Jump to:

4952 Posts in 14417 Topics by 1491 members

Installing SilverStripe

SilverStripe Forums » Installing SilverStripe » Admin password ends up in clear in firstname!!!

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 5019 Views
  • Bob the Butcher
    Avatar
    Community Member
    2 Posts

    Admin password ends up in clear in firstname!!! Link to this post

    Just done my first (test) install of SS - everything went well, but upon the first login as admin, I noticed that the name under which the system shows me as "Logged in" is in fact my admin password!

    Checking my profile confirms that:

    Under Firstname, we find my admin password (in clear!),
    Surname is correct,
    Email is correct,
    Password is... empty!

    Now I understand that this being my first foray into SS territory, perhaps you guys have developed a slightly different philosophy when it comes to security, user credentials and all - but this doesn't exactly make me feel secure.

    I guess my hunt for the best CMS for the job I'm producing at the moment goes on... Next up, ModX I suppose.

  • Willr
    Avatar
    Forum Moderator
    5490 Posts

    Re: Admin password ends up in clear in firstname!!! Link to this post

    Are you sure you just didnt enter your password in the incorrect field?. If you refill your actual details and then save, reload the page does it reset back to showing the password as the first name?

    All passwords should be encrypted and salted while stored so you shouldn't be seeing them at all unless its saving it into the incorrect field

  • Bob the Butcher
    Avatar
    Community Member
    2 Posts

    Re: Admin password ends up in clear in firstname!!! Link to this post

    Are you sure you just didnt enter your password in the incorrect field?

    That's quite unlikely, for one thing because I'm a bit hypersensitive when it comes to this kind of things. I use high security passwords, and when you're the kind of freak that bothers with weird combinations of uppercase, lowercase, numbers and extended chars., you do pay attention to what you type, and where you type it.

    Besides, that still wouldn't explain why I can log in with the correct credentials (i.e. email / password in the right fields) but find the password displayed as username once I'm logged in, and my password field empty when I browse to the Security > security groups > Administrator page...

    In any case, assuming as you do that I'd been careless enough to fill my intended password in the username field (and my username... somewhere else I suppose?) , then there is no way I could log in by using that password in the password field (and my username in the right field), huh?

  • Willr
    Avatar
    Forum Moderator
    5490 Posts

    Re: Admin password ends up in clear in firstname!!! Link to this post

    What version of SilverStripe are you using? If you have access to phpmyadmin could you open up that to your database and view the 'Member' table. What does that look like? Is the password field a hashcode or just plain text?

  • NickNameKnack
    Avatar
    Community Member
    7 Posts

    Re: Admin password ends up in clear in firstname!!! Link to this post

    Hey Willr

    you seem to understand the SilverStripe pretty well. I tried to log onto the CMS section and it tells me the email and password do not match yet I know they do and it even said so on the successful install page. It had all my details correct. What am I doing wrong?

    This is the page I got to and it said this (I starred out the email and password for security reasons):

    *******************************************

    Installation Successful

    Congratulations, SilverStripe has been successfully installed.

    You can start editing your site's content by opening the CMS.
    Email: ********
    Password: ********

    For security reasons you should now delete the install files, unless you are planning to reinstall later. The web server also now only needs write access to the "assets" folder, you can remove write access from all other folders.

    Click here to delete the install files.

    *******************************************
    AND I DID CLICK TO DELETE THE INSTALL FILES. and it auto took me to this page:
    *******************************************

    Deleted installation files

    Installation files have been successfully deleted.

    You can start editing your site's content by opening the CMS.
    Email: ******
    Password: ******

    *******************************************
    I clicked on the CMS link and it said this:
    *******************************************

    Log in

    Enter your email address and password to access the CMS.

    Email
    Password

    Remember me next time?

    I've lost my password

    *******************************************

    so I logged in using my details and it said this:

    *******************************************

    Log in

    That doesn't seem to be the right e-mail address or password. Please try again.
    Email
    Password

    Remember me next time?

    I've lost my password

    *******************************************
    EVEN THOUGH IT WAS THE RIGHT EMAIL AND PASSWORD AND IT EVEN TOLD ME IT HAD THE RIGHT LOG IN AND PASSWORD ONTHE FIRST PAGE THAT SAID SUCCESSFUL INSTALL - please help. It took alot to get the thing to go this far and I am loosing my patience bt really wanted to use this software.
    *******************************************

  • Willr
    Avatar
    Forum Moderator
    5490 Posts

    Re: Admin password ends up in clear in firstname!!! Link to this post

    Ok something maybe up with your database, couple things you can try

    1) Hard code a member -
    in your mysite/_config.php file add this line - Security::setDefaultAdmin('test','somepassword');
    Now you should be able to at least login to the cms with 'test' and 'somepassword' as the email / password combination

    2) Remove all members and rebuild -
    This method requires PHPMyadmin or mysql access. Most hosts should have phpmyadmin so you need to open that up. Select your database you installed with, Click your the 'Members' table. Then hit the 'Empty' link in the top right of the page. This removes all the current incorrect members. Now to readd the member you need to go http://www.yoursite.com/db/build?username=test&password=somepassword and it should display in green 'Added Admin Account' then you should be able to login

    Hope that helps.

  • dgw
    Avatar
    Community Member
    3 Posts

    Re: Admin password ends up in clear in firstname!!! Link to this post

    Never mind: just ran through the install process again. Pretty sure I entered the admin password twice. That would put it the the "Administrator first name:" field.

    ##################

    I'm seeing this too. I just installed version 2.3.1 in "Empty template, ready to begin the tutorial" mode. I logged into the CMS and there in the bottom right is my password. "Logged in as my-password" Plain text for all the world to see.

    screen shot of the CMS page:
    http://www-personal.ksu.edu/~david/silverstripe-cms.jpg

    This is the starter 'admin' account. I haven't set any other properties for that account. everything is right out of the box.

    I'm running this in OS X with MAMP 1.7.2. Apache 2.2.11, php 5.2.6.

    David White

  • GrumGrim
    Avatar
    Community Member
    1 Post

    Re: Admin password ends up in clear in firstname!!! Link to this post

    I try to go http://www.yoursite.com/db/build?username=test&password=somepassword
    without do nothing, it work fine.

    thx,willr

    5019 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.