Read about OpenEMR's Response to the COVID-19 Pandemic at https://www.open-emr.org/covid19/

Unable to Login

I have changed password, and this is the error I am getting, can anyone help

Query Error

ERROR: insert failed: INSERT INTO log_comment_encrypt (log_id, encrypt, checksum, version) VALUES ( ‘2384824’,‘No’,’’, ‘1’)

Error: Unknown column ‘version’ in ‘field list’

/var/www/vhosts/oemr/library/log.inc at 55:sqlInsertClean_audit
/var/www/vhosts/oemr/library/authentication/login_operations.php at 113:newEvent(login,admin,Default,1,success: 192.168.2.1)
/var/www/vhosts/oemr/library/auth.inc at 47:validate_user_password(admin,Default)
/var/www/vhosts/oemr/interface/globals.php at 567:include_once(/var/www/vhosts/oemr/library/auth.inc)
/var/www/vhosts/oemr/interface/main/main_screen.php at 25:require_once(/var/www/vhosts/oemr/interface/globals.php)

What happened before you where unable to log in? Have you ever logged in?

It seems like you may have tried to complete an upgrade and it didn’t finish. May re-try the upgrade and run the patch.

Hello good afternoon.

I would like to know if you could help me with a problem that I have, I did the installation for the first time on a server and said installation flowed normally, the detail is at the moment of logging in for the first time.

It gives me an incorrect user error or password and that I am entering the user I created for the first time. Even so, create an additional user in the database but still show the error when logging in. What can you advise me to do?

Thank you for your time, I look forward to a prompt and positive response.

hi @Freddy_Gonzalez, you could try resetting the password to pass

UPDATE users_secure SET `password` = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2Oz61S26s5E80Yd60lKdX4Wy3PBdEufNu' WHERE `username` = 'MHK-admin-61'

with the above generic query for username MHK-admin-61 so adjust based on your user name please

I did everything you told me and indeed the password was changed, I could verify it in the database. But it still gives me the wrong user error or password

hi @Freddy_Gonzalez , What is your OpenEMR version and operating system? Likely also need to set the salt:

UPDATE users_secure SET password = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2Oz61S26s5E80Yd60lKdX4Wy3PBdEufNu', salt = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2b$' WHERE username = 'MHK-admin-61'

(also ensure you are using single quotes)

Thank you very much for the answer, it may seem silly but I am something new in this and good about the salt field. I know that it is an encryption that gives my cotraseña more security but when doing the UPDATE I must place that exactly in the salt field?

Hi @Freddy_Gonzalez ,

Encryption is something that can be decrypted (for example, if storing a encrypted credit card number, you need to decrypt it to then be able to use it).

Hashing is something that can not be decrypted. Meaning you can not calculate the original thing that was hashed. Thus it would be bad to store credit card numbers as hashes since you can’t get the credit card number anymore. But it is perfect for passwords because you don’t need to ever calculate the password from the hash (and if your database gets swiped, the passwords are “safer” since in hashed form). The user enters in the password, OpenEMR then calculates the hash and checks that hash with what is stored on the database.

Hashes was one of my favorite topics of discussion when we upgraded OpenEMR’s hashing to support Argon2 (this is in the development version). To see what a hash is and why a salt is important check out this read:
https://www.theguardian.com/technology/2016/dec/15/passwords-hacking-hashing-salting-sha-2

Note that in the development codebase, the salts aren’t stored separately anymore (since they are already included in the hash), but in 5.0.2 and earlier also need to store the salt (the above combo of hash and salt will represent ‘pass’ password).

1 Like