I tried this, and other solutions. Wasted a whole day on it, and all of this morning. I tried new databases, and importing the old, and every other solution I could find here with no joy.
Eventually I stepped it through a debugger and found that the password check was failing but I could not see why.
The answer is in zc_install/functions/general.php
PHP Code:
function zen_validate_password($plain, $encrypted) {
if (!zen_not_null($plain) || !zen_not_null($encrypted)) {
return false;
}
if (strpos($encrypted, '$2y$') === 0) {
return zcPassword::getInstance(PHP_VERSION)->validatePassword($plain, $encrypted);
}
$stack = explode(':', $encrypted);
if (sizeof($stack) == 2) {
return (md5($stack[1] . $plain) == $stack[0]);
}
return false;
}
The actual line that fails is the password test on line 498
PHP Code:
return (md5($stack[1] . $plain) == $stack[0]);
Following the method above, I installed 1.5.4. Logged in as admin. Set new password. Tried upgrade. Failed
I then tried a manual test of this with the passwords copied out of the debugger.
PHP Code:
<?php
$plain = "abcd1234";
$encrypted = "42f389b2fd2b940226f62902200f1bb3d7c6d8a51ed6c108764a7bcda66bbe13:0bc48938797c1c45dd59b268898b9e5f66186dc590412d6566715f40784bafbd";
$stack = explode(':', $encrypted);
if (sizeof($stack) == 2) {
//return (md5($stack[1] . $plain) == $stack[0]);
if (md5($stack[1] . $plain) == $stack[0]) {
print "Pass";
}
else {
print "Fail";
}
}
?>
So I then took a sledgehammer to the code as follows :
zc_install_/includes/classes/installer.php
PHP Code:
@@ -709,11 +709,11 @@
//@TODO: deal with super-user requirement and expired-passwords?
$sql = "select admin_id, admin_name, admin_pass from " . $prefix . "admin where admin_name = '" . $this->db->prepareInput($admin_name) . "'";
$result = $this->db->Execute($sql);
- if ($result->EOF || $admin_name != $result->fields['admin_name'] || !zen_validate_password($admin_pass, $result->fields['admin_pass'])) {
- $this->setError(ERROR_TEXT_ADMIN_PWD_REQUIRED, ERROR_CODE_ADMIN_PWD_REQUIRED, true);
- } else {
+// if ($result->EOF || $admin_name != $result->fields['admin_name'] || !zen_validate_password($admin_pass, $result->fields['admin_pass'])) {
+// $this->setError(ERROR_TEXT_ADMIN_PWD_REQUIRED, ERROR_CODE_ADMIN_PWD_REQUIRED, true);
+// } else {
$this->candidateSuperuser = $result->fields['admin_id'];
- }
+// }
$this->db->Close();
}
}
This basically removes the password check and assumes that your password is OK.
There is clearly some issue but I have no idea what. I am no coder - but I can work my way through stuff slowly. I hope someone has a look at this for a fix, or at least it is useful to someone.
I may and try running it with the old admin password in 1.5.1 format and see what that comes up with.
B. Rgds
John
Bookmarks