mar 3, 2008 at 1:54 PM, Blank, Jessica 
> <Jessica.Blank at mtvnmix.com> wrote:
>
>
> 	Ja, and I was trying to do just this. However, this sort of
thing 
> used
> 	to go in 'config.php'... And, well, I don't know any way to
change it
> 	now.
>
> 	See, the default site name is 'Another Nifty Geeklog Site' and, 
> well....
> 	I did a recursive grep for this string, and couldn't find any
new 
> .php
> 	file where this string existed.
>
> 	So, if I'm not supposed to change it in the database, if I'm
supposed 
> to
> 	change it via $_CONF... Then where am I supposed to change it?
> And
> 	please don't say "public_html/siteconfig.php"; this file says,
right 
> at
> 	the top, "You should not need to edit this file. See the
installation
> 	instructions for details".
>
> 	Said installation instructions still reference config.php, which
is 
> no
> 	longer being used...
>
> 	So I have no idea where I'm SUPPOSED to change these settings,
if not 
> by
> 	manually changing them in the database. :/
>
> 	--Jessica
>
>
> 	-----Original Message-----
> 	From: geeklog-devel-bounces at lists.geeklog.net
> 	[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of
Joe
> 	Mucchiello
> 	Sent: Monday, March 03, 2008 1:45 PM
> 	To: Geeklog Development
> 	Subject: Re: [geeklog-devel] Strange storage of strings (and
other 
> data)
> 	in gl_conf_values
>
> 	At 01:14 PM 3/3/2008, Blank, Jessica wrote:
> 	>Hello gang:
> 	>
> 	>         I am working to port my LDAP authentication class to
> the
> 	> latest (as of today, Monday, 3/3/2008) CVS version of geeklog.
> In the
> 	> process, I noticed something odd in the database. In 
> gl_conf_values,
> 	> strings aren't stored as 'foo', they're stored like
's:3:"foo";',
> 	> where 3 is the length of the string 'foo'.
> 	>
> 	>         Why is this done? It seems unnecessary. Can't the
> length of a
> 	> string be determined with a simple strlen()?
>
> 	gl_conf_values can store anything so everything is serialize'd
before
> 	storage[1]. You should not do any queries against
gl_conf_values. You
> 	should be using $_CONF['whatever'] to reference configuration
data 
> like
> 	you do in 1.4.1.
>
> 	[1] http://us2.php.net/manual/en/function.serialize.php
>
>
> 	----
> 	Joe Mucchiello
> 	Throwing Dice Games
> 	http://www.throwingdice.com
>
> 	_______________________________________________
> 	geeklog-devel mailing list
> 	geeklog-devel at lists.geeklog.net
> 	http://eight.pairlist.net/mailman/listinfo/geeklog-devel
> 	_______________________________________________
> 	geeklog-devel mailing list
> 	geeklog-devel at lists.geeklog.net
> 	http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
>
>
>
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel



More information about the geeklog-devel mailing list