Testing Bugzilla under WinNT 4.0 Workstation, with ActiveState Perl 5.005_03. Using MySQL-Shareware for Win95/98. Version 2.32.22-shareware-debug. In CGI.pl library within subroutine "confirm_login", the use of MySql Encrypt function for password encryption fails. MySQL returns NULL. Also occurs in globals.pl library within subroutine "InsertNewUser". Required Changes to workaround; -------- CGI.pl ---------- #original SendSQL("SELECT encrypt(" . SqlQuote($enteredpwd) . ", " . #original SqlQuote(substr($realcryptpwd, 0, 2)) . ")"); #original my $enteredcryptpwd = FetchOneColumn(); my $enteredcryptpwd = crypt($enteredpwd, substr($realcryptpwd, 0, 2)); -------- globals.pl ---------- #original SendSQL("insert into profiles (login_name, realname, password, cryptpassword, groupset) values ($username, $realname, '$password', encrypt('$password'), $groupset)"); SendSQL("insert into profiles (login_name, realname, password, cryptpassword, groupset) values ($username, $realname, '$password','". crypt($password,$password)."', $groupset)");
email@example.com is the new owner of Bugzilla and Bonsai. (For details, see my posting in netscape.public.mozilla.webtools, news://news.mozilla.org/38F5D90D.F40E8C1A%40geocast.com .)
Assignee: terry → tara
This bug has not been touched for more than nine months. In most cases, that means it has "slipped through the net". Please could the owner take a moment to add a comment to the bug with current status, and/or close it. Thank you :-) Gerv
There are changes present so I'll put this up for 2.14.
QA Contact: matty
moving to real milestones...
Target Milestone: --- → Bugzilla 2.16
This was resolved with the documentation update in bug 17566, detailed Windows NT installation instructions. I will be checking the Bugzilla Guide into CVS tonight or tomorrow morning, which includes the workaround for Windows NT installations that do not support the crypt() function.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
In search of accurate queries.... (sorry for the spam)
Target Milestone: Bugzilla 2.16 → Bugzilla 2.12
The current entry in the Bugzilla Guide reads: "* Modify globals.pl and CGI.pl to remove the word "encrypt". Note: I'm not sure this is all that is involved to remove crypt. Any NT Bugzilla hackers want to pipe up?" Is this all that's needed? CCing barnboy. Gerv
I reported this bug, and just re-ported 2.11 to our NT box. So heres the list of locations to replace SQL Encrypt with perl crypt... backdoor.cgi: *) Acutally uses the "correct" crypt (perl version) CGI.pl: *) sub confirm_login: needs SQL Encrypt replaced by Perl crypt (line ~680) checksetup.pl: *) needs SQL encrypt replaced where it stores the initial Admin password (line ~1355) *) needs SQL encrypt replaced where a "fixup" is done for existing instalations (line ~1700) editusers.cgi: *) In the "#Add the new user" section, needs SQL encrypt replaced at line ~484 *) Also in the update password section line ~820 globals.pl *) sub InsertNewUser needs SQL encrypt replaced (line ~606) sanitycheck.pl *) Uses SQL Encrypt for password consistency checking (line ~160) userperfs.pl *) around lines ~140 & 150 uses SQL encrypt for setting verifying passwords.
Moving closed bugs to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
You need to log in before you can comment on or make changes to this bug.