[imp] quickly going blind here ... more on cram-md5 ...
Marc G. Fournier
scrappy@hub.org
Fri, 15 Feb 2002 20:57:05 -0400 (AST)
On Fri, 15 Feb 2002, Chuck Hagenbuch wrote:
> Quoting "Marc G. Fournier" <scrappy@hub.org>:
>
> > So, its hitting imp/redirect.php, doing an authenticate, and finds that
> > thta works ... then its hitting /login.php, does it again, through the
> > same function, and from what I can tell, the exact same values, which then
> > fails ...
>
> Are you _sure_ the passwords match? Are you logging the encrypted (stored in
> session) or decrypted passwords?
Okay, I *thought* they matched right now, but I just added a bit more
debugging to confirm ...
first pass through /imp/redirect.php:
/usr/local/www/horde/imp/lib/IMP.php: 280 /imp/redirect.php
/usr/local/www/horde/imp/lib/IMP.php: 281 IMP:authenticate -> flags=64
/usr/local/www/horde/imp/lib/IMP.php: 333: $imp['pass'] == g14AAA==#2arHVOOuWvX1
/usr/local/www/horde/imp/lib/IMP.php: 334: Secret::read(Secret::getKey('imp'), $imp['pass'])) == hordetest
Second pass, t hrough login.php:
/usr/local/www/horde/imp/lib/IMP.php: 280 /login.php
/usr/local/www/horde/imp/lib/IMP.php: 281 IMP:authenticate -> flags=64
/usr/local/www/horde/imp/lib/IMP.php: 333: $imp['pass'] == g14AAA==#2arHVOOuWvX1
/usr/local/www/horde/imp/lib/IMP.php: 334: Secret::read(Secret::getKey('imp'), $imp['pass'])) == ÿ^DÈÀÒ M-^RM- y
The values' of $imp['pass'] are identical, but the 'Secret::read..' value
is different ... so the second time through its not decoding properly?
Going one step further, I just added some debuggin for the 'getKey' part:
First pass:
Secret::getKey('imp') == 73e2d2e834174eaea863b5ea25a7a261
Second pass:
Secret::getKey('imp') == d5c5f8b72441343dafd9ea89228e9aa9
Thoughts?