Is database password encryption different between 2.n & 3.n? Topic is solved

Need help with the Administration of your Joomla! 2.5 site? This is the spot for you.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
viking9
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Feb 15, 2012 5:11 pm

Is database password encryption different between 2.n & 3.n?

Post by viking9 » Thu Nov 12, 2020 12:19 am

I used the SQL command line (from server root) to set the password to the (full) database (used by several sites on this server), an act which required using the PASSWORD() function. (MariaDB refuses to use MD5() on a field set to hold passwords.)

After I did this, the Joomla! 3.n sites still worked, but all those pre-3 sites now fail to get access to the database. One site says "You are not authorised [sic] to view this resource." The others simply show the homepage, but without menus, breadcrumbs, etc., and if you try to go directly to an article, you get that not-authorized message there, too.

The problem I notice is that Joomla! uses/expects the old, insecure MD5() function, particularly when dealing with site administrators' passwords.

Is this normal? And is there any way around it? Those pre-3 sites cannot be migrated to later versions (owners don't have the resources).

And, before anyone suggests:
(1) no, no file or directory permissions changed;
(2) changing passwords within the Joomla! tables has no effect [MD5() is required: it breaks when using PASSWORD()];
(3) changing the '==' to '=' within the test in the login php script did not fix anything;
(4) administrator logins on all non-3.n Joomla! sites accept the correct user/password, but simply loop back to the login screen;
(5) the value(s) in configuration.php for each of those sites is correct—the main password is the same as the one used for the whole database (only the encryption function changed);
(6) changing config.inc.php didn't change the bad behavior, whether setting user and password, or setting it to allow connections without password.

Thanks for any help!

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22841
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: Is database password encryption different between 2.n & 3.n?

Post by pe7er » Thu Nov 12, 2020 9:29 am

In the past Joomla indeed used MD5 for encrypting its passwords. Since Joomla 3.2 Joomla uses BCrypt: https://docs.joomla.org/How_to_disable_ ... ds_feature
When a user logs in (in Joomla 3.2 or higher) and their password is still MD5 encrypted, it will be converted to a BCrypt encrypted password.

As far as I know there's no fix for Joomla 2.5 that does the same. And support for Joomla 2.5 ended December 2014, so almost 6 years ago: https://docs.joomla.org/Joomla!_CMS_versions
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 27296
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: Is database password encryption different between 2.n & 3.n?

Post by Per Yngve Berg » Thu Nov 12, 2020 1:39 pm

Is the version of php updated on the server?

J2.5 does not run on php 7.x
You must stay on 5.6

As those old php versions are removed from the server by your host, you will no longer be able to run the 2.5 sites.

viking9
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Feb 15, 2012 5:11 pm

Re: Is database password encryption different between 2.n & 3.n?

Post by viking9 » Thu Nov 12, 2020 7:34 pm

The versions of php available on the server have been updated to include 7.x, but 5.6 wasn't removed. 7.x is the preferred version. I can still access the databases, with all the Joomla! tables and rows.

Sorry, this extends my original question, but, is there a way/is it possible to backup and remove the site's database, slip an installation of Joomla! 3.x onto that site, then update the database with the values from the original site? It's the menus and articles that I'm mainly concerned about.

All the installations of Joomla have been so stable, I've never (ever) had to contend with any breaks.

Og hilsen fra Amerika til mine norske fettere!

viking9
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Feb 15, 2012 5:11 pm

Re: Is database password encryption different between 2.n & 3.n?

Post by viking9 » Thu Nov 12, 2020 7:42 pm

BTW 1, at least 3 of the sites involved were set up 7 years ago, and have been running without problem, till now. It's not going to be easy to convince the owners they need to upgrade...

BTW 2, the MySQL command-line op to set the phpMyAdmin password was completely standard:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('new_password');

The "new_password" is exactly the same as that in the configuration.php in the web directory of each of the sites.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 27296
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: Is database password encryption different between 2.n & 3.n?

Post by Per Yngve Berg » Thu Nov 12, 2020 7:49 pm

It's unclear weather the issue is the username and password that Joomla uses to login to the database or the user table in Joomla for users that you login to Joomla with.

What @pe7er is talking about is users defined in Joomla.

Is the database version been updated? Cannot Joomla access the database?

https://docs.joomla.org/Joomla_and_MySQL_8

I don't know which version of MariaDB that correspond to Mysql 8.

Note: Using root user in the database is not a good idea. Create a separate user for the site.

Are all sites updated to Joomla version 2.5.28?

viking9
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Wed Feb 15, 2012 5:11 pm

Re: Is database password encryption different between 2.n & 3.n?

Post by viking9 » Sat Nov 14, 2020 3:04 am

PROBLEM SOLVED.

It is a bug with the way the CentOS server I'm on will mistakenly propagate a resetting of the default PHP version throughout all the existing vsites, despite the fact that they already have specific PHP versions set, versions that are still installed, working and should be readily available.

Once the default PHP version was set back from 7.0 to 5.6, the Joomla! errors of all its versions (and those errors being expressed by some other software that had been installed on some vsites) disappeared.

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22841
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: Is database password encryption different between 2.n & 3.n?

Post by pe7er » Sat Nov 14, 2020 11:15 am

Great! Good to hear that you've solved it. Thanks for sharing your solution!
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com


Post Reply

Return to “Administration Joomla! 2.5”