Forums / Install & configuration / ez publish authentication

ez publish authentication

Previous topic

Install & configuration

Next topic

Author	Message
nicholas king	Tuesday 08 March 2011 6:30:40 am Hello All, we currently are having a issue with our install where users can goto the url {domain}/user/login type in a valid username with no password and ez will log the person in as the user entered into the username box. So obviously our install is not checking passwords. Any ideas on how to force the install to check passwords on switching users? Thanks Nicholas
Greg McAvoy-Jensen	Tuesday 08 March 2011 8:18:20 am In the admin interface, click on the setup tab, then upgrade > file consistency check. See if anyone has disabled password checking. This is occasionally useful during some custom development, but of course has to be reversed before the system is put into production. Granite Horizon, Certified Developer of eZ Publish Web Solutions Provider of the SaaS Solution Granite Horizon In The Cloud \| http://granitehorizon.com/cloud http://granitehorizon.com \| +1 916 647 6350 \| California USA \| @granitegreg Blog: http://granitehorizon.com/blog
nicholas king	Wednesday 09 March 2011 1:53:39 am Hello Greg, That is exactly what had happened inside of /kernel/classes/datatypes/ezuser/ezuser.php i had to search for the following line return eZUser::createHash( $user, $password, $site, $type, $hash ) === (string) $hash; Thanks Nicholas

Author

Message

nicholas king

Tuesday 08 March 2011 6:30:40 am

Hello All,

we currently are having a issue with our install where users can goto the url {domain}/user/login

type in a valid username with no password and ez will log the person in as the user entered into the username box. So obviously our install is not checking passwords. Any ideas on how to force the install to check passwords on switching users?

Thanks

Nicholas

Greg McAvoy-Jensen

Tuesday 08 March 2011 8:18:20 am

In the admin interface, click on the setup tab, then upgrade > file consistency check. See if anyone has disabled password checking. This is occasionally useful during some custom development, but of course has to be reversed before the system is put into production.

Granite Horizon, Certified Developer of eZ Publish Web Solutions
Provider of the SaaS Solution Granite Horizon In The Cloud | http://granitehorizon.com/cloud
http://granitehorizon.com | +1 916 647 6350 | California USA | @granitegreg
Blog: http://granitehorizon.com/blog

nicholas king

Wednesday 09 March 2011 1:53:39 am

Hello Greg,

That is exactly what had happened inside of /kernel/classes/datatypes/ezuser/ezuser.php

i had to search for the following line

return eZUser::createHash( $user, $password, $site, $type, $hash ) === (string) $hash;

Thanks

Nicholas