Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-16328

Wrong hash stored in database on hash update in ezUser.php

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 4.3.0rc1
    • 4.2.0
    • Users and Access control
    • None

    • Operating System: Linux and Windows
      PHP Version: (please be specific, like '4.4.3' or '5.1.5') 5.2.0
      Database and version: MySQL 5.1.36
      Browser (and version): IE8 and Firefox 3.5.7

    Description

      When //UpdateHash// is //enabled// and //AuthenticateMatch// is set to //login;email// updating hash to //md5_user/ can result in wrong hash being stored in the database.
      The new hash can be generated from the concatenation of //email and password// instead of //login and password//. In the //eZUser::createHash// call the variable //$login// is used instead of //$userRow['login']//.

      Steps to reproduce

      Change hash type from //md5_password// to //md5_user//. Login with an email (not login name).

      Attachments

        1. ezuser_update_hash.patch
          0.6 kB

        Activity

          People

            als als
            nguilhot nguilhot
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: