Cacti 1.0.x first time password change

[anhtuan206]

Hi everyone,
I am installing cacti 1.0.5 and 1.0.6 on new server. At the first time of the installation cacti will ask for change the default password but after input the current and the new password, web browser display that "The page isn't working".
Did anyone see this issue with cacti 1.0.5 or 1.0.6?

[anhtuan206]

Hi guys,
I found the way to fix the issue by modify the cacti database to change the "must_change_password" in the table "user_auth" to none.

[anhtuan206]

After logged in I see the logs as below.

2017-03-15 23:40:02 - SYSTEM STATS: Time:1.1523 Method:cmd.php Processes:1 Threads:N/A Hosts:2 HostsPerProcess:2 DataSources:5 RRDsProcessed:5
2017-03-15 23:37:31 - AUTH LOGIN: User 'admin' Authenticated
2017-03-15 23:35:03 - SYSTEM STATS: Time:1.1522 Method:cmd.php Processes:1 Threads:N/A Hosts:2 HostsPerProcess:2 DataSources:5 RRDsProcessed:5
2017-03-15 23:33:10 - CMDPHP PHP ERROR Backtrace: (CactiShutdownHandler)(/lib/functions.php: 4303 cacti_debug_backtrace)
2017-03-15 23:33:10 - ERROR PHP ERROR: Call to undefined function password_verify() in file: /var/www/html/cacti/auth_changepassword.php on line: 113
2017-03-15 23:30:02 - SYSTEM STATS: Time:1.1534 Method:cmd.php Processes:1 Threads:N/A Hosts:2 HostsPerProcess:2 DataSources:5 RRDsProcessed:5
2017-03-15 23:27:10 - CMDPHP PHP ERROR Backtrace: (CactiShutdownHandler)(/lib/functions.php: 4303 cacti_debug_backtrace)
2017-03-15 23:27:10 - ERROR PHP ERROR: Call to undefined function password_verify() in file: /var/www/html/cacti/auth_changepassword.php on line: 113
2017-03-15 23:27:09 - CMDPHP PHP ERROR Backtrace: (CactiShutdownHandler)(/lib/functions.php: 4303 cacti_debug_backtrace)
2017-03-15 23:27:09 - ERROR PHP ERROR: Call to undefined function password_verify() in file: /var/www/html/cacti/auth_changepassword.php on line: 113
2017-03-15 23:25:57 - CMDPHP PHP ERROR Backtrace: (CactiShutdownHandler)(/lib/functions.php: 4303 cacti_debug_backtrace)
2017-03-15 23:25:57 - ERROR PHP ERROR: Call to undefined function password_verify() in file: /var/www/html/cacti/auth_changepassword.php on line: 113

[pete68]

I have the same problem with version 1.0.6 on Centos 7 (Linux cacti.intranet 3.10.0-514.10.2.el7.x86_64).

I tried the work around by editing DB table but the field is only 2 characters wide so "none" doesn't fit and "no" didn't work either.

must_change_password char(2) Yes None NULL

Seems to be a problem with the following line of code but not being a coder I can't quite work it out:-

if ((!password_verify(get_nfilter_request_var('current_password'), $user['password'])) && $user['password'] != $current_password_old) {

Any easy way to bypass the change password option on initial setup?

Thanks

Pete

[anhtuan206]

Yeah, i was mean Null.
I am sorry, I used incorrect word

[pete68]

NULL still didn't work for me so I turned on php errors and checked other php settings like safe mode was off. What I get with errors turned on is:-

Fatal error: Call to undefined function password_verify() in /var/www/html/cacti/auth_changepassword.php on line 113

[anhtuan206]

I mean leave the must_change_password field blank in the DB.
Another thing, do you have problem with the browser was used to change the password.
I was used chrome when facing changing password issue. After modify the DB, I can login the cacti with another browser or Chrome in Incognito mode. If I use Chrome as normal, when open http://cactiserver/cacti, cacti still ask me to change the password so can't login. I tried to clear the Chrome data too but no success.

