News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

$db_passwd garbage

Started by Sir Osis of Liver, June 25, 2020, 07:09:13 PM

Previous topic - Next topic

Sir Osis of Liver

What causes this to happen?  I've seen it on many forums, including my own.  Doesn't cause any db connection
problems, but makes a mess in Settings.php.



$db_passwd = '+)ZB-nYm2zu,0'; #D=9ii'; #D=9ii';


Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Arantor

Have never seen that in 14 years of running SMF.

Then again I don't let anything write to Settings.php...

Sir Osis of Liver

It's writeable by default, most forums leave it that way.  If you delete the extra stuff, it comes back.  Apparently it's ignored.

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Arantor

It is ignored because the # is a symbol that means 'ignore the rest of the line', sort of like //.

I know it's writable by default, it's just as bad an idea now as it was then.

Sir Osis of Liver

Here's another one, different forum, different host -



$db_passwd = 'dfe39#83^Fi'; #83^Fi'; #83^Fi'; #83^Fi'; #83^Fi';



If Settings.php isn't writeable, repair_settings won't work, and isn't there other stuff in the file that gets updated (like $db_last_error)?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Arantor

$db_last_error is the *reason* why I don't let it be writable!

Other than that, it's a bug in the routine that updates the file not coping correctly with # in the password.

You know that you could just update things in the file manually without needing repair_settings, right? Also, it was a tool I never had to use outside of moving sites on servers, but that wasn't something I did that often except for other people, and I always did it by hand anyway.

Antechinus

If you want to be able to use repair_settings.php it would be easy enough to set the file non-writable for general use, thus making it bulletproof, then change it to writable if something goes haywire and you want to repair settings. Although if it's not writable most of the time then presumably things won't go haywire in the first place.

Sir Osis of Liver

Well, we all know how to edit Settings.php manually, and how to change file permissions as needed, but many users don't, and shouldn't have to.

Quote from: Arantor on June 25, 2020, 07:52:54 PM
$db_last_error is the *reason* why I don't let it be writable!

For the race condition bug?  That's been fixed in 2.1, hasn't it?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Arantor

Yes, it has.

But you know what? Other platforms don't have a repair_settings tool because other platforms don't store all the paths in the settings file or the database unnecessarily.

Advertisement: