Xibo

PHP Session Identifiers using SHA256 algorithm don't allow successful login

Bug #963177 reported by Alex Harrington on 2012-03-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Xibo	Fix Released	Low	Dan Garner	Xibo 1.3.3 "Faye"

Bug Description

2012-03-12 11:44:25
The query [INSERT INTO session (session_id, session_data, session_expiration, LastAccessed, LastPage, userID, IsExpired, UserAgent, RemoteAddr)
VALUES ('g77fq7qup6vr7r3btf5c1p71e061o8lbsj799h4govsuf79khkn0', 'pagename|s:5:\"index\";token|s:32:\"1a2164a28265546500a2213a557b68e2\";token_timeout|i:1331552665;', 1331554105, '2012-03-12 11:44:25', 'login', NULL, 0, 'Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2', 'xx')] failed to execute<br />MySQL error: Duplicate entry 'g77fq7qup6vr7r3btf5c1p71e061o8lb' for key 'PRIMARY'

The php.ini differs for the 2 installations. Here what I had to change in it:
; Select a hash function for use in generating session ids.
; Possible Values
; 0 (MD5 128 bits)
; 1 (SHA-1 160 bits)
; This option may also be set to the name of any hash function supported by
; the hash extension. A list of available hashes is returned by the hash_algos()
; function.
; http://php.net/session.hash-function
;session.hash_function = sha256
session.hash_function = 3

I commented out the sha256 and added the value 3 as it was in the older versions. That's all. That's the little devil who did all this work to me.

Related branches

lp:~dangarner/xibo/server-133

Merged into lp:xibo/1.3 at revision 239

Xibo Maintainters: Pending requested 2012-06-16

Diff: 15099 lines (+8047/-3854) (has conflicts)

