Hi, I need to recover a password for an admin section of a website. I have the code for the login page - can I find the password there? <?php ob_start(); session_start(); include_once("config/config.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Reward:Admin Control Panel</title> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <style media="all" type="text/css"> @import "css/all.css";#bg_center_footer { background-image: url(img/bg-center-column_footer.gif); background-repeat: no-repeat; float: left; height: 29px; width: 750px; margin-left: 192px; } </style> <script language="javascript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="javascript" type="text/javascript" src="js/jquery-ui-1.7.3.custom.min.js"></script> <script language="javascript" type="text/javascript"> function onloadfnc() { document.getElementById('itxtuid').focus(); } </script> </head> <body onload="onloadfnc()"> <form name="form1" id="iform1" method="post" action=""> <?php if($_REQUEST["logout"]=="logout") { session_unregister("rwdauid"); header('location:index.php'); exit; } if(isset($_POST['login'])) { if(empty($_POST['txtuid']) || empty($_POST['txtpass'])) { $msglogin='<font color="#FF0000">Both fields required!!</font>'; echo '<script> $(document).ready(function() { $("#loginbody").effect("shake", { times:2 }, 100); }); </script>'; }else { $result=mysql_query("select * from rwd_admin_login where userid='".mysql_real_escape_string($_POST["txtuid"])."' and password='".mysql_real_escape_string($_POST["txtpass"])."' "); if(mysql_num_rows($result)==0) { $msglogin='<font color="#FF0000">Please enter valid User ID or Password !!</font>'; echo '<script> $(document).ready(function() { $("#loginbody").effect("shake", { times:3 }, 100); }); </script>'; } else { $row=mysql_fetch_object($result); $_SESSION['rwdauid']=$row->userid; header('Location:admin_index.php'); exit; } } } ?> <div id="main"> <div id="header1"> <?php include_once("include/header.php"); ?> </div> <div id="middle1"> <div id="loginleftBlank"></div> <div id="logintop">LOGIN</div> <div id="loginleftBlank"></div> <div id="loginleftBlank2"></div> <table width="400" border="0" cellspacing="0" cellpadding="0"> <tr> <td><div id="loginbody"> <table width="400" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100" align="left" valign="top"><img src="img/login_icon.png" width="100" height="100" /></td> <td width="24"> </td> <td width="276" align="left" valign="top"><table width="276" border="0" cellspacing="0" cellpadding="0"> <tr> <td class="userId">User id:</td> </tr> <tr> <td> </td> </tr> <tr> <td><input name="txtuid" id="itxtuid" type="text" class="textfield1" /></td> </tr> <tr> <td> </td> </tr> <tr> <td class="userId">Password:</td> </tr> <tr> <td> </td> </tr> <tr> <td><input name="txtpass" type="password" class="textfield1" /></td> </tr> <tr> <td> </td> </tr> </table></td> </tr> <tr> <td> </td> <td> </td> <td align="center"><input type="submit" name="login" value="Login" /> </td> </tr> <tr > <td height="25"> </td> <td> </td> <td><?php echo $msglogin; ?></td> </tr> </table> </div></td> </tr> <tr> <td align="left" valign="top"><img src="img/shadow.png" width="422" height="22" /></td> </tr> </table> </div> </div> </form> </body> </html> <?php ob_end_flush(); ?>
No way, that would be an epic fail by the developer. This part is where it searches the database for the submitted userID and password: $result=mysql_query("select * from rwd_admin_login where userid='".mysql_real_escape_string($_POST["txtuid"])."' and password='".mysql_real_escape_string($_POST["txtpass"])."' "); Code (markup):
You will need to go into your database, then look for txtpass and it should be there somewhere. PM me if you need hands on
Yes, use phpMyAdmin or another MySQL admin tool to look through the rwd_admin_login table for the userIDs and passwords. The config/config.php file should contain the database details, if you are unsure of them.
The password in the database may be md5 encrypted (it would look something like aaca521c40f17f8a314708e99a2769b7) in which case you will need to reset your own password. The easiest way of doing that would be to visit http://scriptserver.mainframe8.com/md5.php then enter your new password and it will return it as an md5 encrypted string. Then all you need to do is update the password in the database.