using cacti 0.6 the auth scheme is broken in the default install.
seems that there needs to be an entry for an allowed host or something?
I get denied access on the first login php logs
[29-Nov-2001 19:35:40] PHP Warning: Supplied argument is not a valid MySQL result resource in /www/htdocs/server/cacti/auth/include/login.php on line 20
mysql logs the expected search with sql connect, and the select admin / admin
Suggestions?
cacti auth
Moderators: Developers, Moderators
The first thing to try is redownload cacti:
http://www.raxnet.net/downloads/cacti-0.6.tar.gz
I made some changes to the origional SQL scripts since it was first released. Then run:
mysqladmin -u root -p drop cacti
mysqladmin -u root -p create cacti
mysql -u root -p cacti < SQL
By default the authentication code works fine. You may also want to check the following though:
in include/config.php make sure:
- You have a valid database/database user and password specified
- Make sure the "$path_webroot" is filled in with you apache web root (like /var/www/html)
- Make sure the "$path_webrrd" contains cacti's path within the webroot (like /cacti)
If you do not see the cacti picture on the login screen, your paths are not correct.
Once you login with admin/admin you will be asked to retype a new password.
Ian
http://www.raxnet.net/downloads/cacti-0.6.tar.gz
I made some changes to the origional SQL scripts since it was first released. Then run:
mysqladmin -u root -p drop cacti
mysqladmin -u root -p create cacti
mysql -u root -p cacti < SQL
By default the authentication code works fine. You may also want to check the following though:
in include/config.php make sure:
- You have a valid database/database user and password specified
- Make sure the "$path_webroot" is filled in with you apache web root (like /var/www/html)
- Make sure the "$path_webrrd" contains cacti's path within the webroot (like /cacti)
If you do not see the cacti picture on the login screen, your paths are not correct.
Once you login with admin/admin you will be asked to retype a new password.
Ian
Hi Ian,
this is the mysql log from login
323305 Query select * from auth_users where username="admin" and password = encrypt("admin",MD5("admin"))
323305 Query insert into auth_log (username,success,attemptedpass,ip) values("admin",0,"admin","208.33.80.102")
this is the query done manually and the resul
mysql> select * from auth_users where username="admin" and password = encrypt("admin",MD5("admin"));
ERROR 1064: You have an error in your SQL syntax near '("admin"))' at line 1
mysql version 3.22.32 (linux)
apache 1.3.14
php 4.0.3pl1 (older I know, however I have requirements... for 4.0.3pl1)
this is the mysql log from login
323305 Query select * from auth_users where username="admin" and password = encrypt("admin",MD5("admin"))
323305 Query insert into auth_log (username,success,attemptedpass,ip) values("admin",0,"admin","208.33.80.102")
this is the query done manually and the resul
mysql> select * from auth_users where username="admin" and password = encrypt("admin",MD5("admin"));
ERROR 1064: You have an error in your SQL syntax near '("admin"))' at line 1
mysql version 3.22.32 (linux)
apache 1.3.14
php 4.0.3pl1 (older I know, however I have requirements... for 4.0.3pl1)
There is something busted in my encrypt() functions as they are used in the login.php and changepassword.php.
I removed the encrypt() from the query lines, updated the passwords to plain text and login/password changes are effective.
I'll use the mysql password functions to store encrypted passwords, although they fly around the internet in the web forms as plain text...
Thanks for a great tool!
I removed the encrypt() from the query lines, updated the passwords to plain text and login/password changes are effective.
I'll use the mysql password functions to store encrypted passwords, although they fly around the internet in the web forms as plain text...
Thanks for a great tool!
I'll have to look into that bug. I am using MySQL 3.23.36 and the SQL string:
select * from auth_users where username="admin" and password = encrypt("admin",MD5("admin"));
Seems to work ok for me. When I get home tonight I will see about an alternative to the 'encrypt' function. If you know of anything better for this situation feel free to suggest something.
select * from auth_users where username="admin" and password = encrypt("admin",MD5("admin"));
Seems to work ok for me. When I get home tonight I will see about an alternative to the 'encrypt' function. If you know of anything better for this situation feel free to suggest something.
Let mysql encrypt it with the password() function?
line 25 of changepassword.php
mysql_query("update auth_users set mustchangepassword='',password=PASSWORD('$password') where id='$userid'");
line 19 0f login.php
$res_id_user = mysql_query("select * from auth_users where username='$username' and password=PASSWORD('$password')");
line 25 of changepassword.php
mysql_query("update auth_users set mustchangepassword='',password=PASSWORD('$password') where id='$userid'");
line 19 0f login.php
$res_id_user = mysql_query("select * from auth_users where username='$username' and password=PASSWORD('$password')");
Who is online
Users browsing this forum: No registered users and 2 guests