[quote=WoWRosterDF\addons\siggen\index.php lines 93-99]
- Code: Select all
// ----[ Check for password in roster conf ]----------------
if( empty($roster_conf['roster_upd_pw']) )
{
print errorMode($siggen_locale[$roster_conf['roster_lang']]['no_pass_error'],$siggen_locale[$roster_conf['roster_lang']]['no_pass_error_t']);
return;
}
// ----[ End Check for password in roster conf ]------------
[/quote]
It checks if there is a value in the roster_upd_pw database field.
Looking at the database, it has no value. So what would be the solution? Change the password!
Now let's look at the password change code.
[quote=WowRosterDF\admin\index.inc lines 307-331]
- Code: Select all
<!-- Begin Password Change Box -->
<form action="'.$script_filename.'" method="post" enctype="multipart/form-data" id="conf_change_pass" onsubmit="submitonce(this)">
'.border('sred','start','Change Roster Password').'
<table class="bodyline" cellspacing="0" cellpadding="0">
<tr>
<td class="membersRow1">Old Password:</td>
<td class="membersRowRight1"><input class="wowinput128" type="password" name="old_password" value="" /></td>
</tr>
<tr>
<td class="membersRow2">New Password:</td>
<td class="membersRowRight2"><input class="wowinput128" type="password" name="new_password1" value="" /></td>
</tr>
<tr>
<td class="membersRow1">New Password<br />[ confirm ]:</td>
<td class="membersRowRight1"><input class="wowinput128" type="password" name="new_password2" value="" /></td>
</tr>
<tr>
<td colspan="2" class="membersRowRight2" valign="bottom"><div align="center">
<input type="hidden" name="process" value="change_pass" />
<input type="submit" value="Change" /></div></td>
</tr>
</table>
'.border('sred','end').'
</form>
<!-- End Password Change Box -->
[/quote]
That is the form for changing the password.
[quote=WowRosterDF\admin\index.inc lines 45-62]
- Code: Select all
// ----[ Decide what to do next ]---------------------------
if( isset($_POST['process']) && $_POST['process'] != '' )
{
switch ( $_POST['process'] )
{
case 'process':
$roster_diag_message = processData();
break;
case 'change_pass';
$ret_pass = changePassword();
$roster_diag_message = $ret_pass;
default:
break;
}
}
// ----[ End Decide what to do next ]-----------------------
[/quote]
The important part of this is the change_pass case. It calls for the function changePassword(). Let's take a look at it.
[quote=WowRosterDF\admin\index.inc lines 563-622]
- Code: Select all
function changePassword( )
{
global $wowdb, $script_filename;
// Get the current password
$sql = "SELECT `config_value` FROM `".ROSTER_CONFIGTABLE."` WHERE `config_name` = 'roster_upd_pw'";
$result = $wowdb->query($sql);
if( $result && $wowdb->num_rows($result) > 0 )
{
$row = $wowdb->fetch_assoc($result);
$db_pass = $row['config_value'];
}
else
{
return '<span style="font-size:11px;color:red;">Could not get old password from db</span>';
}
// Check for blank passwords
if( $_POST['new_password1'] == '' || $_POST['new_password2'] == '' )
{
return '<span style="font-size:11px;color:red;">Roster does not allow blank passwords</span>';
}
// Check if the submitted passwords match
if( $_POST['new_password1'] == $_POST['new_password2'] )
{
// Check if the passwords match the db
if( md5($_POST['old_password']) == $db_pass )
{
// Check if the submitted pass matches the db pass
if ( md5($_POST['new_password1']) == $db_pass )
{
return '<span style="font-size:11px;color:red;">New password same as old password</span>';
}
else
{
if( $wowdb->query("UPDATE `".ROSTER_CONFIGTABLE."` SET `config_value`='".md5($_POST['new_password1'])."' WHERE `config_name`='roster_upd_pw';") )
{
$title = 'Roster Password changed';
$message = '<div style="width=100%" align="center">Your new password is<br /><br /><span style="font-size:11px;color:red;">'.$_POST['new_password1'].'</span><br /><br />Remember this, do NOT lose it!<br /><br />';
$message .= 'Click <form style="display:inline;" name="roster_logout" action="'.$script_filename.'" method="post"><input type="hidden" name="logout" value="1" />[<a href="javascript: document.roster_logout.submit();">HERE</a>]</form> to continue</div>';
message_die($message,$title);
}
else
{
return '<span style="font-size:11px;color:red;">Roster Password NOT changed</span><br />There was a database error<br />'.$wowdb->error();
}
}
}
else
{
return '<span style="font-size:11px;color:red;">Old password was incorrect, password not changed</span>';
}
}
else
{
return '<span style="font-size:11px;color:red;">New passwords do not match</span>';
}
}
[/quote]
The following two lines are important:
- Code: Select all
// Check if the passwords match the db
if( md5($_POST['old_password']) == $db_pass )
It does an md5 check on the "old password" you entered and compares it to the md5 hash stored in the database.
Since the password is empty, you leave the 'old password'-box empty.
But what does an md5 on so-called 'nothing' result in?
- Code: Select all
d41d8cd98f00b204e9800998ecf8427e
And what is stored in the database? Nothing!
So it's logical that the 'old password'-check results in an error. d41d8cd98f00b204e9800998ecf8427e isn't equal to nothing.
You can solve this by entering phpMyAdmin and changing the field to the hash above, or with your prefered database tool.
So, it isn't a bug in SigGen, but a bug in the WoWRoster installation (database part).
Fix it, devs
EDIT
After doing the fix, you can change the password successfully, you can go to SigGen config. It will note you that the database table isn't found, and will offer you to install. Click on the button and it wil successfully install.
