Web console login errors

denellum · May 14, 2016, 5:05pm

I’ve applied the few fixes this morning and now i am getting a failed password when trying to log into the webconsole :

Here is auth.log :
May 14 18:59:01 sb CRON[6933]: pam_unix(cron:session): session opened for user denellum by (uid=0)
May 14 18:59:01 sb CRON[6933]: pam_unix(cron:session): session closed for user denellum

Telling me password is incorrect, this isn’t a huge deal, but dont know why now it’s not working.

JMSolo · May 14, 2016, 5:19pm

Thanks for the report. I’ll look into this now that most of the days updates and enhancements are out of the way.

Are you attempting to login as your master account? And have you used the changeUserPass command?
The password can be checked at /home/your_username/.console/index.php up at the top of the file you’ll see $PASSWORD = 'your_password';

denellum · May 14, 2016, 6:29pm

when i vi i get :

“/home/denellum/.console/index.php” [Incomplete last line] 5618 lines, 279213 characters

The password had some random string in it It was as if my password was put in wrong. example :

say password was Password1234
it was set to Password12console-password34

JMSolo · May 14, 2016, 6:35pm

oh that’s strange. I’ll try to duplicate that in a fresh install. None of the recent updates touch the ./console/index.php, so I will see where this may be happening.

I think this may be sed counting characters and adding in, rather than changing… but it may only be happening if a password is as you described ‘Password1234’

Just for reference, here is what the function looks like that adjusts those lines:

function _quickconsole() {
  CONSOLEIP=$(curl -s http://ipecho.net/plain || curl -s http://ifconfig.me/ip ; echo)
  sed -i -e "s/console-username/${username}/g" \
         -e "s/console-password/${password}/g" \
         -e "s/ipaccess/$CONSOLEIP/g" /home/${username}/.console/index.php
}

Just tried it …

by changing ‘console-password’ within the file with the given command using ‘Password1234’ and it put in the proper password. So it may had been from how it reads the password in the script.

Via this function:

  echo -n "Password: (hit enter to generate a password) "; read password
  if [[ ! -z "${password}" ]]; then
    echo "setting password to ${password}"
    passwd=${password}
    echo "${username}:${passwd}" | chpasswd >>"${OUTTO}" 2>&1
    (echo -n "${username}:${REALM}:" && echo -n "${username}:${REALM}:${passwd}" | md5sum | awk '{print $1}' ) >> "${HTPASSWD}"
  else
    echo "setting password to ${genpass}"
    passwd=${genpass}
    echo "${username}:${passwd}" | chpasswd >>"${OUTTO}" 2>&1
    (echo -n "${username}:${REALM}:" && echo -n "${username}:${REALM}:${passwd}" | md5sum | awk '{print $1}' ) >> "${HTPASSWD}"
  fi

Although, even this should be the same as a plain text password, plain text only in the context of adding to /etc/htpasswd during initial script run as it is hashed once added to the htpasswd file.

I’ll keep trying to duplicate this.

denellum · May 14, 2016, 6:46pm

Thanks just trying to report as many things as i can.