I Can't Figure Out My Password - NOT Wordpress

by Mike Hlatky 5 replies
Long story short, I haven't logged into my website for a long time and I forgot the password.

Here is the admin area - mylovelybunny.com

I am trying to go into phpmyadmin to change the password, but no luck.

The current password is *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
and I have no idea how to decode it.

I tried to resave a password saved as MD5 over that password, but it didn't help.

Here is the php file for the index page:

Code:
<?php
session_start();
require_once("config.php");
require_once SMARTY_DIR."config_file.class.php";
require_once SMARTY_DIR."smarty.class.php";

require_once "libs/globals.php";
require_once "libs/db_layer.php";
require_once "libs/db_module.php";

$post_vars = StripSlashArray ($_POST);

if (!is_array($post_vars)) {
	$post_vars = StripSlashArray($_GET);
}

class savename extends db_module {

	function savename() {
		
		$table_name = "tbl_admin";
		
		$table_schema="";
		$searchable_columns ="adminUserName";
		$this->db_layer();
		$this->db_module($table_name, $table_schema, $searchable_columns);
		return 1;
	}

	function action($post_vars) {
		
		$return_str = "";
		$error="0";
		switch ($post_vars['action']) {
			case "login":
				if($this->Validate($post_vars)) {	
					
					$error="1";
					$return_str .= $this->welcome();				
				}
				else{					
					$return_str .= $this->welcome();					
				}
				break;
			case 'logout':	
				$this->unsetsession();	
				header('location:./');
				exit();
			case 'welcome':
				$return_str .= $this->welcome();
				break;
			default:
				$return_str .= $this->loginForm($post_vars,$error);
		}
		return $return_str;
	}
	//-----------------------------------------
	function unsetsession() {	
		session_unregister('session_admin_id');
		session_unregister('session_adminuser_name');
		session_destroy();
	}
	//-----------------------------------------
	function Validate ($post_vars) {
		
		require_once "../classes/class.util.php";
		$smarty = new Smarty ();		
		$post_vars = AddSlashArray ($post_vars);
		extract ($post_vars);

		$error=0;
		if($user_name == "") {			
			$GLOBALS['errors'][$error]="Please enter your username.";
			$error++;
		}
		if($password == "") {
			$GLOBALS['errors'][$error]="Please enter your password.";
			$error++;
		}	
		
		if($error=="0") {
			
			$utilObj = new  MyUtil();
			$sqlCount="SELECT count(*) AS counter FROM tbl_admin AS adm WHERE adm.adminUserName LIKE '".$user_name."' AND adm.adminPassword='".$utilObj->base64En(2,$password)."' AND adm.adminStatus ='Y'";
			$rsCount=mysql_query($sqlCount);
			$rowCount=mysql_fetch_array($rsCount);
			mysql_free_result($rsCount);
			if($rowCount['counter']=="0") {
				$GLOBALS['errors'][$error]="Please enter correct username or password.";
				$error++;
			}
			else{
				$sql="SELECT adm.adminID, adm.adminUserName, adm.adminID FROM tbl_admin AS adm WHERE adm.adminUserName='".$user_name."' AND adm.adminPassword='".$utilObj->base64En(2,$password)."' AND adm.adminStatus ='Y'";		
				$rs=mysql_query($sql);
				$row=mysql_fetch_array($rs);
				mysql_free_result($rs);
				$_SESSION['session_admin_id']=$row['adminID'];
				$_SESSION['session_adminuser_name']=$row['adminUserName'];
			
					
				$sql_update="UPDATE tbl_admin SET adminLastLogin = '".date("Y-m-d H:i:s")."', adminIpAddress = '".$_SERVER['REMOTE_ADDR']."' WHERE adminID ='".$row['adminID']."'";
				mysql_query($sql_update);
				//$smarty->assign("admin_id", $row['admin_id']);
			}
		}

		Return $error;

	}
	
	//-----------------------------------------
	
	function loginForm ($post_vars, $error=NULL) {
	
		$smarty = new Smarty();
		
		if(is_array($post_vars)) {			
			extract ($post_vars);					
			$smarty->assign ("user_name", $user_name);
			$smarty->assign ("password", $password);
			if ($error != NULL){			
				$str="<img src='images/error.gif' border='0' alt='' align='absmiddle'>";
				$str.="<B>Some fields have not been correctly completed.</B> Please review the changes required below.";
				$str.="<ul type='square' style='margin:10 10 10 30;'>";
				for($i=0; $i<count($GLOBALS['errors']); $i++) {				
					$str.="<li>".$GLOBALS['errors'][$i]."</li>";
				}
				$str.="</ul>";
				$smarty->assign ("error", $str);
			}	
		}	
		if(!$_SESSION['session_user_name'])
			return $smarty->fetch("admin_index.tpl");	

	}

	function welcome() {
		$smarty = new Smarty();
		
		 $query1="SELECT DATE_FORMAT(adminLastLogin,'%d-%m-%Y  %h:%i %p') AS lastlogin FROM tbl_admin WHERE adminUserName ='".$_SESSION['session_adminuser_name']."'";
		 $res1=mysql_query($query1);
		 $row=mysql_fetch_array($res1);
		 $smarty->assign('lastlogin', $row['lastlogin']);

		return $smarty->fetch("admin_welcome.tpl");
	}
		
}

$savename = new savename();

$body = $savename->action($post_vars);
$smarty = new Smarty();
$smarty->assign("body", $body);
$smarty->display("admin_layout.tpl");	
?>
Any help would be appreciated.
#programming #figure #password #wordpress
Avatar of Unregistered
  • Profile picture of the author yanl
    Hi Mike

    It looks like the password is encrypted using base64 instead of md5. Judging from the code below. I think 2 might be the key.
    base64En(2,$password)

    If you have access to change the code I would print the result of base64En(2, "password of your choice") and insert it into the database.
    {{ DiscussionBoard.errors[8085966].message }}
  • Profile picture of the author Kingfish85
    Hash: 94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29

    Type: MySQL4.1+: sha1(sha1_bin())

    Result: test
    {{ DiscussionBoard.errors[8086113].message }}
    • Profile picture of the author Mike Hlatky
      Originally Posted by Kingfish85 View Post

      Hash: 94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29

      Type: MySQL4.1+: sha1(sha1_bin())

      Result: test
      I changed the user and pass in the database to both be "test"

      For some reason it isn't allowing me to login with that information..........
      {{ DiscussionBoard.errors[8086160].message }}
      • Profile picture of the author vstm
        Is the asterisk (*) also stored with your password-hash? Have you tried removing the asterisk? Maybe it's used to "disable" the login of that account.

        Otherwise we need to have the source of `MyUtil::base64En` to see how a proper password-hash is built.
        {{ DiscussionBoard.errors[8092759].message }}
  • Profile picture of the author RobinInTexas
    Try exporting your database, and then re-initialize the CMS or whatever runs the site as a new blank setup creating new admin and password.

    Then merge the the admin fields overwriting the old in a copy of the export.

    Replace the new working DB with the modified export.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8087251].message }}
Avatar of Unregistered

Trending Topics