Password Recovery tools issue

Post Reply
User avatar
abdulhalim
Master Bludit
Posts: 128
Joined: Thu Mar 10, 2016 6:25 pm
Location: Bandar Abbas
Been thanked: 4 times
Contact:

Hello,

Today I just tested the Password Recovery Tools.
So I put it in the Bludit root and browse in via FF, the script said "username not found", I found out, I disabled the admin user!
What can I do in that case? so I change the admin values in the script and change to the e.g: "administrater" ( with miss typing ) - assume my real username is "administrator", so the script should say the "administrater" user does not exist! but it returns "administrater" and a password.

I noticed I miss typed the username, I correct it in the script, again: "username not found".
the worse thing is I remember my password, the script change it but not print it, so I am blocked right now :lol:

Is it a Bug or I break sth. :lol:
P.S: I am testing on the localhost with PHP 7.2.11 (Laravel)
User avatar
Edi
Site Admin
Posts: 3121
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Has thanked: 54 times
Been thanked: 77 times
Contact:

You can fix the username in the file users.php in the directory /bl-content/databases.
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
User avatar
abdulhalim
Master Bludit
Posts: 128
Joined: Thu Mar 10, 2016 6:25 pm
Location: Bandar Abbas
Been thanked: 4 times
Contact:

Is it possible to change password without salt?
I mean sth like following passwords


admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm
User avatar
Edi
Site Admin
Posts: 3121
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Has thanked: 54 times
Been thanked: 77 times
Contact:

abdulhalim wrote: Sun Mar 31, 2019 10:59 am Is it possible to change password without salt?
The hash for the password is created using the salt.

You can use a hash generator like the following one:

http://www.lorem-ipsum.co.uk/hasher.php

Bludit uses SHA1.
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
User avatar
abdulhalim
Master Bludit
Posts: 128
Joined: Thu Mar 10, 2016 6:25 pm
Location: Bandar Abbas
Been thanked: 4 times
Contact:

Edi wrote: Mon Apr 01, 2019 11:18 pm
abdulhalim wrote: Sun Mar 31, 2019 10:59 am Is it possible to change password without salt?
The hash for the password is created using the salt.

You can use a hash generator like the following one:

http://www.lorem-ipsum.co.uk/hasher.php

Bludit uses SHA1.
Thank you Edi,
I use the following method to change the password.

in the file users.php from the database, I change the following values (for available admin user)

Code: Select all

password: 5a93ae6060f19e6156abd4d2b88d4fdf5d9c18a5
salt: 5ca33055160dd
tokenAuth: c98200a8e59c5dd1e1ec76f856302201
Save the file, done!
after logging in should change the password
User avatar
Edi
Site Admin
Posts: 3121
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Has thanked: 54 times
Been thanked: 77 times
Contact:

Sorry, I cannot follow you... Have you generated a hash with the salt for the new password?
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
User avatar
abdulhalim
Master Bludit
Posts: 128
Joined: Thu Mar 10, 2016 6:25 pm
Location: Bandar Abbas
Been thanked: 4 times
Contact:

Edi wrote: Tue Apr 02, 2019 5:05 pm Sorry, I cannot follow you... Have you generated a hash with the salt for the new password?
Yes, But it didn't work for me, I used another method. I grab information from a fresh Bludit installation and change the values for the forgotten one. it works fine
User avatar
Edi
Site Admin
Posts: 3121
Joined: Sun Aug 09, 2015 5:01 pm
Location: Zurich
Has thanked: 54 times
Been thanked: 77 times
Contact:

Perhaps this has to do with LR/RL.
Clickwork - Websites mit Bludit | Planet Bludit - Tipps und Snippets
Post Reply