View Issue Details

IDProjectCategoryView StatusLast Update
0016756phplist applicationInstallationpublic21-03-13 12:21
Reporterduncanc 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.11.7 
Target VersionFixed in Version2.11.8 
Summary0016756: Password invalid after clean install
DescriptionProblem found in SVN trunk version.

I did a clean install with an empty database.

Entered my email address and password.
The database was initialised successfully then clicked button to continue.
The login page was then displayed but with a page title of Configuration Options.

I entered my email address and password but they were rejected with "invalid password". The default password "phplist" did not work either.

Investigating the code, in initialise.php the entered password is hashed using MD5 regardless of the algorithm in the config file. I think that the MD5 hash value is then being hashed again.
To work around this I had to edit the admin table directly to enter a plain-text password. I was able to login with this password, and the password then seemed to be hashed automatically.

TagsNo tags attached.

Activities

michiel

21-03-13 12:21

manager   ~0051961

avoided duplication of password encryption