[stefan333]

Ralph (rad14701), on Oct 8 2004, 01:06 PM, said:

If you have access to your Etomite database, try using the following script as a stand-alone program... It will generate a new password that you can then copy and paste into your admin record within the manager_user table...

<?php
# MD5 Password Creator
# Usage: call this script, passing the textual passowrd you desire
#		Example: md5-password.php?password=new_password
#
echo md5($password);
?>

The script is fine but if you do not add
$password=$_GET['password'];
It will produce md5 for space ;)

So, this worked for me:

<?php
# MD5 Password Creator
# Usage: call this script, passing the textual passowrd you desire
#		Example: md5-password.php?password=new_password
#
$password=$_GET['password'];
echo md5($password);
?>

Then copy the md5 string, go to table etomite_manager_user in database etomite and change the password field of the user of your choice to it. I suppose you can create new record for user in this table.

[Ralph]

stefan333, on Mar 29 2007, 03:53 PM, said:

The script is fine but if you do not add
$password=$_GET['password'];
It will produce md5 for space ;)

So, this worked for me:

<?php
# MD5 Password Creator
# Usage: call this script, passing the textual passowrd you desire
#		Example: md5-password.php?password=new_password
#
$password=$_GET['password'];
echo md5($password);
?>

Then copy the md5 string, go to table etomite_manager_user in database etomite and change the password field of the user of your choice to it. I suppose you can create new record for user in this table.

You are correct... That omission stems from the fact that I had converted a snippet to a true PHP script... I also notice that I misspelled "passowrd" in the usage text... My bad X2...

[justPeachy]

I changed my password and know exactly what it is, but it won't allow me to log in. Are there characters you should not use in your password? When I changed my password it said it was changed and saved. I really need help getting in and I have to be honest, I have access to MySQL database, but I don't understand how to write or use the scripts. If someone could point me in the right direction it would be greatly appreciated. I'm sure it's easy, I just need a nudge to get me going. Thanks!!!

[justPeachy]

I tried this through MySQL queries. Please help. I'm not sure what I am doing.

$password=$_GET['password'];
echo md5($password);
?>

SQL query:

$password = $_GET[ 'password'];

MySQL said:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$password=$_GET['password']' at line 1

This post has been edited by justPeachy: 18 February 2009 - 11:29 PM

[PaulD]

Hi JustPeachy,

As far as I can see, Stefan is suggesting writing the code he has provided into a text file and saving it as something like passwordChange.php

Suppose you want your password to be Oranges. Then when you go to your website address www.yourwebsite.co.uk/passswordChange.php?password=oranges
it will 'echo' (print) to the screen your encoded password.

Then you can use that to copy and paste into the relevent row of the relevant etomite table, using phpMyAdmin and then you will know your password.

The code provided just takes the posted password, and encodes it for you.

I hope that helps.

Paul.

PS choose a straight forward password first, like BUCKET, you can always change it via the manager to something more secure later.

This post has been edited by PaulD: 18 February 2009 - 11:47 PM

[justPeachy]

PaulD, on Feb 19 2009, 12:43 AM, said:

Hi JustPeachy,

As far as I can see, Stefan is suggesting writing the code he has provided into a text file and saving it as something like passwordChange.php

Suppose you want your password to be Oranges. Then when you go to your website address www.yourwebsite.co.uk/passswordChange.php?password=oranges
it will 'echo' (print) to the screen your encoded password.

Then you can use that to copy and paste into the relevent row of the relevant etomite table, using phpMyAdmin and then you will know your password.

The code provided just takes the posted password, and encodes it for you.

I hope that helps.

Paul.

PS choose a straight forward password first, like BUCKET, you can always change it via the manager to something more secure later.

I appreciate your assistance. I tried exactly what you suggested and it didn't work for me. I don't know what I'm doing wrong. :( I know exactly what I changed my password to when I changed it. Does Etomite not take special characters? Why does it accept a change if you can't use it?

This post has been edited by justPeachy: 19 February 2009 - 12:46 AM

[PaulD]

Passwords! Bah! When they go wrong it is the end of the world - I understand your frustration.

I dont know if it takes special characters or not.

let us say your password is orange, then using the script, did you get an encoded password

EDIT Forget all that, just reading post in previous page and

Quote

Yes, the change_etomite_admin_password.php script should get you going... As for the MD5 encryption for your password, if you attempt to change it within phpMyAdmin you can simply enter your new plain text password and then select MD5 from the function drop-down... Once you save it phpMyAdmin will automatically MD5 encrypt the plain text password...

So, that and setting all the blocked fields to 0 should reset your password.

Paul.

This post has been edited by PaulD: 19 February 2009 - 01:11 AM

[Ralph]

justPeachy, if you can't get the password changed using any of the available scripts or in phpMyAdmin, I may have a script you can use to brute force the change... There may or may not be a copy of it here in the forums from years ago... PM me if you need the code...

[Ralph]

As a follow-up, this issue has been resolved by supplying justPeachy with a script to enable a brute-force change of the account password to be performed... The problem arose due to the lack of password selection validation in the current code base... justPeachy used exclamation marks (!!) in the password which, although saved in the database, are stripped out during the login process... It is doubtful that extensive validation checking will be implemented in the Prelude code base due to the number of scripts which would require modifications... It is one of those standard items that should have been in place from the start, however...