Error then trying to login about password-manager HOT 23 CLOSED

It might be your web browser still use the old JS (cache) if your new
pwmanager is under same domain. Try to use private browsing mode to see if
it works.

Let me know the result.

On Thursday, 17 March 2016, nickbe [email protected] wrote:

I created one user and successfully logged in.
Then I created a pin.
Logout
Then I tried to login, but failed (with the password) and there was no
obvious way to enter the pin.
After creating several new users there was still no way of logging in.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#25

from password-manager.

When I open a new private window I can login, but after setting a pin and logout... there's no "use pin to login" button and if I try and login with the same user/password nothing happens anymore.
The problem seems to be with the pincode routines.

from password-manager.

I forgot: After closing the private browser and reopening I cannot again login.

from password-manager.

I can now confirm that after setting a pin I cannot login anymore.
This happens on Firefox and Chrome.
When using private browsing then I can reset the problem by closing/reopening the browser.

from password-manager.

It's still the same. Setting the pin doesn't give me a pin option on relogin. And using standard login won't work anymore after that

from password-manager.

Hi @nickbe sorry but I can't reproduce your problem. After 5fbe322 it just works fine to me in both chrome and firefox.

May I ask you to try my site: pas.jeffery.cc? Please let me know if it still fails

from password-manager.

Hi @nickbe I've tested on both chrome and firefox in Windows and Linux. But I can't reproduce your problem. Maybe you can solve this problem by installing the new version v9.08. You can try v9.08 in http://phppasswordmanager.sourceforge.net/ and see whether it works. I recommend you to try in private browsing since you might have cache. Or refresh several times before you start.

For now I'll close this bug [WORKSFORME]

from password-manager.

ok I tried everything, but nothing works.
But I just saw that when I start the password-manager then there are two cookies:
device + username.
Both are expired the moment I open or refresh the site. So when I open the site at 22:23 then
the cookie expires at 22:23, but on the 15th of march. That's 2 days before today. Somethings wrong here!

from password-manager.

That two cookies only matters when you try to login with pin. But you just
said you can't login normally.

Btw I don't think the cookie is a problem, take a look at the year shown in
the expiration date. It should be year 2026.

On Thursday, 17 March 2016, nickbe <[email protected]
javascript:_e(%7B%7D,'cvml','[email protected]');> wrote:

ok I tried everything, but nothing works.
But I just saw that when I start the password-manager then there are two
cookies:
device + username.
Both are expired the moment I open or refresh the site. So when I open the
site at 22:23 then
the cookie expires at 22:23, but on the 15th of march. Somethings wrong
here!

—
You are receiving this because you modified the open/close state.
Reply to this email directly or view it on GitHub
#25 (comment)

from password-manager.

Yes you're right with the cookies.

from password-manager.

What I don't understand is why does it work with your site but not with my local one.
Is there a way to see what's going on like with a logfile or something?

from password-manager.

This is the environment for my demo:
https://sourceforge.net/p/forge/documentation/Project%20Web%20Services/
This is the database:
https://sourceforge.net/p/forge/documentation/Project%20Database/
As I said, the demo is just v9.08 with dbname, dbuser and dbpassword added.

Please debug as follows:

• drop your database and create a new database, import initial.sql
• Create an account (sign up)
• login to your database and see whether your account is there
• login password manager
• create a pin
• go to your database and open pin table. If your pin is set, there should be an entry with device identical to your device in cookie.
• logout password manager.

If the above steps go smoothly, you should see a PIN window...
If not, open your developer tool and search in index.php, you should have the <script></script>section. Which looks like:

var JSsalt='iunin19dnu9ismcj9IUNuia,cne9e389]{}{}[]*@key'; var PWSalt='ncew8d7*(e8fyh2inc osd2)wefcsBIUsdfq2as;dqw[;[]]'; $("#usepin").on("hidden.bs.modal", function () { $("#user").focus(); }); $(function(){ if(getcookie('device')!="") { if(1==1) { $("#usepin").modal("show"); $("#pin").focus(); } else{ delpinstore(); $("#user").focus(); } } else $("#user").focus(); ... setTimeout(process,50); }); });

if you see 0==1 instead of 1==1, there should be some strange problem. Please let me know you see 0==1 or 1==1

from password-manager.

