[Ltb-users] issue with token encryption? (was Re: Self service password trouble. AND Re: email token never gets sent)

admin admin at webmerchantsinc.com
Fri May 20 09:21:55 CEST 2011


Hello,
Is it possible to fix this to work with my version of php ?

php -v
PHP 5.2.6-3ubuntu4.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Sep 16 
2010 19:52:51)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies


On 5/20/2011 6:12 AM, Christian Unger wrote:
> There are still various errors, but on the whole it works on php53.
>
>
> Cheers
> Christian
>
> On 20/05/11 7:35 , "Christian Unger"<c.unger at uq.edu.au>  wrote:
>
>> Hello again Clément
>>
>> Sorry snowed under but right now I have time :)
>>
>> So I still seem to have the problem, which mirror's admin's here:
>>
>> PHP Warning:  Wrong parameter count for strstr() in
>> /usr/share/self-service-password/functions.inc.php on line 301
>>
>> PHP Notice:  Undefined variable: keyphrase in
>> /usr/share/self-service-password/functions.inc.php on line 314
>>
>> PHP Warning:  mcrypt_generic_init() [<a
>> href='function.mcrypt-generic-init'>function.mcrypt-generic-init</a>]: Iv
>> size incorrect; supplied length: 0, needed: 32 in
>> /usr/share/self-service-password/functions.inc.php on line 317
>>
>> PHP Notice:  Undefined index:  login in
>> /usr/share/self-service-password/pages/resetbytoken.php on line 66
>>
>> Unable to open session
>> \xa0\xdf\xb8\xa7\xe8\x8b\xfe=]\xcb\xf0\xb3o/SZmjC\xfd\x95\x93T\xfa\x83\xec
>> \
>> x15\xdf\xfc\xf4\xaf;1+\xf9]\r\xb5\xa4\xcf\x18\x9fc\xb8\xbe9rVb\x0c\xd7\x9c
>> \
>> xf8\xa31\x8e\xd5\xa1
>>
>>
>> But the keyphrase is there:
>> [root at tangelo:/usr/share/self-service-password]# grep keyphrase
>> config.inc.php
>> # Encryption, decryption keyphrase
>> $keyphrase = "secret1234";
>>
>>
>> And no, I'm not upgrading, this was a new install from the rpm:
>> Name        : self-service-password        Relocations: (not relocatable)
>> Version     : 0.5                               Vendor: LTB-project
>> Release     : 1.el5                         Build Date: Sun 10 Apr 2011
>> 02:41:26 AM EST
>> Install Date: (not installed)               Build Host:
>> localhost.localdomain
>> Group       : Applications/Web              Source RPM:
>> self-service-password-0.5-1.el5.src.rpm
>> Size        : 119294                           License: GPL
>> Signature   : DSA/SHA1, Sun 10 Apr 2011 02:41:46 AM EST, Key ID
>> 0ac51f926d45bfc5
>> Packager    : Clement OUDOT<clem.oudot at gmail.com>
>> URL         : http://ltb-project.org
>> Summary     : LDAP password change web interface
>> Description :
>> Self Service Password is a simple PHP application that allows users to
>> change their password on an LDAP directory.
>> Self Service Password is provided by LDAP Tool Box project:
>> http://ltb-project.org
>>
>>
>> If I use $crypt_tokens = false; it works great.
>>
>> This is a RHEL5 system, but my php stack comes from IUS (Rackspace):
>> [root at tangelo:/usr/share/self-service-password]# rpm -qa | grep php
>> php52-devel-5.2.17-1.ius.el5
>> php52-5.2.17-1.ius.el5
>> php-pear-1.4.9-6.el5
>> php52-gd-5.2.17-1.ius.el5
>> php52-mcrypt-5.2.17-1.ius.el5
>> php52-common-5.2.17-1.ius.el5
>> php52-cli-5.2.17-1.ius.el5
