Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.16.14
Bug #6551 Secret key in conf.php not taken into account
Submitted: 2006-01-22 18:54 UTC
From: goethals_d at hotmail dot com Assigned: lsmith
Status: Closed Package: LiveUser
PHP Version: 5.0.4 OS: WXP
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 50 - 37 = ?

 
 [2006-01-22 18:54 UTC] goethals_d at hotmail dot com
Description: ------------ Set encryption mode to RC4 in configuration file. If the secret key is set to 'test', I can login. If I modify the secret key to 'word' without changing the DB contents, I can still login. Note that the password encrypted with LiveUser::Crypt_RC4 or the password encrypted with PEAR::Crypt_RC4 using the same secret key do not match. Test script: --------------- conf.php ... 'authContainers' => array( array( 'type' => 'MDB2', 'expireTime' => 3600, 'idleTime' => 1800, 'allowDuplicateHandles' => 0, 'allowEmptyPasswords' => 0, 'passwordEncryptionMode'=> 'RC4', 'secret' => 'test', ...

Comments

 [2006-01-23 12:29 UTC] lsmith
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. There was an error in the way the $secret property was defined.