I Can't Figure Out My Password - NOT Wordpress

by Mike Hlatky 5 replies
Long story short, I haven't logged into my website for a long time and I forgot the password.

Here is the admin area - mylovelybunny.com

I am trying to go into phpmyadmin to change the password, but no luck.

The current password is *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
and I have no idea how to decode it.

I tried to resave a password saved as MD5 over that password, but it didn't help.

Here is the php file for the index page:

require_once SMARTY_DIR."config_file.class.php";
require_once SMARTY_DIR."smarty.class.php";

require_once "libs/globals.php";
require_once "libs/db_layer.php";
require_once "libs/db_module.php";

$post_vars = StripSlashArray ($_POST);

if (!is_array($post_vars)) {
	$post_vars = StripSlashArray($_GET);

class savename extends db_module {

	function savename() {
		$table_name = "tbl_admin";
		$searchable_columns ="adminUserName";
		$this->db_module($table_name, $table_schema, $searchable_columns);
		return 1;

	function action($post_vars) {
		$return_str = "";
		switch ($post_vars['action']) {
			case "login":
				if($this->Validate($post_vars)) {	
					$return_str .= $this->welcome();				
					$return_str .= $this->welcome();					
			case 'logout':	
			case 'welcome':
				$return_str .= $this->welcome();
				$return_str .= $this->loginForm($post_vars,$error);
		return $return_str;
	function unsetsession() {	
	function Validate ($post_vars) {
		require_once "../classes/class.util.php";
		$smarty = new Smarty ();		
		$post_vars = AddSlashArray ($post_vars);
		extract ($post_vars);

		if($user_name == "") {			
			$GLOBALS['errors'][$error]="Please enter your username.";
		if($password == "") {
			$GLOBALS['errors'][$error]="Please enter your password.";
		if($error=="0") {
			$utilObj = new  MyUtil();
			$sqlCount="SELECT count(*) AS counter FROM tbl_admin AS adm WHERE adm.adminUserName LIKE '".$user_name."' AND adm.adminPassword='".$utilObj->base64En(2,$password)."' AND adm.adminStatus ='Y'";
			if($rowCount['counter']=="0") {
				$GLOBALS['errors'][$error]="Please enter correct username or password.";
				$sql="SELECT adm.adminID, adm.adminUserName, adm.adminID FROM tbl_admin AS adm WHERE adm.adminUserName='".$user_name."' AND adm.adminPassword='".$utilObj->base64En(2,$password)."' AND adm.adminStatus ='Y'";		
				$sql_update="UPDATE tbl_admin SET adminLastLogin = '".date("Y-m-d H:i:s")."', adminIpAddress = '".$_SERVER['REMOTE_ADDR']."' WHERE adminID ='".$row['adminID']."'";
				//$smarty->assign("admin_id", $row['admin_id']);

		Return $error;

	function loginForm ($post_vars, $error=NULL) {
		$smarty = new Smarty();
		if(is_array($post_vars)) {			
			extract ($post_vars);					
			$smarty->assign ("user_name", $user_name);
			$smarty->assign ("password", $password);
			if ($error != NULL){			
				$str="<img src='images/error.gif' border='0' alt='' align='absmiddle'>";
				$str.="<B>Some fields have not been correctly completed.</B> Please review the changes required below.";
				$str.="<ul type='square' style='margin:10 10 10 30;'>";
				for($i=0; $i<count($GLOBALS['errors']); $i++) {				
				$smarty->assign ("error", $str);
			return $smarty->fetch("admin_index.tpl");	


	function welcome() {
		$smarty = new Smarty();
		 $query1="SELECT DATE_FORMAT(adminLastLogin,'%d-%m-%Y  %h:%i %p') AS lastlogin FROM tbl_admin WHERE adminUserName ='".$_SESSION['session_adminuser_name']."'";
		 $smarty->assign('lastlogin', $row['lastlogin']);

		return $smarty->fetch("admin_welcome.tpl");

$savename = new savename();

$body = $savename->action($post_vars);
$smarty = new Smarty();
$smarty->assign("body", $body);
Any help would be appreciated.
#programming #figure #password #wordpress
  • Profile picture of the author yanl
    Hi Mike

    It looks like the password is encrypted using base64 instead of md5. Judging from the code below. I think 2 might be the key.

    If you have access to change the code I would print the result of base64En(2, "password of your choice") and insert it into the database.
    {{ DiscussionBoard.errors[8085966].message }}
  • Profile picture of the author Kingfish85
    Hash: 94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29

    Type: MySQL4.1+: sha1(sha1_bin())

    Result: test
    {{ DiscussionBoard.errors[8086113].message }}
    • Profile picture of the author Mike Hlatky
      Originally Posted by Kingfish85 View Post

      Hash: 94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29

      Type: MySQL4.1+: sha1(sha1_bin())

      Result: test
      I changed the user and pass in the database to both be "test"

      For some reason it isn't allowing me to login with that information..........
      {{ DiscussionBoard.errors[8086160].message }}
      • Profile picture of the author vstm
        Is the asterisk (*) also stored with your password-hash? Have you tried removing the asterisk? Maybe it's used to "disable" the login of that account.

        Otherwise we need to have the source of `MyUtil::base64En` to see how a proper password-hash is built.
        {{ DiscussionBoard.errors[8092759].message }}
  • Profile picture of the author RobinInTexas
    Try exporting your database, and then re-initialize the CMS or whatever runs the site as a new blank setup creating new admin and password.

    Then merge the the admin fields overwriting the old in a copy of the export.

    Replace the new working DB with the modified export.


    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8087251].message }}

Trending Topics