Home Original page

PHP :: Bug #34005 :: ocipasswordchange() fails

Bug #34005 ocipasswordchange() fails
Submitted: 2005-08-05 10:51 UTC Modified: 2006-06-05 07:35 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: uherj at avx dot cz Assigned: tony2001 (profile)
Status: Closed Package: OCI8 related
PHP Version: 5CVS, 4CVS (2005-12-25) (snap) OS: *
Private report: No CVE-ID: None

 [2005-08-05 10:51 UTC] uherj at avx dot cz

Description:
------------
after sucessful connecting retuns function ocipasswordchange() this output:
Warning: ocipasswordchange(): OCIPasswordChange: ORA-28008: invalid old password

Password is not changed and ocierror() is empty. With ociinternaldebug(1) do not returns any messaged related to change of passwords.

---------------------------
Oracle versions are:
Oracle9i Enterprise Edition Release 9.2.0.4.0 - Production 
PL/SQL Release 9.2.0.4.0 - Production 
CORE 9.2.0.3.0 Production 
TNS for VMS: Version 9.2.0.4.0 - Production 
NLSRTL Version 9.2.0.4.0 - Production 

PHP:windows binary distribution, CGI

Reproduce code:
---------------
$con=ocilogon($user,$password,$dbstring);
$ch=ocipasswordchange($con, $user, $password, $password_new1);

Note: same behaviour when passed wrong password:
$ch=ocipasswordchange($con, $user, "blahblah", $password_new1);


Expected result:
----------------
change password or return relevant error from Oracle

Actual result:
--------------
do not change password, because PHP function ocipasswordchange() passed wrong string to Oracle function OCIPasswordChange

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2005-08-05 10:54 UTC] tony2001@php.net

FYI ocipasswordchange() passes correct string to OCI funcs.
No idea why it fails.

 [2005-08-05 13:40 UTC] uherj at avx dot cz

this bug shows only when user account return warning:

Warning: ocilogon(): OCISessionBegin: OCI_SUCCESS_WITH_INFO: ORA-28002: the password will expire within 10 day

 [2005-12-26 17:26 UTC] sniper@php.net

Assuming this happens also with new oci code.

 [2006-01-05 23:40 UTC] gcombe at co dot weber dot ut dot us

so is there a fix for this or not?

 [2006-03-21 03:53 UTC] maxim@php.net

Hi,

I heard about this very problem from my collegue just the other day. 

The weird fact is that I actually have added OCIPasswordChange() function myself yet in PHP v4.3.2 ad it really is a straight-forward function - it simply passes the data from and to OCI's OCIPasswordChange call. So there is no interacion with the data submitted. 

I still have no clear solution but I am guessing that this may relay to OCI itself, not really PHP's OCI8 extension. 

Anyone has any ideas? 

ORA-28002 is simply a warning that that your old password is about to expire, cant' there be something set for you that disallows you to change the password during the Grace Period? 

Did you try changing the password in PL/SQL to see if it's doable for your case?

Are there any funny characters in your old password that can be interpreted wrongly? If so, try replicating the problem with a password made of [a-z0-9] and see if problem persists.. 

Nothing else comes to my mind

Let me know.
maxim

 [2006-03-21 10:06 UTC] tony2001@php.net

>it really is a straight-forward function - it simply passes 
>the data from and to OCI's OCIPasswordChange call
Yes, and this makes me wonder too.

>cant' there be something set for you that disallows you to
>change the password during the Grace Period? 
I'm not sure about the grace period, but I can't change my own password also, which is equal to "system".

 [2006-06-05 07:35 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.