Textpattern CMS support forum

You are not logged in. Register | Login | Help

#71 2019-04-07 18:09:27

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,481

Re: Textpattern CMS demo site

Demo sites offline for a few hours of bumps while I move to a new datacenter.

Should be back online by 2200UTC.

Offline

#72 2019-04-07 20:33:21

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,481

Re: Textpattern CMS demo site

My intentions for this evening were to set up a new server with Percona-flavoured MySQL 8.0, latest PHP, plus extra turbo trimmings for performance and security in an Amsterdam datacenter.

I have achieved 99% of this, but one thing is incomplete so I have reverted to the pre-existing server: how to best handle users in MySQL 8.0.

At a high level, the demo sites run on a collection of Bash scripts that fire over the day. Every three hours, the sites are rebuilt. Behind the scenes, this involves:

  • gathering some files from GitHub
  • teardown of the existing site scaffold
  • rebuild of the scaffold from scratch
  • automatic installation of Textpattern
  • add some files
  • add some images
  • add some users

…and this is largely how things have been for nearly 5 years. Very few snags, mostly runs like clockwork.

The last item on that list — add some users — is where I’m falling down. On MySQL 5.7, it’s straightforward to add a heap of users with corresponding passwords in a .sql file:

INSERT INTO `txp_users` (`user_id`, `name`, `pass`, `RealName`, `email`, `privs`, `last_access`, `nonce`)
VALUES
(1,'managing-editor1',PASSWORD('managing-editor1'),'Managing Editor #1','managing-editor1@example.com',2,NULL,''),
(2,'managing-editor2',PASSWORD('managing-editor2'),'Managing Editor #2','managing-editor2@example.com',2,NULL,''),
(3,'managing-editor3',PASSWORD('managing-editor3'),'Managing Editor #3','managing-editor3@example.com',2,NULL,''),
(4,'managing-editor4',PASSWORD('managing-editor4'),'Managing Editor #4','managing-editor4@example.com',2,NULL,''),
(5,'managing-editor5',PASSWORD('managing-editor5'),'Managing Editor #5','managing-editor5@example.com',2,NULL,''),
(6,'managing-editor6',PASSWORD('managing-editor6'),'Managing Editor #6','managing-editor6@example.com',2,NULL,''),
(7,'managing-editor7',PASSWORD('managing-editor7'),'Managing Editor #7','managing-editor7@example.com',2,NULL,''),
(8,'managing-editor8',PASSWORD('managing-editor8'),'Managing Editor #8','managing-editor8@example.com',2,NULL,''),
(9,'managing-editor9',PASSWORD('managing-editor9'),'Managing Editor #9','managing-editor9@example.com',2,NULL,''),
(10,'managing-editor10',PASSWORD('managing-editor10'),'Managing Editor #10','managing-editor10@example.com',2,NULL,'');

(repeat for about six thousand lines, it’s about 630KB on a drive)

In MySQL 8.0, the PASSWORD() function has been removed…which means I can’t set the password automatically. It’s not currently clear to me how I can get around this, since substituting instances of PASSWORD with MD5 doesn’t help, and when I log in as one of the auto-added users, Textpattern throws an Internal Error modal and will go no further.

I will continue to look into this and flip the switch to the new server when I’ve solved it. For now, the demo server continues to live in Frankfurt.

In the meantime, you’re much smarter than I am — which is why I’m here — what can I change in the above user syntax that might yield better results?

Offline

#73 2019-04-07 22:54:16

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 8,629
Website

Re: Textpattern CMS demo site

You’ve got mail, but for completeness this is a pain. We’re going to probably be forced to do the following in upcoming Txp releases:

  • Check if the PASSWORD() function exists prior to trying to invoke it.
  • Not support upgrades from environments prior to Textpattern 4.3, which is when the password system changed.
  • Not permit people to be able to change passwords via MySQL. This is kind of good from a security standpoint, but annoying if you’ve forgotten your password as you can’t just log into the database and change it directly, then have Txp create you a proper one on login. You’ll need a PHP environment to do it and access to the Textpattern core files so you can run some PHP to update the database.

The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#74 2019-04-08 07:43:38

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,435
Website

Re: Textpattern CMS demo site

That’s all new to me.

But for the purposes of the demo, could you not insert the result of PASSWORD('…') in your SQL, thus bypassing the function? The PWs are predictable in this particular case…


TXP Builders – finely-crafted code, design and txp

Offline

#75 2019-04-08 08:29:46

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,481

Re: Textpattern CMS demo site

jakob wrote #317527:

But for the purposes of the demo, could you not insert the result of PASSWORD('…') in your SQL, thus bypassing the function? The PWs are predictable in this particular case…

I was considering this, but I thought it was too easy a solution…I’m glad to hear someone else suggest it!

