Loggin script error

I’m trying to loggin to my site and am having no luck (forgot my password).

Here is the loggin script:

$QRY_USER = MYSQL_QUERY(“SELECT VALUE FROM CONFIG WHERE KEY = ‘ADMIN_USERNAME’ LIMIT 0, 1”);
$R_QU = MYSQL_FETCH_ARRAY($QRY_USER);

/* Rejected ! */
if ($R_QU['VALUE']!=$PHP_AUTH_USER) {
        header( 'WWW-Authenticate: Basic realm="Private"' );
        header( 'HTTP/1.0 401 Unauthorized' );
        $buffer .= 'Authorization Required.';
        exit;
}

/* Now check the password. */
      $QRY_PASS = MYSQL_QUERY("SELECT `VALUE` FROM `CONFIG` WHERE `KEY` = 'ADMIN_PASSWORD' LIMIT 0, 1");
$R_QP = MYSQL_FETCH_ARRAY($QRY_PASS);

if (md5("ccb106b05fc3c46902435000ba8cc838" . $PHP_AUTH_PW)!=$R_QP['VALUE']) {
        header( 'WWW-Authenticate: Basic realm="Private"' );
        header( 'HTTP/1.0 401 Unauthorized' );
        $buffer .= 'Authorization Required.';
        exit;
}

I change the password through phpmyadmin in the database but still can’t loggin.

Any help would be greatly appreciated.

regards

joe

Jaanboy is right (I didn’t notice that you’ve changed the salt). It will work even if you don’t change it back but any other passwords stored in your database (before the change) won’t work.

Apart from that, the solution remains the same as the first you’ve got. :slight_smile:

You can’t ‘de-encrypt’ the password column. It’s a one way hash.

No no. Change the code back to what it previously was, so that line is now:

if (md5("ccb106b05fc3c46902435000ba8cc838" . $PHP_AUTH_PW)!=$R_QP['VALUE']) {

Now create a separate script with the following code:

<?php

// What you want the password to be
$password = 'password_goes_here';

echo md5('ccb106b05fc3c46902435000ba8cc838' . $password);

?>

This will then give you the hashed password. Insert that as the password database and your problem is solved :wink:

Errr… a bit dangerous what you show here… what I would do is to go to myPHPAdmin and change the properties of the password column and de-encrypt them, write down the password and then re-encrypt the password column.

Not quite sure about your reply. Ive tried to changer the password heaps of times all to no avail. I’m sure I must be doing something elementary wrong.
At the moment the username is administrator and the password is admin. I’ve attached a picture of the database table screen shot to illustrate what I’m mean. Also included the changed script to reflect the correct md5 password.

 /* Now check for username. */
          $QRY_USER = MYSQL_QUERY("SELECT `VALUE` FROM `CONFIG` WHERE `KEY` = 'ADMIN_USERNAME' LIMIT 0, 1");
    $R_QU = MYSQL_FETCH_ARRAY($QRY_USER);
	

    /* Rejected ! */
    if ($R_QU['VALUE']!=$PHP_AUTH_USER) {
            header( 'WWW-Authenticate: Basic realm="Private"' );
            header( 'HTTP/1.0 401 Unauthorized' );
            $buffer .= 'Authorization Required.';
            exit;
    }

    /* Now check the password. */
          $QRY_PASS = MYSQL_QUERY("SELECT `VALUE` FROM `CONFIG` WHERE `KEY` = 'ADMIN_PASSWORD' LIMIT 0, 1");
    $R_QP = MYSQL_FETCH_ARRAY($QRY_PASS);

    if (md5("21232f297a57a5a743894a0e4a801fc3" . $PHP_AUTH_PW)!=$R_QP['VALUE']) {
            header( 'WWW-Authenticate: Basic realm="Private"' );
            header( 'HTTP/1.0 401 Unauthorized' );
            $buffer .= 'Authorization Required.';
            exit;
    }

Again any help would be greatly appreciated.

regards

Joe

I assume (you have not included the relevant code) that the $PHP_AUTH_PW variable holds the password you are entering at the login form:

if (md5("21232f297a57a5a743894a0e4a801fc3" . $PHP_AUTH_PW)!=$R_QP['VALUE']) {

So, create a new php file and use the following code (change “newPassword” with the password that you want to use). Then, copy & paste the produced code into your database and use the password you chose (instead of “newPassword”) in your login form.

echo md5("21232f297a57a5a743894a0e4a801fc3" . 'newPassword'); 

For example, the above code will produce “6dcd5b87031e659e76cf410ac4cc05ab”. If you copy and paste this in your database and then enter “newPassword” in the password field of your login form it should work.

PS: The string “21232f297a57a5a743894a0e4a801fc3” is called salt and it’s used to make the encryption of your password stronger.

Try the following and insert into the database the produced password.

echo md5("ccb106b05fc3c46902435000ba8cc838" . 'newPassword');

You must be right but I remember doing it once long, long time ago. Don’t remember which type of encryption they used or if there was any function to show the passwords as normal words. Possibly, they used a different system.

Apologies for the mistake :slight_smile:

Somebody suggested I try this

Update your database manually, and set this as password: 86f3059b228c8acf99e69734b6bb32cc

The MD5 value of 21232f297a57a5a743894a0e4a801fc3" . $PHP_AUTH_PW will most certainly not be 21232f297a57a5a743894a0e4a801fc3.

Don’t change the rest of the code. Now your password “admin” should work again. Note that this is case-sensitive, though.

This worked a treat.

I’m know back in and online.

thanks for your help.

regards

Joe