1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Sever change broke the script, what is salt?

Discussion in 'PHP' started by Colbyt, Nov 6, 2006.

0
  1. #1
    I moved a site from one server to another by exporting the DB and DL all the files. Then I created the new DB, modified the config file, uploaded the files and imported the sql dump. The site works fine.

    My problem is that I can not login to the admin section. The admin password was and is stored encrypted and I have not forgotten it. Looking at the admin login file I find this fragment where the validity of the password is approved or not.

    Note I have obscured part of the text by replacing alpha with *
    
// get salt and crypt()
            // if match, user/pass combination is correct
            // return 1
            $res = mysql_db_query ($DB,'SELECT value from ******_system_data where var=\'admin_pwd\'');
            $row = mysql_fetch_row ($res);

            if (md5($pass)==$row[0])
            {   $result = 1;
            }
    PHP:
    I can hack my way around this if I need to. My question is what changed from one sever to the other and is there a better way to fix this?
     
    Colbyt, Nov 6, 2006 IP
  2. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #2
    Usually you use an MD5, 1 way encryption to store passwords. Each server will have a different final value for your data after it is encrypted using this method. You need to manually add the password to the database by setting up a php script or using a shell command.

    Something like:
    
$password = "your actual password";
$admin_password = md5($password);
mysql_query("UPDATE ******_system_data SET admin_password = '$admin_password' WHERE user_id = '$admin_id'");
    PHP:
    After you run it your admin account should work.
     
    jestep, Nov 6, 2006 IP
    Colbyt likes this.
  3. disgust

    disgust Guest

    Messages:
    2,417
    Likes Received:
    133
    Best Answers:
    0
    Trophy Points:
    0
    #3
    there's another way to fix it that may be able to avoid needing to have all members needing to change passwords. assuming there are members and not just admins.

    find out how the script was calculating the salt, modify the new script to use the same values, although they'll have to be static, not dynamically pulled, obviously.

    also, I'm almost positive md5() calculates the same result on every server if no salt is used.
     
    disgust, Nov 7, 2006 IP
  4. Colbyt

    Colbyt Notable Member

    Messages:
    3,224
    Likes Received:
    185
    Best Answers:
    0
    Trophy Points:
    210
    #4
    Where would one hide the salt? Besides the pantry that is? :)
    Or what would it be called? Is it a numeric value?


    It really isn't a big issue. Only the admin password was affected.
     
    Colbyt, Nov 7, 2006 IP
  5. disgust

    disgust Guest

    Messages:
    2,417
    Likes Received:
    133
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I would need to see the script that originally inserted the password into the database to help you find the salt used.

    if it's just the admin pass, probably easiest to just bypass it
     
    disgust, Nov 7, 2006 IP