I have full access to the PHP environment in the demo, so I’ll weigh up the pros and cons of the phpass route or just crunch each password through PASSWORD(). To be continued!

Offline

#76 2019-04-08 12:33:01

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,435
Website

Re: Textpattern CMS demo site

gaekwad wrote #317529:

I was considering this, but I thought it was too easy a solution…I’m glad to hear someone else suggest it!

In English we say “Great minds think alike” * :-)
In German they say “Two dummies, same thought”. Take your pick ?.

*to which the retort is “… but fools seldom differ!”


TXP Builders – finely-crafted code, design and txp

Offline

#77 2019-04-13 07:55:08

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,481

Re: Textpattern CMS demo site

jakob wrote #317538:

In English we say “Great minds think alike” * :-)
In German they say “Two dummies, same thought”. Take your pick ?.

This dummy is going to have another attempt at MySQL 8.0 this morning.

And so, please be aware there may some demo site availability issues until 1200UTC today.

Offline

#78 2019-04-13 12:25:43

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,481

Re: Textpattern CMS demo site

jakob wrote #317527:

But for the purposes of the demo, could you not insert the result of PASSWORD('…') in your SQL, thus bypassing the function? The PWs are predictable in this particular case…

I just tried this: it doesn’t work.

The query…:

INSERT INTO `txp_users` (`user_id`, `name`, `pass`, `RealName`, `email`, `privs`, `last_access`, `nonce`)
VALUES
	(1,'managing-editor1','*148A21ADCD976A60C9CBCC45A4E12B0182C5493A','Managing Editor #1','managing-editor1@example.com',2,NULL,''),
	(2,'managing-editor2','*47BDDAA4BD592DC9EACDF12811C2827423C5AA3C','Managing Editor #2','managing-editor2@example.com',2,NULL,''),
	(3,'managing-editor3','*4EA79AF019C4EF8CE793F9DAEB430A9E8EEC8395','Managing Editor #3','managing-editor3@example.com',2,NULL,''),
	(4,'managing-editor4','*76D4F5138D51A84B0E10E922B4FF2E4729ACE10B','Managing Editor #4','managing-editor4@example.com',2,NULL,''),
	(5,'managing-editor5','*CF72B87C4E0D21DAC39EB5B203CC4ECFDA7781B9','Managing Editor #5','managing-editor5@example.com',2,NULL,''),
	[…]

…inserts fine, no errors. Logging in throws the Internal error dialog, which I was half-expecting.

For completeness, I emailed Stef about this issue a few days and got a comprehensive email reply back very quickly…which I haven’t fully grok’d yet. With my workload and various brain issues the last few weeks, the steps to resolve are about three clicks above my mental pay grade, so it’s going to have to sit until I can digest and action it.

I think what I need to do right now is use phpass to chew through 6001 usernames and generate the respective password, and then use that as the password insert. I just don’t how to do that, at least not at the moment.

Last edited by gaekwad (2019-04-13 12:26:09)

Offline

#79 2019-04-13 14:12:54

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,435
Website

Re: Textpattern CMS demo site

Logging in throws the Internal error dialog, which I was half-expecting.

Hmm, I know nothing about what’s changed in MySQL, but I’m surprised plain-old existing imported passwords from earlier versions won’t carry over.
Would that not have huge implications for thousands or millions of sites with existing user bases? Will all those sites with online shops and large users bases now be obliged to force their users to reset their passwords in order to have continued access?


TXP Builders – finely-crafted code, design and txp

Offline

#80 2019-04-13 14:30:29

Gocom
Plugin Author
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,530
Website

Re: Textpattern CMS demo site

You could use the same password for each user. They do not need to be different, as they are not particularly unique anyways.

Now, if you do want to generate the users in the table, easiest way would be to use the API:

<?php
define('txpinterface', 'css');

require __DIR__ . '/index.php';

for ($i = 1; $i <= 6000; $i++) {
    $name = 'managing-editor' . $i;
    create_user($name, "{$name}@localhost.test", $name, "Managing Editor #{$i}", 2);
}

Setting the txpinterface constant to css and then including index.php appear still to be the only way to actually include all(-ish) dependencies without it echo’ing stuff all over the place. I wish there was a bootstrap file, and that Textpattern didn’t use die etc.

If you want to pre-generate hashes, you can do it the same way. You could dump the resulting database table, or you could generate them with the applicable Password hasher driver:

<?php
define('txpinterface', 'css');

require __DIR__ . '/index.php';

echo \Txp::get('\Textpattern\Password\Hash')->hash("yourPassword");

Last edited by Gocom (2019-04-13 14:31:37)

Offline

Board footer

Powered by FluxBB