From: dboeke at eesus dot jnj dot com
Operating system: Win2k Server ver 5.0.2195 SP4
PHP version: 5.0.4
PHP Bug Type: OCI8 related
Bug description: OCI_Password_Change fails to change password
Description:
------------
I am using the binary download of php 5.04 for win32 platforms. It is
running as a CGI under Apache/2.0.52. The only extension that I have
loaded is php_oci8.dll [Revision: 1.257.2.6]
The Windows 2000 Server that PHP is running on has the Oracle9i 9.2.0.1.0
Server and Client installed.
The Oracle server that we are connecting to is running Oracle 8i
Enterprise 8.1.7.2.0 on Unix. This server has complexity rules set
(minimum password length of 6 and passwords must have 3 levels of
complexity: letters, numbers and special chars)
We created a webpage for users to be able to change their oracle password.
It has worked for almost all users. However, we have a user that had a
password: Ddnn!$52
He was unable to change the password, even though he could logon to oracle
through SqlPlus with the password. The OCI_Change_Password function
returned the oracle error: ORA-28008: invalid old password.
This means that the PHP script successfully authenticated him using
$conn=oci_new_connect($userID, $oldPwd, $oraSid); function but the
oci_password_change($conn, $userID, $oldPwd, $newPwd); using the same
variable values was unable to properly authenticate to oracle?
Also, I discovered while I was testing, that when I changed my password
(using the webform) to Ddnn!$52, that I could no longer log into oracle
via any means. It seems like the value of the old/new password is
possibly being changed by the oci_password_change function.
Reproduce code:
---------------
<?php
if (isset($_POST['ibtnSubmit'])) {
$oraSid = stripslashes($_POST['itxtOraSID']);
$userID = stripslashes($_POST['itxtUserID']);
$oldPwd = stripslashes($_POST['ipwdOld']);
$newPwd = stripslashes($_POST['ipwdNew']);
$conn = @oci_new_connect($userID, $oldPwd, $oraSid);
if ($conn) {
$result = @oci_password_change($conn, $userID, $oldPwd,
$newPwd);
$e = ($result) ? array('message'=>'Success') : oci_error($conn);
@oci_close($conn);
} else { $e = oci_error(); }
} else { $e = array('message'=>'Please Change Your Password'); }
echo "<HTML>\n<HEAD>\n\t<TITLE>OCI Change Pwd
Test</TITLE>\n</HEAD>\n<BODY>\n" .
"<FORM METHOD='post'>\n<B>" . $e['message'] . "</B><HR>\n" .
"Oracle Instance: <INPUT TYPE='text'
NAME='itxtOraSID'><BR>\n" .
"User Name: <INPUT TYPE='text' NAME='itxtUserID'><BR>\n" .
"Current Password: <INPUT TYPE='text'
NAME='ipwdOld'><BR>\n" .
"New Password: <INPUT TYPE='text' NAME='ipwdNew'><BR>\n" .
"<INPUT TYPE='submit' name='ibtnSubmit' VALUE='Change
Password'>\n" .
"</FORM>\n</TABLE>\n</BODY>\n</HTML>\n";
?>
Expected result:
----------------
Password changed with no error if user submitted the correct password
information.
Actual result:
--------------
ORA-28008: invalid old password
--
Edit bug report at http://bugs.php.net/?id=33097&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=33097&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=33097&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=33097&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=33097&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=33097&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=33097&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=33097&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=33097&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=33097&r=support
Expected behavior: http://bugs.php.net/fix.php?id=33097&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=33097&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=33097&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=33097&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=33097&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=33097&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=33097&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=33097&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=33097&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=33097&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=33097&r=mysqlcfg
