selfoss
selfoss copied to clipboard
Unable to get passowrd hash value
Hi.
I am trying to install selfoss
2.19 version. In manual installation for the step (...../password) I am not getting any POST values for taking password hash. (in the previous version 2.18 I am getting POST value to replace the password hash in config.ini).
Can you please help with this how to get the password hash value? ( I have renamed config-example.ini to config.ini.)
Thanks
Hi, the password hash is now generated entirely in the web browser. So there will be no data sent to the server.
You will visit …/password
, enter your chosen password into the text entry field, press “generate password” button. After a short while, a new text entry field with the hash should appear:
If that does not happen for you, it might be a bug. What version of web browser do you use?
Alternately, if you have access to a command line with PHP installed, you could run the following and get the password hash that way:
php -r 'echo password_hash(trim(readline("Enter password: ")), PASSWORD_DEFAULT) . PHP_EOL;'
I am using the chrome browser (106.0.5249.91).
I am able to see the above page and “generate password” without any bugs. I have tried using the above command also to generate a password. But I am not getting how I can access the password hash without manually copying the generated password. In which file is the password hash generated during this step?
So can you please help with this?
Where should I get the password hash value in the extracted file (I need to run it in my script without the manually copying option) OR Is there any other way to skip this step by passing the password hash creation step?
Thanks
Neither the page, nor the command will save the hash anywhere. You will need to manually copy it to the password
field in the password
field of config.ini
file in the root of the selfoss installation (next to index.php
).
I have manually copied my hash password and replaced it in the
config.ini.
file for thepassword
value. It is something like thispassword=$2y$10$em9qknuM/XvCI634ian6G.usSEp1kHTh3pr/HpdA/40cnci.CiyL2
.
Please make sure the name of the file is config.ini
(without a period after the ini
), otherwise that looks good.
Where should I get the password hash value in the extracted file
Anywhere in the file should be fine. For example, if you put the following to the config.ini
file (obtained from the docs on the website):
username=secretagent
password=$2y$10$xLurmBB0HJ60.sar1Z38r.ajtkruUIay7rwFRCvcaDl.1EU4epUH6
you should be able to log in with secretagent
as the user name and heslo
(Czech for password) as the password .
I need to run it in my script without the manually copying option
I am not sure what script you mean. If you need to deploy selfoss to some service that does not allow you to just copy a file, you will need to create it during provisioning. Or if it allows you to set environment variables, you can use that instead of config.ini
.
If you need to create the password hash in some other programming language, here are more examples (Python and UNIX shell): https://unix.stackexchange.com/questions/307994/compute-bcrypt-hash-from-command-line
Or you can use any other hash format accepted by PHP’s password_hash
function.
Is there any other way to skip this step by passing the password hash creation step?
If you do not set username or password, anyone accessing the selfoss website will be able to manipulate the program (including marking articles as (un)read or (un)starred, adding and removing sources, and triggering updates). If you do not want that, you could also set up authentication using web server (e.g. https://github.com/Luzifer/nginx-sso/wiki/Nginx-Reverse-Proxy-for-homelab-services-using-SSO).