I moved a site from one server to another by exporting the DB and DL all the files. Then I created the new DB, modified the config file, uploaded the files and imported the sql dump. The site works fine. My problem is that I can not login to the admin section. The admin password was and is stored encrypted and I have not forgotten it. Looking at the admin login file I find this fragment where the validity of the password is approved or not. Note I have obscured part of the text by replacing alpha with * // get salt and crypt() // if match, user/pass combination is correct // return 1 $res = mysql_db_query ($DB,'SELECT value from ******_system_data where var=\'admin_pwd\''); $row = mysql_fetch_row ($res); if (md5($pass)==$row[0]) { $result = 1; } PHP: I can hack my way around this if I need to. My question is what changed from one sever to the other and is there a better way to fix this?
Usually you use an MD5, 1 way encryption to store passwords. Each server will have a different final value for your data after it is encrypted using this method. You need to manually add the password to the database by setting up a php script or using a shell command. Something like: $password = "your actual password"; $admin_password = md5($password); mysql_query("UPDATE ******_system_data SET admin_password = '$admin_password' WHERE user_id = '$admin_id'"); PHP: After you run it your admin account should work.
there's another way to fix it that may be able to avoid needing to have all members needing to change passwords. assuming there are members and not just admins. find out how the script was calculating the salt, modify the new script to use the same values, although they'll have to be static, not dynamically pulled, obviously. also, I'm almost positive md5() calculates the same result on every server if no salt is used.
Where would one hide the salt? Besides the pantry that is? Or what would it be called? Is it a numeric value? It really isn't a big issue. Only the admin password was affected.
I would need to see the script that originally inserted the password into the database to help you find the salt used. if it's just the admin pass, probably easiest to just bypass it