Hello/Hi/Greetings,
Hi there, we just setup piwigo using the Ldap_Login extension, and while we are overall thrilled we do have some concerns we were hoping could get addressed here. Piwigo stores user values in the table piwigo_users. After logging in with LDAP, there is a placeholder value in the Password column that does not correlate to the passwords MD5 hash. Basically, what is that value being stored and can it in anyway be correlated to a plain text value? I am under the impression that value is acting as an ID to correlate you to the object in AD and authentication methods are never actually stored locally? At least I would hope thats the case?
Anything helps here.
Environment
Piwigo 13.1.0 Check for upgrade
Installed on 21 October 2022, 5 days ago
Operating system: Linux
PHP: 7.4.3 (Show info) [2022-10-27 12:35:14]
MySQL: 5.5.5-10.3.34-MariaDB-0ubuntu0.20.04.1 [2022-10-27 12:35:14]
Graphics Library: External ImageMagick 6.9.10-23
Cache size 26.4 Mo calculated 22 hours ago Refresh
Activated plugin list 9
Admin Tools
Community
Embedded Videos
Language Switch
Ldap_Login
Personal Plugin
Read Metadata
VideoJS
Write Metadata
Offline
Ok I did some digging and came across these lines in main.inc.php
root@tybee:/var/www/html/piwigo/plugins/Ldap_Login# cat main.inc.php |grep '$password'
$password = substr( str_shuffle( $chars ), 0, $length );
return $password;
function login($success, $username, $password, $remember_me){
* @param string $password
if(strlen(trim($username)) == 0 || strlen(trim($password)) == 0){
if (!($user_dn && $obj->ldap_bind_as($user_dn,$password) &&
And my interpretation is that the password value that is stored is a unique, random string just to fill space. Thoughts?
Offline