23 replies to this topic

[justPeachy]

PaulD, on Feb 19 2009, 12:43 AM, said:

Hi JustPeachy,

As far as I can see, Stefan is suggesting writing the code he has provided into a text file and saving it as something like passwordChange.php

Suppose you want your password to be Oranges. Then when you go to your website address www.yourwebsite.co.uk/passswordChange.php?password=oranges
it will 'echo' (print) to the screen your encoded password.

Then you can use that to copy and paste into the relevent row of the relevant etomite table, using phpMyAdmin and then you will know your password.

The code provided just takes the posted password, and encodes it for you.

I hope that helps.

Paul.

PS choose a straight forward password first, like BUCKET, you can always change it via the manager to something more secure later.

I appreciate your assistance. I tried exactly what you suggested and it didn't work for me. I don't know what I'm doing wrong. I know exactly what I changed my password to when I changed it. Does Etomite not take special characters? Why does it accept a change if you can't use it?

Edited by justPeachy, 19 February 2009 - 12:46 AM.

[PaulD]

Passwords! Bah! When they go wrong it is the end of the world - I understand your frustration.

I dont know if it takes special characters or not.

let us say your password is orange, then using the script, did you get an encoded password

EDIT Forget all that, just reading post in previous page and

Quote

Yes, the change_etomite_admin_password.php script should get you going... As for the MD5 encryption for your password, if you attempt to change it within phpMyAdmin you can simply enter your new plain text password and then select MD5 from the function drop-down... Once you save it phpMyAdmin will automatically MD5 encrypt the plain text password...

So, that and setting all the blocked fields to 0 should reset your password.

Paul.

Edited by PaulD, 19 February 2009 - 01:11 AM.

[Ralph]

justPeachy, if you can't get the password changed using any of the available scripts or in phpMyAdmin, I may have a script you can use to brute force the change... There may or may not be a copy of it here in the forums from years ago... PM me if you need the code...

[Ralph]

As a follow-up, this issue has been resolved by supplying justPeachy with a script to enable a brute-force change of the account password to be performed... The problem arose due to the lack of password selection validation in the current code base... justPeachy used exclamation marks (!!) in the password which, although saved in the database, are stripped out during the login process... It is doubtful that extensive validation checking will be implemented in the Prelude code base due to the number of scripts which would require modifications... It is one of those standard items that should have been in place from the start, however...