need help - no login

hello,

are there any news about the login problem ???

is it possible, that the problem is a sql problem?

my isp changed the sql version. since this day i can not administrad my guestbooks.

best regards

bernd

So this only happened after your host updated?

Could you email me the link so I can see your page?

What SQL version is your host running? It should make no difference as the SQL queries are a simple and standard format that will not be changed.

I updated my site's MySQL from 4.0.20 to 4.1.8 and can't get into the admin system either.

There is some information at MySQL about changes to the password exchange system in MySQL 4.1, perhaps we're falling into that issue? Specifically the "password handling changes" section at the bottom of http://dev.mysql.com/doc/mysql/en/Upgrading-from-4.0.html ?

OK, I thought this through a little more and have managed to fix the problem (at least for my guestbook).

Before doing anything, dump your database to have a baseline to restore back to before doing any of the following, your milage may vary, all the rest of the usual disclaimers apply to my suggestion below:

It appears that MySQL 4.1+ might treat "password" by itself as a field name as a magic field, automatically applying the new password encryption rules on the data in a field with that name.

To fix this on my site I went into phpMyAdmin and clicked on the book_auth table, then clicked browse to pull up the data inside that table, and then on the pencil to edit the admin I wanted to fix. From there, I put in "value" the *PLAINTEXT* password that I wanted to use, and in the 'function' pulldown selected PASSWORD. Upon clicking "go" there was now a new encrypted password in the field and viola, logins to the guestbook admin function now work again.

I believe you can un-do just the attempt at password change in phpMyAdmin by saving the data from password field in notepad, doing the above change, and if it doesn't work just pasting the original data back into the field without selecting a function. Or just restore the dump you made of the entire database before attempting the change

Course, if your password doesn't work before or after this change, it shouldn't really matter what the data in that field is, but I digress.

Luck.
P

Wonder why they changed it. I could alter my password/username reset script to restore the defaults but using th enew password system.

I believe the changes mentioned above are to how the password is sent to log on to the server and not how the passwords are encrypted.

I'm not sure either, the internals of this stuff are somewhat beyond me

I do know that 123 in the 'new' 4.1 system is encoded in the database as *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 rather than 773359240eb9a1d9. On my system, using the string starting with 773 does not allow login with 4.1 server, the one starting with *23A does, which is what lead me to belive that it's a storage/encoding magic action rather than a handshake. I would think the standard PHP call would be the same, with the handshake taken care of by the library (which I also recompiled to PHP-5.0.3 at the same time I updated MySQL, pointing at the new /usr/local/mysql source tree).

Seems stupid to me to change the password function given that a lot of scripts use it. This would mean that every site that runs a script that uses password() will have to recreate the password. I am writing an upgrade script to upgrade Advanced Guestbook 2.2 to 2.3.1 so I'll make a version of my password reset script to help people with this problem.

OK, I did a little more experimenting.

I changed session.class.php lines 41 54 to read "SET password=OLD_PASSWORD" instead of "SET password=PASSWORD" and changed the database entry back to 773359240eb9a1d9 and 123 works again, so it looks like even though they changed the function, they did leave a backward compatibility path for now.

admin.php line 177 also needs to be changed to allow changing the password without locking yourself out of the site

Anyway, hopefully this was of some help to ya.
Take care,
P

I've rewritten my reset script to allow users to specify a new username and password. This should also make it easier for people with the latest SQL versions and this problem to fix it. I will upload when I get home as this forum does not allow attachments and I have no FTP access to my site from here.

OK if your hosts have updated their MySQL version and you can no longer login you can use my password/username reset script to change the username and password or to just update them to the new password encryption. Simply download www.carbonize.co.uk/reset.zip and read the readme file.

This has been tested by me on my guestbook. Works like a charm. Very good work Carbonize.

i have tested all my guestbook. your script woks very good.

thank you very much.

best regards

bernd