View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0016756||phpList 3 application||Installation||public||17-03-13 14:15||21-03-13 12:21|
|Target Version||Fixed in Version||2.11.8|
|Summary||0016756: Password invalid after clean install|
|Description||Problem found in SVN trunk version.|
I did a clean install with an empty database.
Entered my email address and password.
The database was initialised successfully then clicked button to continue.
The login page was then displayed but with a page title of Configuration Options.
I entered my email address and password but they were rejected with "invalid password". The default password "phplist" did not work either.
Investigating the code, in initialise.php the entered password is hashed using MD5 regardless of the algorithm in the config file. I think that the MD5 hash value is then being hashed again.
To work around this I had to edit the admin table directly to enter a plain-text password. I was able to login with this password, and the password then seemed to be hashed automatically.
|Tags||No tags attached.|