Forums / Install & configuration / ez publish authentication
nicholas king
Tuesday 08 March 2011 6:30:40 am
Hello All,
we currently are having a issue with our install where users can goto the url {domain}/user/login
type in a valid username with no password and ez will log the person in as the user entered into the username box. So obviously our install is not checking passwords. Any ideas on how to force the install to check passwords on switching users?
Thanks
Nicholas
Greg McAvoy-Jensen
Tuesday 08 March 2011 8:18:20 am
In the admin interface, click on the setup tab, then upgrade > file consistency check. See if anyone has disabled password checking. This is occasionally useful during some custom development, but of course has to be reversed before the system is put into production.
Granite Horizon, Certified Developer of eZ Publish Web Solutions Provider of the SaaS Solution Granite Horizon In The Cloud | http://granitehorizon.com/cloud http://granitehorizon.com | +1 916 647 6350 | California USA | @granitegreg Blog: http://granitehorizon.com/blog
Wednesday 09 March 2011 1:53:39 am
Hello Greg,
That is exactly what had happened inside of /kernel/classes/datatypes/ezuser/ezuser.php
i had to search for the following line
return eZUser::createHash( $user, $password, $site, $type, $hash ) === (string) $hash;