I just did a fresh install including a fresh database.
I signed up... but could not even login with the same password !?

from password-manager.

After deleting all cookies for localhost I can login now. testing....

Cookie 'device' is identical to entry in pin table. logging out...
Device ID is: cagpvpkgt

And this is what the page source looks like: Very very strange:

var JSsalt='iunin19dnu9ismcj9IUNuia,cne9e389]{}{}[]*@key';
var PWSalt='ncew8d7*(e8fyh2inc osd2)wefcsBIUsdfq2as;dqw[;[]]';
$("#usepin").on("hidden.bs.modal", function () {
    $("#user").focus();
});
$(function(){
    if(getcookie('device')!="")
    {
        if(1==<br />
<font size='1'><table class='xdebug-error xe-notice' dir='ltr' border='1' cellspacing='0' cellpadding='1'>

from password-manager.

Shit! I found the problem. I was running PHP7. Everything seems fine except the part you mentioned.
After switchin to 5.6 the pin login appears. The interesting thing would be to know what went wrong here. Obviously the PHP code inside the <script> tag does not work as expected....

from password-manager.

Interesting

Could you paste full text for the php error?
<br /> <font size='1'><table class='xdebug-error xe-notice' dir='ltr' border='1' cellspacing='0' cellpadding='1'>
I mean the part after this.

Yes, I wrote the project in 5.3 and seems 7.0 has some major change:
http://php.net/manual/en/migration70.php

from password-manager.

Sure here it comes. This is the complete <script> part when it's generated by PHP7:

<script type="text/javascript">
var JSsalt='iunin19dnu9ismcj9IUNuia,cne9e389]{}{}[]*@key';
var PWSalt='ncew8d7*(e8fyh2inc osd2)wefcsBIUsdfq2as;dqw[;[]]';
$("#usepin").on("hidden.bs.modal", function () {
    $("#user").focus();
});
$(function(){
    if(getcookie('device')!="")
    {
        if(1==<br />
<font size='1'><table class='xdebug-error xe-notice' dir='ltr' border='1' cellspacing='0' cellpadding='1'>
<tr><th align='left' bgcolor='#f57900' colspan="5"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Notice: Undefined variable: PIN_EXPIRE_TIME in U:\UwAmp5\www\passwords\index.php on line <i>24</i></th></tr>
<tr><th align='left' bgcolor='#e9b96e' colspan='5'>Call Stack</th></tr>
<tr><th align='center' bgcolor='#eeeeec'>#</th><th align='left' bgcolor='#eeeeec'>Time</th><th align='left' bgcolor='#eeeeec'>Memory</th><th align='left' bgcolor='#eeeeec'>Function</th><th align='left' bgcolor='#eeeeec'>Location</th></tr>
<tr><td bgcolor='#eeeeec' align='center'>1</td><td bgcolor='#eeeeec' align='center'>0.0010</td><td bgcolor='#eeeeec' align='right'>375192</td><td bgcolor='#eeeeec'>{main}(  )</td><td title='U:\UwAmp5\www\passwords\index.php' bgcolor='#eeeeec'>...\index.php<b>:</b>0</td></tr>
<tr><td bgcolor='#eeeeec' align='center'>2</td><td bgcolor='#eeeeec' align='center'>0.0010</td><td bgcolor='#eeeeec' align='right'>385064</td><td bgcolor='#eeeeec'>usepin(  )</td><td title='U:\UwAmp5\www\passwords\index.php' bgcolor='#eeeeec'>...\index.php<b>:</b>108</td></tr>
</table></font>
1) {
            $("#usepin").modal("show");
            $("#pin").focus();
        }
        else{
            delpinstore();
            $("#user").focus();
        }
    } else $("#user").focus();
    $("#pinloginform").on('submit',function(e){
        var pin;
        e.preventDefault();
        $("#pinerrorhint").hide();
        $("#pinlogin").attr("disabled", true);
        $("#pinlogin").val("Wait");
        pin=$("#pin").val();
        $.post("getpinpk.php",{user:getcookie('username'),device:getcookie('device'),sig:String(CryptoJS.SHA512(String(CryptoJS.SHA512(pin+localStorage.pinsalt))+"2016031710045259910"))},function(msg){
            if(msg == '0') {$("#usepin").modal("hide");delpinstore();$("#user").focus();return;}
            if(msg == '1') {$("#pin").val('');$("#pinerrorhint").show();$("#pinlogin").attr("disabled", false);$("#pinlogin").val("Login"); return;}
            pwdsk=decryptchar(localStorage.en_login_sec,pin+msg);
            confkey=decryptchar(localStorage.en_login_conf,pin+msg)
            $.post("check.php",{pwd:String(CryptoJS.SHA512(String(CryptoJS.SHA512(pbkdf2_enc(pwdsk,JSsalt,500)+getcookie('username')))+"2016031710045259910")),  user: getcookie('username')},function(msg){
                if(msg!=9) {$("#usepin").modal("hide");delpinstore();$("#user").focus();return;}
                setpwdstore(pwdsk,confkey,'ncew8d7*(e8fyh2inc osd2)wefcsBIUsdfq2as;dqw[;[]]');
                window.location.href="./password.php";
            });
        });
    });
    $("#loginform").on('submit',function(e){
        e.preventDefault();
        $("#chk").attr("disabled", true);
        $("#chk").attr("value", "Wait");
        function process(){
        var user = $("#user").val();
        var pwd = $("#pwd").val();

