/var/www/vhosts/oemr/library/log.inc at 55:sqlInsertClean_audit
/var/www/vhosts/oemr/library/authentication/login_operations.php at 113:newEvent(login,admin,Default,1,success: 192.168.2.1)
/var/www/vhosts/oemr/library/auth.inc at 47:validate_user_password(admin,Default)
/var/www/vhosts/oemr/interface/globals.php at 567:include_once(/var/www/vhosts/oemr/library/auth.inc)
/var/www/vhosts/oemr/interface/main/main_screen.php at 25:require_once(/var/www/vhosts/oemr/interface/globals.php)
I would like to know if you could help me with a problem that I have, I did the installation for the first time on a server and said installation flowed normally, the detail is at the moment of logging in for the first time.
It gives me an incorrect user error or password and that I am entering the user I created for the first time. Even so, create an additional user in the database but still show the error when logging in. What can you advise me to do?
Thank you for your time, I look forward to a prompt and positive response.
I did everything you told me and indeed the password was changed, I could verify it in the database. But it still gives me the wrong user error or password
hi @Freddy_Gonzalez , What is your OpenEMR version and operating system? Likely also need to set the salt:
UPDATE users_secure SET password = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2Oz61S26s5E80Yd60lKdX4Wy3PBdEufNu', salt = '$2a$05$MKtnxYsfFPlb2mOW7Qzq2b$' WHERE username = 'MHK-admin-61'
Thank you very much for the answer, it may seem silly but I am something new in this and good about the salt field. I know that it is an encryption that gives my cotraseña more security but when doing the UPDATE I must place that exactly in the salt field?
Encryption is something that can be decrypted (for example, if storing a encrypted credit card number, you need to decrypt it to then be able to use it).
Hashing is something that can not be decrypted. Meaning you can not calculate the original thing that was hashed. Thus it would be bad to store credit card numbers as hashes since you can’t get the credit card number anymore. But it is perfect for passwords because you don’t need to ever calculate the password from the hash (and if your database gets swiped, the passwords are “safer” since in hashed form). The user enters in the password, OpenEMR then calculates the hash and checks that hash with what is stored on the database.
Note that in the development codebase, the salts aren’t stored separately anymore (since they are already included in the hash), but in 5.0.2 and earlier also need to store the salt (the above combo of hash and salt will represent ‘pass’ password).