On Sat, Oct 11, 2008 at 5:15 PM, dbee <[EMAIL PROTECTED]> wrote:
>
> Been using django for sometime - never had any serious issues with it
> as a framework. Now, all of a sudden it won't allow me to login.
>
> I'm beginning to wonder if perhaps someone hasn't hacked the server
> and done some messing about with the backend ....
>
> Environment:
>
> [snipped]
File "/usr/lib/python2.3/site-packages/django/contrib/auth/models.py"
> in check_password
> 204. return check_password(raw_password, self.password)
> File "/usr/lib/python2.3/site-packages/django/contrib/auth/models.py"
> in check_password
> 54. algo, salt, hsh = enc_password.split('$')
>
> Exception Type: ValueError at /xlogin/
> Exception Value: unpack list of wrong size
>
> I run 4 django apps, none of them will login properly. It must be the
> backend that's gone wrong. If this happened to your system, what would
> you suspect ?
>
> Also, how do i fix it ? I took a django version from trunk (.97) and i
> never got the official version number. Seems now that this info is
> gone and I won't be able to recover. Can anyone give me a 'heads-up'
> here ?
>
Check the value for your password directly in the database's auth_user
table. It should be something like:
sha1$74b40$a4d2a822b5e065797322c85d0f3881cab87f06bc
(Where 'sha1' may be 'md5', depending (I'm guessing) on the age of your
installation.) What's tripping the code up is it is expecting exactly two
$'s in the string, but it seems yours has either too few or too many.
The actual value may shed some light as to what's gone wrong. Something
like "HAHA$!CRACKEDYOURDB" would certainly make me suspect unauthorized
access. Something that almost looks right might make me wonder about a code
bug, but I don't recall ever hearing anyone report a problem like this so
that seems a remote possibility.
Have you tried multiple different users and they all have the same issue?
Do your 4 different apps have different auth_user tables or are they all
sharing the same one?
As for recovery, there is a command line utility to create a superuser,
see:
http://docs.djangoproject.com/en/dev/topics/auth/#creating-superusers
That page mentions both the older and newer versions of the command, one of
them should work for your indeterminate level of after 0.96 but before 1.0.
So you can get back in with a new superuser account.
But...given it does appear that your DB has had some corruption, a new
superuser account may not fix it all. I'd look at the database directly to
see if it's just your user's password that is affected or all users, whether
other tables look ok, etc. I'd also be reloading from backups to figure out
when this happened, and what else might have been changed around the same
time.
Karen
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
