-
Bug
-
Resolution: Fixed
-
Blocker
-
2.5
-
MOODLE_25_STABLE
-
MOODLE_25_STABLE
-
git@github.com:totara/moodle.git
-
master_
MDL-38102 -
On MacOS 10.7.3, PHP 5.3.8. A moodle_exception is raised while trying to hash the old MD5 password after login:
Debug info:
|
Error code: Failed to generate password hash.
|
$a contents:
|
Stack trace:
|
|
line 4457 of /lib/moodlelib.php: moodle_exception thrown
|
line 4492 of /lib/moodlelib.php: call to hash_internal_user_password()
|
line 4418 of /lib/moodlelib.php: call to update_internal_user_password()
|
line 62 of /auth/manual/auth.php: call to validate_internal_user_password()
|
line 4199 of /lib/moodlelib.php: call to auth_plugin_manual->user_login()
|
line 133 of /login/index.php: call to authenticate_user_login()
|
- The $password passed is test
- The $hash right before the line '$ret = crypt(...)' is: $2y$10$yKPv9N0zLo7fEzVZKV4npL
- The $ret is then: $2rcByx51ejoM
- And the exception is raised.
That also made me realise that if this function returns null, which can happen, we would (try to) save a null password in the database.
Worse case scenario we should probably output a debug developer notice and fallback on the MD5() to prevent websites to be broken because of an empty hash.
I don't have the logs here any more, but I'll post more details here if I have more information.