Hi all, I found little bug in ISPConfig. When I add a new mysql database and user from API (sites_databas_add), database is created successfuly, but problem is with mysql user creation. The password inserted to web_database table is hashed and the mysql user is creating whith second time hashed password like: Code: GRANT ALL ON user.* TO 'user'@'%' IDENTIFIED BY PASSWORD 'dfba8efa6df7c40e47231401ae555594' So, password is stored hashed and is hashing second time while inserting new sql user. This cause problem, mysql user is not created. First hashed password string is too long for sql passwd format. I hope, you understand what I mean Please, could you help me where I can fix this problem?
The problem is in your script, if you update a mysql database without settings a new password, then the mysql password field in the params array has to be empty.
sorry, but I dont undestand what you mean Here is my code to create a NEW mysql database: Code: $params = array( 'server_id' => $server_id, 'type' => 'mysql', 'database_name' => 'd'.$domain_id.$mysql_login, 'database_user' => 'd'.$domain_id.$mysql_login, 'database_password' => $mysql_heslo, 'database_charset' => $mysql_charset, 'remote_access' => 'y', 'remote_ips' => '%', 'active' => $mysql_aktivne, ); try { $first = $client->client_get_id($session_id,$ADM_User->ispid); $res = $client->sites_database_add($session_id, $first, $params); return $res; } catch (SoapFault $e) { return $e->getMessage(); } where is the problem? I posting a database_password in PLAIN TEXT, wthout any hash, but in ispcp database (domain_database) is insering hashed
Ok, then I misunderstood you. If you enter a plaintext password in the api, then it is ok. Thats correct and working fine, as the password is stored hashed in the database for security reasons. This has been changed in ISPConfig 3.0.4.2, so its ok that it is hashed now as the code that craetes the database has been modified too to use hashed passwords. The mysql user is not created with a second time hashed password, please see mysql manual for details of the grant command syntax. If you provide the keyword "PASSWORD" in front of the password, then mysql is expecting a already hashed password and is not hashing it again. So what you posted here and what ispconfig is doing is correct: GRANT ALL ON user.* TO 'user'@'%' IDENTIFIED BY PASSWORD 'dfba8efa6df7c40e47231401ae555594' while this would be wrong: GRANT ALL ON user.* TO 'user'@'%' IDENTIFIED BY 'dfba8efa6df7c40e47231401ae555594' as it would instruct mysql to hash the password again.
The result of this GRANT command is: Password hash should be a 41-digit hexadecimal number (in Phpmyadmin entered by hand) So, is problem in mysql settings or somewhere else?
Which ISPConfig version do you use for your development? Therew as a bug in the sites_database_add encryption which has been fixed in svn stable already. You might want to update your system to the 3.0.4 svn stable branch: svn export svn://svn.ispconfig.org/ispconfig3/branches/ispconfig-3.0.4
I try to update first ispconfig on mysql server (I have separately mysql server and webserver with ispconfig) and if this not solve the problem, I try to update master ispconfig version... Thanks for tip
Update of ispconfig master server solved this problem. I had last 3.0.4.2 version, but I download svn version and update current instalation and problem was solved. Thanks for your help!
I had exactly the same problem on ISPConfig 3.0.4.2 that upgraded on 15th January 2012. I downloaded svn and replaced three files below. remoting.inc.php remoting_lib.inc.php functions.inc.php The above files are stored in /usr/local/ispconfig/interface/lib/classes/ Hope this helps.
