Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.16.14

Bug #6551 Secret key in conf.php not taken into account
Submitted: 2006-01-22 18:54 UTC
From: goethals_d at hotmail dot com Assigned: lsmith
Status: Closed Package: LiveUser
PHP Version: 5.0.4 OS: WXP
Roadmaps: (Not assigned)    
Subscription  


 [2006-01-22 18:54 UTC] goethals_d at hotmail dot com
Description: ------------ Set encryption mode to RC4 in configuration file. If the secret key is set to 'test', I can login. If I modify the secret key to 'word' without changing the DB contents, I can still login. Note that the password encrypted with LiveUser::Crypt_RC4 or the password encrypted with PEAR::Crypt_RC4 using the same secret key do not match. Test script: --------------- conf.php ... 'authContainers' => array( array( 'type' => 'MDB2', 'expireTime' => 3600, 'idleTime' => 1800, 'allowDuplicateHandles' => 0, 'allowEmptyPasswords' => 0, 'passwordEncryptionMode'=> 'RC4', 'secret' => 'test', ...

Comments

 [2006-01-23 12:29 UTC] lsmith
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. There was an error in the way the $secret property was defined.