Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 8:55 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 20 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Enable security?
PostPosted: Fri Sep 15, 2006 12:41 am 
Offline
Newbie

Joined: Wed Aug 16, 2006 4:23 am
Posts: 19
I tried to enable a password for the site the other day and it would not let me in. Is there a fix for this yet? If I enable security I get a blank page when I try to access the site.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Sep 15, 2006 12:50 am 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
Please edit the file include_config.php:

$use_pass = 'y';
$users = array(
'admin' => 'mypass'
);


Please take the new code svn-client (like tortoise).

Here is the URL for your client:
https://svn.sourceforge.net/svnroot/open-audit/trunk/


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Sep 15, 2006 3:52 am 
Offline
Newbie

Joined: Wed Aug 16, 2006 4:23 am
Posts: 19
So I need to download all those files and replace the existing ones I have? I have made changes to some of the code...

Where can I get the SVN Client?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Sep 15, 2006 4:33 am 
Offline
Newbie

Joined: Wed Aug 16, 2006 4:23 am
Posts: 19
I downloaded the new code and it still doesn't work. It prompts me a username and password but the one I entered does not work. I checked the include_config.php file and it has the correct password but still won't work. But I really only want authenication when I want to edit the data. Not for every visit to the site. Has anyone done this yet?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Sep 15, 2006 6:52 am 
Offline
Contributor

Joined: Fri Jul 14, 2006 1:16 am
Posts: 151
Location: Iowa
I posted how I fixed the problem here. Hope it helps.

http://www.open-audit.org/phpbb2/viewtopic.php?t=1377


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Sep 16, 2006 1:40 am 
Offline
Contributor

Joined: Thu Jul 13, 2006 7:54 am
Posts: 156
Same issue here...and your fix didn't seem to help either.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Sep 19, 2006 2:11 am 
Offline
Contributor

Joined: Fri Jul 14, 2006 1:16 am
Posts: 151
Location: Iowa
Try changing this line. (If you modified the setup.php and admin_config.php, you'll need to change those back)

In include.php I changed line 48

[code] if ($users[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW'])[/code]


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Sep 19, 2006 3:03 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Are you using IIS or Apache?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 20, 2006 3:04 am 
Offline
Contributor

Joined: Thu Jul 13, 2006 7:54 am
Posts: 156
I'm on IIS 6


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 20, 2006 3:07 am 
Offline
Contributor

Joined: Thu Jul 13, 2006 7:54 am
Posts: 156
glampe...thanks that did it for me


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 20, 2006 7:30 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Sory to sound thick, but what does the change do :oops:? Does it apply to Apache as well as IIS? If it applies to both I'll include it in the SVN, otherwise I'll need to code for Server Type to include this.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 21, 2006 1:11 am 
Offline
Contributor

Joined: Thu Jul 13, 2006 7:54 am
Posts: 156
Well it looks like that line in include.php has MD5Password...but in the admin_config file its only plan text so it wouldn't pass correctly.

I don't think it has anything to do with IIS or Apache.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 21, 2006 3:13 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
[quote="imacs"]Well it looks like that line in include.php has MD5Password...but in the admin_config file its only plan text so it wouldn't pass correctly.

I don't think it has anything to do with IIS or Apache.


Ok in that case, which change(s) do I need to apply to make it work as expected.
:?:

I assume just ..

In include.php I changed line 48 ....

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 21, 2006 5:09 am 
Offline
Contributor

Joined: Thu Jul 13, 2006 7:54 am
Posts: 156
well...it depends :-/

New installs should change the setup.php and admin_config file to relect the MD5

Exsisting installs should only change the include.php


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 21, 2006 6:41 am 
Offline
Contributor

Joined: Fri Jul 14, 2006 1:16 am
Posts: 151
Location: Iowa
I found a problem with changing the admin_config.php and md5.

The page displays the current password in the form which is already encrypted.

If you make a setting change, but leave the password as is, the md5 password is encrypted again thus breaking that password.

We would need to make some changes to the admin_config.php to prevent this.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 20 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group