Go to main content

Navigation menu

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » Archives
  3. » sql warning message when login is wrong txp 4.0.4

Pages: 1

#1 2006-10-26 22:12:31

makason
Member
From: Hilo, Hawaii
Registered: 2005-01-23
Posts: 34
Website

sql warning message when login is wrong txp 4.0.4

after upgrading to 4.0.4 I get a error message on top of screen when login is wrong:

Warning: You have an error in your SQL syntax near ‘(lower(‘a’)) or pass = old_password(‘a’)) and privs > 0’ at line 2 select name from txp_users where name = ‘a’ and (pass = old_password(lower(‘a’)) or pass = old_password(‘a’)) and privs > 0 in /var/www/html/gum_2/www_chibella/textpattern/lib/txplib_db.php on line 84

this message is displayed in testing and live mode

How can this be turned of? Doesn’t look pretty…

Thanks

Offline

#2 2006-10-26 23:01:40

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: sql warning message when login is wrong txp 4.0.4

Which MySQL version are you using?
I’m guessing older than 4.0.11, because old_password was added in that version of MySQL according to the changelog.

Offline

#3 2006-10-27 02:15:37

makason
Member
From: Hilo, Hawaii
Registered: 2005-01-23
Posts: 34
Website

Re: sql warning message when login is wrong txp 4.0.4

MySQL: 3.23.58-log

All my 4.0.3 txp sites on this server don’t show this error message when login is wrong…

what can I do? upgrading MySQL is not an option or moving to a different host

Does anybody else experience this problem after upgrading?

Thanks

Offline

#4 2006-10-27 02:54:48

Mary
Sock Enthusiast
Registered: 2004-06-27
Posts: 6,236

Re: sql warning message when login is wrong txp 4.0.4

This problem couldn’t have been the result of the 4.0.4 upgrade: that exact code has been there since before 4.0.

You can hide this by modifying the file textpattern/include/auth.php:

1. Find line 46. It looks like this:

} else { // try old_password mysql hash

change it to this:

} /* else { // try old_password mysql hash

2. Find line 55. It looks like this:

}

change it to this:

} */

Offline

#5 2006-10-27 06:14:52

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: sql warning message when login is wrong txp 4.0.4

This problem couldn’t have been the result of the 4.0.4 upgrade

I think with 4.0.4 we made sure that erranous queries are reported every time, rather than silently discarded. helps greatly with trouble-shooting. Unfortunately we didn’t account for the above possibility. This will be fixed, in the meantime mary’s workaround should help.

Offline

#6 2006-10-27 20:13:18

makason
Member
From: Hilo, Hawaii
Registered: 2005-01-23
Posts: 34
Website

Re: sql warning message when login is wrong txp 4.0.4

thanks Mary and Sencer.

please see my post on remote textpattern attack on publish.php. Any ideas how to prevent attacks like that?

Offline

Pages: 1

  1. Index
  2. » Archives
  3. » sql warning message when login is wrong txp 4.0.4

Board footer

Powered by FluxBB