>> php52-ldap-5.2.17-1.ius.el5
>>
>>
>> I think the problem might be that strstr() doesn't take 3 arguments until
>> version 5.3.0 of PHP according to their documentation:
>> http://php.net/manual/en/function.strstr.php (see the changelog and
>> example)
>>
>> Cheers
>> Christian
>>
>> On 19/05/11 22:49 , "Clément OUDOT"<clem.oudot at gmail.com>  wrote:
>>
>>> Le 19 mai 2011 14:41, admin<admin at webmerchantsinc.com>  a écrit :
>>>> #cat /etc/php5/apache2/php.ini | grep "safe_mode = "
>>>> safe_mode = Off
>>>>
>>>> #chmod 777 /var/lib/php5/
>>>> # ls -la /var/lib/php5/
>>>> total 24
>>>> drwxrwxrwx  2 www-data www-data 4096 2011-05-19 15:30 .
>>>> drwxr-xr-x 42 root     root     4096 2011-03-29 14:57 ..
>>>> -rw-------  1 www-data www-data   37 2011-05-19 15:23
>>>> sess_0201840c7a10ef6c7e59f41df0cccac5
>>>> -rw-------  1 www-data www-data   15 2011-05-19 15:12
>>>> sess_4ded593c488295551950a17f4b856611
>>>> -rw-------  1 www-data www-data   37 2011-05-19 15:30
>>>> sess_714ed47eb0fdee4d27d35b5491e71b6a
>>>> -rw-------  1 www-data www-data    0 2011-05-19 15:30
>>>> sess_bd42c3f444c6ce7babdbabfefb9744aa
>>>> -rw-------  1 www-data www-data    0 2011-05-19 15:23
>>>> sess_eb1ac1e7226d15900af4feaff214f7a1
>>>> -rw-------  1 www-data www-data   15 2011-05-19 15:23
>>>> sess_f92b21c39d9eaef7531bddc7e7c2d1bb
>>>>
>>>> #chown -R www-data:www-data /var/lib/php5/
>>>>
>>>> # ls -la /var/lib/ | grep php5
>>>> drwxrwxrwx  2 www-data  www-data 4096 2011-05-19 15:30 php5
>>>>
>>>> ****
>>>> Apache is running under www-data and this user now is owner of
>>>> /var/lib/php5/  directory.
>>>> But I stil receive errors:
>>>>
>>>> Warning: Wrong parameter count for strstr() in
>>>> /home/ssp/functions.inc.php
>>>> on line 301
>>>>
>>>> Notice: Undefined variable: keyphrase in /home/ssp/functions.inc.php on
>>>> line
>>>> 314
>>>>
>>>> Warning: mcrypt_generic_init() [function.mcrypt-generic-init]: Iv size
>>>> incorrect; supplied length: 0, needed: 32 in
>>>> /home/ssp/functions.inc.php on
>>>> line 317
>>>>
>>>> Warning: session_start() [function.session-start]: Cannot send session
>>>> cache
>>>> limiter - headers already sent (output started at
>>>> /home/ssp/index.php:70) in
>>>> /home/ssp/pages/resetbytoken.php on line 65
>>>>
>>>> Notice: Undefined index: login in /home/ssp/pages/resetbytoken.php on
>>>> line
>>>> 66
>>>>
>>>> Token is not valid
>>>
>>> Try first to disable token encryption in config.inc.php :
>>>
>>> $crypt_tokens = false;
>>>
>>>
>>> It this works, revert it to true and check your $keyphrase parameter is
>>> correct.
>>> _______________________________________________
>>> ltb-users mailing list
>>> ltb-users at lists.ltb-project.org
>>> http://lists.ltb-project.org/listinfo/ltb-users
>> _______________________________________________
>> ltb-users mailing list
>> ltb-users at lists.ltb-project.org
>> http://lists.ltb-project.org/listinfo/ltb-users
> _______________________________________________
> ltb-users mailing list
> ltb-users at lists.ltb-project.org
> http://lists.ltb-project.org/listinfo/ltb-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20110520/3cf6fcb0/attachment.htm>


More information about the ltb-users mailing list