Forums / Install & configuration / Password lost - help!
Noicokuna Niemoge
Friday 05 June 2009 1:14:22 am
Hello;
How to retrieve admin password? I tried to insert new md5 hash into ezuser table but it's not working for me. What's the "type 2 hash"?
Shiki soku ze ku...
Sébastien Morel
Friday 05 June 2009 1:26:32 am
Hi,
If you look in the class user : kernel/classes/datatypes/ezuser/ezuer.php (line 1557 )
static function createHash( $user, $password, $site, $type, $hash = false ) { $str = ''; if( $type == self::PASSWORD_HASH_MD5_USER ) { $str = md5( "$user\n$password" ); } else if ( $type == self::PASSWORD_HASH_MD5_SITE ) { $str = md5( "$user\n$password\n$site" ); } else if ( $type == self::PASSWORD_HASH_MYSQL ) { $db = eZDB::instance(); $hash = $db->escapeString( $password ); $str = $db->arrayQuery( "SELECT PASSWORD( '$hash' )" ); $hashes = array_values( $str[0] ); $str = $hashes[0]; } else if ( $type == self::PASSWORD_HASH_PLAINTEXT ) { $str = $password; } else if ( $type == self::PASSWORD_HASH_CRYPT ) { if ( $hash ) { $str = crypt( $password, $hash ); } else { $str = crypt( $password ); } } else // self::PASSWORD_HASH_MD5_PASSWORD { $str = md5( $password ); } eZDebugSetting::writeDebug( 'kernel-user', $str, "ezuser($type)" ); return $str; }
at the begining of class
/// MD5 of password const PASSWORD_HASH_MD5_PASSWORD = 1; const PASSWORD_HASH_MD5_USER = 2; const PASSWORD_HASH_MD5_SITE = 3; const PASSWORD_HASH_MYSQL = 4; const PASSWORD_HASH_PLAINTEXT = 5; const PASSWORD_HASH_CRYPT = 6;
So in your case (the default case) the constant is PASSWORD_HASH_MD5_USER.
So to force a new valid pass in the ezuser table you have to make a hash like
$str = md5( "admin\n$MYPASSWORD" );
++
-- eZ c'est plus fort que toi ! http://www.ez-france.org http://blog.plopix.net @Novactive (http://www.novactive.com)
Friday 05 June 2009 1:28:58 am
Thanks for fast reply :)
Hmm... I try to generate this password as type 2 in an md5 hash calculator, but without any success. Any ideas? Should I include there that \n string or is it a break? I think it's a string?
I generated a password like admin\nmypassword, but the hash doesn't work. By now I login as type 1 pass, but every time I log out it gets changed in the DB to type 2, which is not that convenient.
Friday 05 June 2009 1:55:01 am
For me
print md5("admin\nmypassword");
return
4a964898a3133cf2507ff82962c3a88a
and it's ok for me( I just tested)
Are you sure, your problem comes from the password ? eZ shows error from user/password or siteaccess ?
Friday 05 June 2009 1:58:48 am
Well, I noticed that whenever I log out (when I change hash in the database and hash type to 1), Exponential changes hash type to 2 and also... changes the hash itself (changes password).
eZ even doesn't display an error "invalid password" just redirects me again to login form. Also, no errors are visible in error log.
Hmm, is it possible that I got hacked?
If yes, tell me please how to manually disable logins because today I'm going abroad and won't be able to sit and solve that problem instantly. :/
Łukasz Serwatka
Friday 05 June 2009 3:20:31 am
Try run:
UPDATE `YOURDBNAME`.`ezuser` SET `password_hash` = '', `password_hash_type` = '4' WHERE `ezuser`.`contentobject_id` =14;
Then login as admin without password and click change password on the right to set new admin password from Exponential,
Personal website -> http://serwatka.net Blog (about eZ Publish) -> http://serwatka.net/blog