Commit 9fd1bab9 authored by Steffen Ritter's avatar Steffen Ritter Committed by Helmut Hummel
Browse files

[!!!][BUGFIX] *_user table password field is to short

When using the hash-algorithm "blowfish" in saltedpasswords
the hash is 60 chars long - therefore the field length has
been set to 60 characters in SQL, too.
Actually when converting old MD5 passwords to salted
copies, an additional identifer char (M or C) is added to
the hash which results in a 61 character hash.

The result is that login is not possible anymore after
converting the passwords like suggested by the reports
module - the database field has to be increased.

To be safe and because varchar only takes as much space
as really needed increase the field length to 100 chars.

Change-Id: I70646fe7939d41f1a7056376a85c506d10148480
Fixes: #39356
Releases: 4.5, 4.6, 4.7, 6.0
Reviewed-on: http://review.typo3.org/13324
Reviewed-by: Oliver Klee
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
parent f835b377
......@@ -58,7 +58,7 @@ CREATE TABLE be_users (
pid int(11) unsigned DEFAULT '0' NOT NULL,
tstamp int(11) unsigned DEFAULT '0' NOT NULL,
username varchar(50) DEFAULT '' NOT NULL,
password varchar(60) DEFAULT '' NOT NULL,
password varchar(100) DEFAULT '' NOT NULL,
admin tinyint(4) unsigned DEFAULT '0' NOT NULL,
usergroup varchar(255) DEFAULT '' NOT NULL,
disable tinyint(1) unsigned DEFAULT '0' NOT NULL,
......
......@@ -110,7 +110,7 @@ CREATE TABLE fe_users (
pid int(11) unsigned DEFAULT '0' NOT NULL,
tstamp int(11) unsigned DEFAULT '0' NOT NULL,
username varchar(50) DEFAULT '' NOT NULL,
password varchar(60) DEFAULT '' NOT NULL,
password varchar(100) DEFAULT '' NOT NULL,
usergroup tinytext,
disable tinyint(4) unsigned DEFAULT '0' NOT NULL,
starttime int(11) unsigned DEFAULT '0' NOT NULL,
......
......@@ -4,7 +4,7 @@ if (!defined('TYPO3_MODE')) {
}
t3lib_div::loadTCA('fe_users');
$GLOBALS['TCA']['fe_users']['columns']['password']['config']['max'] = 60;
$GLOBALS['TCA']['fe_users']['columns']['password']['config']['max'] = 100;
if (tx_saltedpasswords_div::isUsageEnabled('FE')) {
......@@ -24,7 +24,7 @@ if (tx_saltedpasswords_div::isUsageEnabled('FE')) {
t3lib_div::loadTCA('be_users');
$GLOBALS['TCA']['be_users']['columns']['password']['config']['max'] = 60;
$GLOBALS['TCA']['be_users']['columns']['password']['config']['max'] = 100;
if (tx_saltedpasswords_div::isUsageEnabled('BE')) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment