[Ltb-users] issue with token encryption? (was Re: Self service password trouble. AND Re: email token never gets sent)

Christian Unger c.unger at uq.edu.au
Thu May 19 23:35:00 CEST 2011


Hello again Clément

Sorry snowed under but right now I have time :)

So I still seem to have the problem, which mirror's admin's here:

PHP Warning:  Wrong parameter count for strstr() in
/usr/share/self-service-password/functions.inc.php on line 301

PHP Notice:  Undefined variable: keyphrase in
/usr/share/self-service-password/functions.inc.php on line 314

PHP Warning:  mcrypt_generic_init() [<a
href='function.mcrypt-generic-init'>function.mcrypt-generic-init</a>]: Iv
size incorrect; supplied length: 0, needed: 32 in
/usr/share/self-service-password/functions.inc.php on line 317

PHP Notice:  Undefined index:  login in
/usr/share/self-service-password/pages/resetbytoken.php on line 66

Unable to open session
\xa0\xdf\xb8\xa7\xe8\x8b\xfe=]\xcb\xf0\xb3o/SZmjC\xfd\x95\x93T\xfa\x83\xec\
x15\xdf\xfc\xf4\xaf;1+\xf9]\r\xb5\xa4\xcf\x18\x9fc\xb8\xbe9rVb\x0c\xd7\x9c\
xf8\xa31\x8e\xd5\xa1


But the keyphrase is there:
[root at tangelo:/usr/share/self-service-password]# grep keyphrase
config.inc.php
# Encryption, decryption keyphrase
$keyphrase = "secret1234";


And no, I'm not upgrading, this was a new install from the rpm:
Name        : self-service-password        Relocations: (not relocatable)
Version     : 0.5                               Vendor: LTB-project
Release     : 1.el5                         Build Date: Sun 10 Apr 2011
02:41:26 AM EST
Install Date: (not installed)               Build Host:
localhost.localdomain
Group       : Applications/Web              Source RPM:
self-service-password-0.5-1.el5.src.rpm
Size        : 119294                           License: GPL
Signature   : DSA/SHA1, Sun 10 Apr 2011 02:41:46 AM EST, Key ID
0ac51f926d45bfc5
Packager    : Clement OUDOT <clem.oudot at gmail.com>
URL         : http://ltb-project.org
Summary     : LDAP password change web interface
Description :
Self Service Password is a simple PHP application that allows users to
change their password on an LDAP directory.
Self Service Password is provided by LDAP Tool Box project:
http://ltb-project.org


If I use $crypt_tokens = false; it works great.

This is a RHEL5 system, but my php stack comes from IUS (Rackspace):
[root at tangelo:/usr/share/self-service-password]# rpm -qa | grep php
php52-devel-5.2.17-1.ius.el5
php52-5.2.17-1.ius.el5
php-pear-1.4.9-6.el5
php52-gd-5.2.17-1.ius.el5
php52-mcrypt-5.2.17-1.ius.el5
php52-common-5.2.17-1.ius.el5
php52-cli-5.2.17-1.ius.el5
php52-ldap-5.2.17-1.ius.el5


I think the problem might be that strstr() doesn't take 3 arguments until
version 5.3.0 of PHP according to their documentation:
http://php.net/manual/en/function.strstr.php (see the changelog and
example)

Cheers
Christian

On 19/05/11 22:49 , "Clément OUDOT" <clem.oudot at gmail.com> wrote:

>Le 19 mai 2011 14:41, admin <admin at webmerchantsinc.com> a écrit :
>> #cat /etc/php5/apache2/php.ini | grep "safe_mode = "
>> safe_mode = Off
>>
>> #chmod 777 /var/lib/php5/
>> # ls -la /var/lib/php5/
>> total 24
>> drwxrwxrwx  2 www-data www-data 4096 2011-05-19 15:30 .
>> drwxr-xr-x 42 root     root     4096 2011-03-29 14:57 ..
>> -rw-------  1 www-data www-data   37 2011-05-19 15:23
>> sess_0201840c7a10ef6c7e59f41df0cccac5
>> -rw-------  1 www-data www-data   15 2011-05-19 15:12
>> sess_4ded593c488295551950a17f4b856611
>> -rw-------  1 www-data www-data   37 2011-05-19 15:30
>> sess_714ed47eb0fdee4d27d35b5491e71b6a
>> -rw-------  1 www-data www-data    0 2011-05-19 15:30
>> sess_bd42c3f444c6ce7babdbabfefb9744aa
>> -rw-------  1 www-data www-data    0 2011-05-19 15:23
>> sess_eb1ac1e7226d15900af4feaff214f7a1
>> -rw-------  1 www-data www-data   15 2011-05-19 15:23
>> sess_f92b21c39d9eaef7531bddc7e7c2d1bb
>>
>> #chown -R www-data:www-data /var/lib/php5/
>>
>> # ls -la /var/lib/ | grep php5
>> drwxrwxrwx  2 www-data  www-data 4096 2011-05-19 15:30 php5
>>
>> ****
>> Apache is running under www-data and this user now is owner of
>> /var/lib/php5/  directory.
>> But I stil receive errors:
>>
>> Warning: Wrong parameter count for strstr() in
>>/home/ssp/functions.inc.php
>> on line 301
>>
>> Notice: Undefined variable: keyphrase in /home/ssp/functions.inc.php on
>>line
>> 314
>>
>> Warning: mcrypt_generic_init() [function.mcrypt-generic-init]: Iv size
>> incorrect; supplied length: 0, needed: 32 in
>>/home/ssp/functions.inc.php on
>> line 317
>>
>> Warning: session_start() [function.session-start]: Cannot send session
>>cache
>> limiter - headers already sent (output started at
>>/home/ssp/index.php:70) in
>> /home/ssp/pages/resetbytoken.php on line 65
>>
>> Notice: Undefined index: login in /home/ssp/pages/resetbytoken.php on
>>line
>> 66
>>
>> Token is not valid
>
>
>Try first to disable token encryption in config.inc.php :
>
>$crypt_tokens = false;
>
>
>It this works, revert it to true and check your $keyphrase parameter is
>correct.
>_______________________________________________
>ltb-users mailing list
>ltb-users at lists.ltb-project.org
>http://lists.ltb-project.org/listinfo/ltb-users



More information about the ltb-users mailing list