        var secretkey='';
        var confkey='';
        var login_sig=String(pbkdf2_enc(reducedinfo(pwd,'RSTUVWXYZabcdefgABCDEFGHIJKLMNOPQhijklmnopqrstuvwxyz0123456789*=+~-'),JSsalt,500));
        secretkey=login_sig;
        login_sig=pbkdf2_enc(login_sig,JSsalt,500);
        $.post("check.php",{pwd:String(CryptoJS.SHA512(String(CryptoJS.SHA512(login_sig+user))+"2016031710045259910")),  user: user},function(msg){
        $(".errorhint").hide();
        if(msg==0){
                $("#nouser").show();
                $("#chk").attr("value", "Login");
                $("#chk").attr("disabled", false);
        }else
        if(msg==1){
                $("#pwderr").show();
                $("#chk").attr("value", "Login");
                $("#chk").attr("disabled", false);
        }else
        if(msg==4){
                $("#othererror").show();
                $("#chk").attr("value", "Login");
                $("#chk").attr("disabled", false);
        }else
        if(msg==7){
                $("#blockip").show();
        }else
        if(msg==8){
                $("#accountban").show();
                $("#chk").attr("value", "Login");
                $("#chk").attr("disabled", false);
        }else{
                confkey=pbkdf2_enc(String(CryptoJS.SHA512(pwd+secretkey)),JSsalt,500);
                setCookie("username",user);
                setpwdstore(secretkey,confkey,'ncew8d7*(e8fyh2inc osd2)wefcsBIUsdfq2as;dqw[;[]]');
                window.location.href="./password.php";
        }
        });
        }
        setTimeout(process,50);
    });
});
</script>

from password-manager.

could you try to remove line 6 in index.php require_once('function/config.php'); and see whether this problem happens in php7?

from password-manager.

OK I know. in index.php, usepin() function, add a line global $PIN_EXPIRE_TIME; at the beginning of the function.

Your problem will be solved in PHP7

from password-manager.

Just tried
global $PIN_EXPIRE_TIME;
and it worked. What's going on here? I didn't know global variables are any different from PHP 6.5

from password-manager.

btw. why does the backup generation take so long?

from password-manager.

It's not an error but a notice. You can set a higher error prompt level in
php7 so it won't come up. Actually the php7 gives value 1 after the error
prompt.

Maybe php7 has a more strict requirements on grammar

On Thursday, 17 March 2016, nickbe [email protected] wrote:

Just tried
global $PIN_EXPIRE_TIME;
and it worked. What's going on here? I didn't know global variables are
any different from PHP 6.5

—
You are receiving this because you modified the open/close state.
Reply to this email directly or view it on GitHub
#25 (comment)

from password-manager.

Okay.

It would be nice if you could bring back the menubar together with the fix :)
Pleeeeeeeeeaaase.
(Just visited you website Jeffery :) It's nice to finally have a name and a face )

from password-manager.