[pete68]

Tried incognito, edge, rebooted server still get same problem HTTP Error 500.

[anhtuan206]

[root@centos7 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9289
Server version: 5.6.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use cacti;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select * from user_auth;
+----+----------+----------------------------------+-------+---------------+---------------+----------------------+-----------------+-----------+-----------+--------------+----------------+------------+---------------+--------------+--------------+------------------------+---------+------------+-----------+------------------+--------+-----------------+----------+-------------+
| id | username | password | realm | full_name | email_address | must_change_password | password_change | show_tree | show_list | show_preview | graph_settings | login_opts | policy_graphs | policy_trees | policy_hosts | policy_graph_templates | enabled | lastchange | lastlogin | password_history | locked | failed_attempts | lastfail | reset_perms |
+----+----------+----------------------------------+-------+---------------+---------------+----------------------+-----------------+-----------+-----------+--------------+----------------+------------+---------------+--------------+--------------+------------------------+---------+------------+-----------+------------------+--------+-----------------+----------+-------------+
| 1 | admin | 21232f297a57a5a743894a0e4a801fc3 | 0 | Administrator | NULL | NULL | on | on | on | on | NULL | 2 | 1 | 1 | 1 | 1 | on | -1 | -1 | -1 | 0 | 0 | 0 | 0 |
| 3 | guest | 43e9a4ab75570f5b | 0 | Guest Account | | on | on | on | on | on | 3 | 1 | 1 | 1 | 1 | 1 | | -1 | -1 | -1 | | 0 | 0 | 0 |
+----+----------+----------------------------------+-------+---------------+---------------+----------------------+-----------------+-----------+-----------+--------------+----------------+------------+---------------+--------------+--------------+------------------------+---------+------------+-----------+------------------+--------+-----------------+----------+-------------+
2 rows in set (0.00 sec)

mysql> select * from user_auth where id=1
-> ;
+----+----------+----------------------------------+-------+---------------+---------------+----------------------+-----------------+-----------+-----------+--------------+----------------+------------+---------------+--------------+--------------+------------------------+---------+------------+-----------+------------------+--------+-----------------+----------+-------------+
| id | username | password | realm | full_name | email_address | must_change_password | password_change | show_tree | show_list | show_preview | graph_settings | login_opts | policy_graphs | policy_trees | policy_hosts | policy_graph_templates | enabled | lastchange | lastlogin | password_history | locked | failed_attempts | lastfail | reset_perms |
+----+----------+----------------------------------+-------+---------------+---------------+----------------------+-----------------+-----------+-----------+--------------+----------------+------------+---------------+--------------+--------------+------------------------+---------+------------+-----------+------------------+--------+-----------------+----------+-------------+
| 1 | admin | 21232f297a57a5a743894a0e4a801fc3 | 0 | Administrator | NULL | NULL | on | on | on | on | NULL | 2 | 1 | 1 | 1 | 1 | on | -1 | -1 | -1 | 0 | 0 | 0 | 0 |
+----+----------+----------------------------------+-------+---------------+---------------+----------------------+-----------------+-----------+-----------+--------------+----------------+------------+---------------+--------------+--------------+------------------------+---------+------------+-----------+------------------+--------+-----------------+----------+-------------+
1 row in set (0.01 sec)

mysql> update user_auth set must_change_password="" where id=1
-> ;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

Try the above sql update then use another browser.

[anhtuan206]

Don't forget to set password for admin. I don't know the default password:
msql> update user_auth set password="" where id=1;

[pete68]

Thanks that worked in the end but broke my access with last command but this does work:-

mysql -u root -p

use cacti;

select * from user_auth;

select * from user_auth where id=1;

update user_auth set must_change_password="" where id=1;

update user_auth set password=md5('admin') where username='admin';

Cheers

Pete