WARNING: Fonicaprojects and 2.6 Upgrade Tool, use with caution. Fix included

Due to the fact that Fonicaprojects use an extra included file for security in apache it will break your setup when upgrading to 2.6

After you download and upgrade FreePBX Framework 2.6.0.RC1.0 you will be presented with a login that you cant get past.

To fix this you must do the following:

Step 1
Start a shell and type the following:

mysql -u root -ppassw0rd
 GRANT SELECT (username, password_sha1) ON `asterisk`.`ampusers` TO 'user'@'localhost';

Note: If you have changed the password for root in mysql you have to use that password instead of ‘passw0rd’.

Step 2
Edit the file /etc/pbx/httpd-pbx.conf and change the following:

AuthMySQLPasswordField          password
AuthMySQLPwEncryption           none


AuthMySQLPasswordField          password_sha1
AuthMySQLPwEncryption           sha1

Step 3
Restart apache

service https restart

Now you can continue the upgrade.


I migrated configs from another server and upgraded. I was locked out. I logged into the the server and looked through the ampusers table and saw the previous accounts’ passwords were converted to sha1 but the default admin account was gone. I logged into the old box and saw the passwords were cleartext so I borrowed one and logged into the new server. I try creating a new admin account and got:

INSERT INTO ampusers (username, password, extension_low, extension_high, deptname, sections) VALUES (‘test’,‘test’,’’,’’,’’,’’); [nativecode=1054 ** Unknown column ‘password’ in ‘field list’]SQL -
INSERT INTO ampusers (username, password, extension_low, extension_high, deptname, sections) VALUES (‘test’,‘test’,’’,’’,’’,’

I hacked line 1905 of admin/modules/core/functions.inc.php to read $sql = “INSERT INTO ampusers (username, password_sha1, extension_low, extension_high, deptname, sections) VALUES (”;

Now the password got inserted into the correct field but it was clear text. I did a echo password | sha1sum on the command line and got a sha1 checksum, inserted that into the password field but unfortunately freepbx would not accept my credentials.

Thanks for the proper fix, however i was unable to find /etc/pbx/httpd-pbx.conf or any other file with AuthMySQLPasswordField in it.


[SOLVED] In Ubuntu Server 12.04:
In file ~/admin/modules/core/function.inc.php find and chnge string:
INSERT INTO ampusers …
change to
REPLACE INTO ampusers …