login rework

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
russia5
Forum Newbie
Posts: 12
Joined: Sun May 22, 2005 8:07 pm
Location: California
Contact:

login rework

Post by russia5 »

I have a problem that I am not able to solve. I would kindly thank anyone who might help me with the solution. I have been given a site to work on, in which the owner does not know the superadmin password. I have looked in the database, as well as in the coding, and find that it is hashed with MD5. He is trying to find his paperwork in which he has it written down so I can't delete the userid and password from the database. Is there a way to reset it manually from the code?
Below is the code for the login.

Code: Select all


if ($_GET) {
         $url = $_GET["url"];
 }
 if ($_POST) {
     $user_name = $_POST["user_name"];
     $password = $_POST["password"];
    $password = md5($password);
     $url = $_POST["url"];
     $result = mysql_query("SELECT * FROM users WHERE user_name=\"" . $user_name . "\"");
     if (mysql_num_rows($result) > 0) {
    while ($myrow = mysql_fetch_array($result)) 
    			{
      if ($myrow["password"] == $password) 
     			{
      	$_SESSION['user_name'] = $user_name;
      	$_SESSION['admin_role'] = $myrow["role"];
    	$_SESSION['agency'] = $myrow["agency_name"];
    	/*echo "<script type=\"text/javascript\" language=\"JavaScript\">location.href = '" . $url . "';</script>";*/
       	header("Location: admin_area.php");
        	exit;
       			} 
       		else
       			{
       		$msg = "<font color=red>Login failed. Wrong password entered.</font>";
           	}
         			}
              } 
    		else 
    		{
         $msg = "<font color=red>Login failed. User does not exist.</font>";
      	    }
         mysql_free_result($result);
  }

Here is the change password script

Code: Select all


<?php
session_start();
if (!isset($_SESSION['user_name']))
{
	header("Location: Login.php?url=" . $_SERVER['PHP_SELF']);
}


require_once("../../includes/ru_config.php");
require_once("../../includes/ru_connection.php");
require_once("../../includes/ru_data.php");
require_once("../../includes/ru_utils.php");
require_once("../../libs/ru_smarty.php");

$errorMsg;
?>


<?php
if ($_POST)
{
	//Check that the friend's name, site URL and order are provided
	if ($_POST['password'] == $_POST['re_password'])
	{
		$updateQuery = "UPDATE Users SET password ='" . $_POST['password'] . "' WHERE user_name='" . $_SESSION['user_name'] . "'";

		if ($result = mysql_query($updateQuery))
		{
			// It worked, give confirmation
			$errorMsg= '<i><b>Password changed successfully.</b></i><br>';
		}
		else
		{
			// It hasn't worked so stop. Better error handling code would be good here!
			$errorMsg = "<font color=red><i><b>Sorry, there was an error changing your password.<br><br></b></i></font>";
		}
	}
	else
	{
		$errorMsg = "<font color=red><i><b>Sorry, there was an error changing your password. Both the entered passwords did not match!</b></i></font><br><br>";
	}
}

$smarty = new RuSmarty;

$smarty->assign("errorMsg",$errorMsg);
$smarty->assign("action",$_SERVER['PHP_SELF']);
$smarty->display('admin/change_password.tpl');
?>


Alkis
Forum Commoner
Posts: 31
Joined: Fri Mar 26, 2010 8:41 am

Re: login rework

Post by Alkis »

What comes quickly into my mind (if the password is only md5):

trying to set a new password:

lets say the new password is: password1234

Code: Select all

//do an md5 on it:
$encPassword = md5('password1234');
echo $encPassword;
Then copy the output of the above echo, and paste it direclty into the database. That way you have the encrypted password in your database, and from the page you can login by giving: password1234.
Last edited by Alkis on Sat Mar 27, 2010 1:02 pm, edited 1 time in total.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: login rework

Post by requinix »

Pick a password, then

Code: Select all

UPDATE `users` SET `password` = MD5("password here") WHERE `user_name` = "admin, or whatever the username is";
You can run that from a MySQL console, phpMyAdmin, or from a temporary PHP script.
Alkis
Forum Commoner
Posts: 31
Joined: Fri Mar 26, 2010 8:41 am

Re: login rework

Post by Alkis »

Maybe tasairis option is faster, choose what fits you.
russia5
Forum Newbie
Posts: 12
Joined: Sun May 22, 2005 8:07 pm
Location: California
Contact:

Re: login rework

Post by russia5 »

Thank You very much!! Worked like a charm!! You have now been elevated to my favorite forum status!!! :D
Post Reply