101 files modified

server/3rdparty/jQuery/css/jquery-ui.css (+565/-0)
server/3rdparty/jQuery/datePicker.css (+0/-136)
server/3rdparty/jQuery/jquery-ui.min.js (+356/-0)
server/3rdparty/jQuery/jquery-ui.packed.js (+0/-1012)
server/3rdparty/jQuery/jquery.bgiframe.min.js (+0/-10)
server/3rdparty/jQuery/jquery.min.js (+4/-154)
server/3rdparty/jQuery/ui-elements.css (+0/-404)
server/index.php (+1/-1)
server/install/database/45.sql (+212/-0)
server/install/database/46.php (+79/-0)
server/install/database/46.sql (+16/-0)
server/install/database/47.sql (+34/-0)
server/lib/app/helpmanager.class.php (+1/-4)
server/lib/app/kit.class.php (+4/-5)
server/lib/app/responsemanager.class.php (+1/-1)
server/lib/app/translationengine.class.php (+1/-1)
server/lib/data/campaign.data.class.php (+190/-0)
server/lib/data/campaignsecurity.data.class.php (+188/-0)
server/lib/data/data.class.php (+6/-2)
server/lib/data/display.data.class.php (+15/-7)
server/lib/data/displaygroup.data.class.php (+6/-0)
server/lib/data/displaygroupsecurity.data.class.php (+42/-9)
server/lib/data/help.data.class.php (+89/-0)
server/lib/data/layout.data.class.php (+74/-10)
server/lib/data/layoutgroupsecurity.data.class.php (+0/-188)
server/lib/data/maintenance.data.class.php (+73/-0)
server/lib/data/schedule.data.class.php (+37/-33)
server/lib/data/userdata.data.class.php (+88/-0)
server/lib/data/usergroup.data.class.php (+7/-0)
server/lib/include.php (+2/-2)
server/lib/js/campaign.js (+47/-0)
server/lib/js/core.js (+32/-6)
server/lib/js/display.js (+30/-1)
server/lib/js/functions.js (+0/-28)
server/lib/js/layout.js (+106/-50)
server/lib/modules/module.class.php (+93/-10)
server/lib/pages/admin.class.php (+172/-9)
server/lib/pages/campaign.class.php (+656/-0)
server/lib/pages/content.class.php (+166/-198)
server/lib/pages/dataset.class.php (+5/-5)
server/lib/pages/display.class.php (+240/-5)
server/lib/pages/displaygroup.class.php (+249/-228)
server/lib/pages/group.class.php (+8/-8)
server/lib/pages/help.class.php (+430/-95)
server/lib/pages/index.class.php (+2/-2)
server/lib/pages/layout.class.php (+388/-608)
server/lib/pages/license.class.php (+2/-2)
server/lib/pages/module.class.php (+241/-27)
server/lib/pages/oauth.class.php (+3/-3)
server/lib/pages/region.class.php (+66/-0)
server/lib/pages/schedule.class.php (+75/-50)
server/lib/pages/stats.class.php (+6/-2)
server/lib/pages/user.class.php (+170/-45)
server/lib/service/xmdssoap.class.php (+107/-17)
server/locale/dbtranslate.php (+13/-2)
server/modules/HtmlTemplate.htm (+0/-161)
server/modules/datasetview.module.php (+32/-4)
server/modules/embedded.module.php (+2/-8)
server/modules/image.module.php (+11/-0)
server/modules/module_db_mysql.php (+1/-1)
server/modules/module_user_general.php (+237/-103)
server/modules/preview/HtmlTemplate.htm (+40/-0)
server/modules/preview/HtmlTemplateForGetResource.html (+375/-0)
server/modules/preview/jquery-cycle.min.js (+6/-0)
server/modules/preview/jquery.fittext.js (+45/-0)
server/modules/preview/jquery.marquee.js (+156/-0)
server/modules/preview/jquery.min.js (+4/-0)
server/modules/preview/xibo-text-render.js (+119/-0)
server/modules/shellcommand.module.php (+263/-0)
server/modules/text.module.php (+116/-32)
server/modules/ticker.module.php (+148/-47)
server/modules/webpage.module.php (+66/-13)
server/template/css/forms.css (+2/-2)
server/template/css/links.css (+13/-0)
server/template/css/presentation.css (+21/-2)
server/template/css/timeline.css (+206/-0)
server/template/css/xibo.css (+21/-18)
server/template/footer.php (+1/-1)
server/template/header.php (+10/-44)
server/template/pages/campaign_view.php (+82/-0)
server/template/pages/content_view.php (+38/-9)
server/template/pages/dataset_view.php (+33/-1)
server/template/pages/display_view.php (+33/-2)
server/template/pages/displaygroup_view.php (+33/-1)
server/template/pages/fault_view.php (+34/-1)
server/template/pages/group_view.php (+32/-1)
server/template/pages/help_view.php (+49/-0)
server/template/pages/layout_edit.php (+3/-2)
server/template/pages/layout_view.php (+31/-1)
server/template/pages/license_view.php (+34/-3)
server/template/pages/log_view.php (+33/-1)
server/template/pages/login_box.php (+14/-7)
server/template/pages/module_view.php (+76/-0)
server/template/pages/oauth_view.php (+32/-1)
server/template/pages/resolution_view.php (+34/-2)
server/template/pages/schedule_view.php (+1/-1)
server/template/pages/sessions_view.php (+32/-1)
server/template/pages/settings_view.php (+33/-1)
server/template/pages/stats_view.php (+33/-1)
server/template/pages/template_view.php (+32/-1)
server/template/pages/user_view.php (+32/-1)

Alex Harrington (alexharrington) on 2012-03-23

Changed in xibo:
status:	New → Triaged
importance:	Undecided → Low
milestone:	none → 1.4.0-rc1
milestone:	1.4.0-rc1 → 1.3.3

Dan Garner (dangarner) on 2012-05-04

Changed in xibo:
assignee:	nobody → Dan Garner (dangarner)
status:	Triaged → Fix Committed

Dan Garner (dangarner) on 2012-07-11

Changed in xibo:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.