Password Recovery tools issue
- abdulhalim
- Master Bludit
- Posts: 128
- Joined: Thu Mar 10, 2016 6:25 pm
- Location: Bandar Abbas
- Been thanked: 4 times
- Contact:
Hello,
Today I just tested the Password Recovery Tools.
So I put it in the Bludit root and browse in via FF, the script said "username not found", I found out, I disabled the admin user!
What can I do in that case? so I change the admin values in the script and change to the e.g: "administrater" ( with miss typing ) - assume my real username is "administrator", so the script should say the "administrater" user does not exist! but it returns "administrater" and a password.
I noticed I miss typed the username, I correct it in the script, again: "username not found".
the worse thing is I remember my password, the script change it but not print it, so I am blocked right now
Is it a Bug or I break sth.
P.S: I am testing on the localhost with PHP 7.2.11 (Laravel)
Today I just tested the Password Recovery Tools.
So I put it in the Bludit root and browse in via FF, the script said "username not found", I found out, I disabled the admin user!
What can I do in that case? so I change the admin values in the script and change to the e.g: "administrater" ( with miss typing ) - assume my real username is "administrator", so the script should say the "administrater" user does not exist! but it returns "administrater" and a password.
I noticed I miss typed the username, I correct it in the script, again: "username not found".
the worse thing is I remember my password, the script change it but not print it, so I am blocked right now
Is it a Bug or I break sth.
P.S: I am testing on the localhost with PHP 7.2.11 (Laravel)
- abdulhalim
- Master Bludit
- Posts: 128
- Joined: Thu Mar 10, 2016 6:25 pm
- Location: Bandar Abbas
- Been thanked: 4 times
- Contact:
Is it possible to change password without salt?
I mean sth like following passwords
admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm
I mean sth like following passwords
admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm
- Edi
- Site Admin
- Posts: 3121
- Joined: Sun Aug 09, 2015 5:01 pm
- Location: Zurich
- Has thanked: 54 times
- Been thanked: 77 times
- Contact:
The hash for the password is created using the salt.
You can use a hash generator like the following one:
http://www.lorem-ipsum.co.uk/hasher.php
Bludit uses SHA1.
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
- abdulhalim
- Master Bludit
- Posts: 128
- Joined: Thu Mar 10, 2016 6:25 pm
- Location: Bandar Abbas
- Been thanked: 4 times
- Contact:
Thank you Edi,Edi wrote: ↑Mon Apr 01, 2019 11:18 pmThe hash for the password is created using the salt.
You can use a hash generator like the following one:
http://www.lorem-ipsum.co.uk/hasher.php
Bludit uses SHA1.
I use the following method to change the password.
in the file users.php from the database, I change the following values (for available admin user)
Code: Select all
password: 5a93ae6060f19e6156abd4d2b88d4fdf5d9c18a5
salt: 5ca33055160dd
tokenAuth: c98200a8e59c5dd1e1ec76f856302201
after logging in should change the password
- abdulhalim
- Master Bludit
- Posts: 128
- Joined: Thu Mar 10, 2016 6:25 pm
- Location: Bandar Abbas
- Been thanked: 4 times
- Contact:
Yes, But it didn't work for me, I used another method. I grab information from a fresh Bludit installation and change the values for the forgotten one. it works fine