Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Pre and post installtion problems?


Reply


3 Posts   1375 Views

Avatar
dvl

4 Posts

6 October 2007 at 11:27am

Hi,

This is the first time for me to use this awesome CMS. When I tried to install it for the first time it gave me a few warnings about enabling some features in php (e.g. allow_call_time_pass_reference), and that it cant verify my apache version, hence it cant verify if mod_rewrite is enabled and that I need to write it myself. For all the warnings I got I did the changes and everything was happy green. except for the mod_write, I'm hosting my web site with a hosting company and I know for sure that this module is on. Anyway I continued with the installation it gave me the message that it couldn't find it and that installation was successful.

And here what SS added to my .htaccess file

### SILVERSTRIPE START ###
RewriteEngine On

RewriteCond %{REQUEST_URI} !(\.gif)|(\.jpg)|(\.png)|(\.css)|(\.js)|(\.php)$

RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
### SILVERSTRIPE END ###

Now the problems:

First thing the email address and password which I provided during the installation and the installer shown them correctly when I tried to use them for login I couldn't so I checked using phpmyadmin the member table and I found that it didn't save what I provided and used the default instead.

So I reseted the the email and password and was able to login finally. But I noticed that the password is saved in plain text, is that how SS saves it? I mean there is no encryption for the password?

Second, after I logged in successfully I noticed that it didn't switch automatically to the admin page, so I had to go back and then click the CMS link again, same thing when I changed the email and password after save it didn't close the box and get back the administrator page, is that how it works? Is that ok?

Thank you,

Avatar
Willr

Forum Moderator, 5513 Posts

7 October 2007 at 4:56pm

Edited: 07/10/2007 4:57pm

Good Points raised.

I mean there is no encryption for the password? - not currently, Markus one of the GSoC students has been working on this. And I believe he has added things like choosing what encryption method you can use and any optional salt you can apply to the passwords.

These improvements will probably be in the 2.2 release but check out this page http://doc.silverstripe.com/doku.php?id=security

Avatar
dvl

4 Posts

9 October 2007 at 6:01am

Thanks for your reply. Do you have an idea as to what could be the reason for my other two problems?

Thank you