FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Reset admin password from database (Reset administrator password without email)
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Reset admin password from database [message #168762] Thu, 18 July 2013 23:55 Go to next message
archimedes is currently offline  archimedes
Messages: 3
Registered: July 2013
Karma: 0
Junior Member
Hi,

I've lost my password to the administrator account on a small forum I run in my personal server. The other accounts (including my own account for posting) are fine. However my server does not have emailing setup so I can't get my administrator password back with the "forgot password?" functionality of FUD Forum. How can I reset the password directly from the server? I guess I can manipulate the database to change the password, but in what table should I look? Thanks.
Re: Reset admin password from database [message #168768 is a reply to message #168762] Fri, 19 July 2013 15:24 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3771
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
Update 'passwd' column in fud30_users.
Re: Reset admin password from database [message #168769 is a reply to message #168768] Fri, 19 July 2013 16:15 Go to previous messageGo to next message
archimedes is currently offline  archimedes
Messages: 3
Registered: July 2013
Karma: 0
Junior Member
Thanks, is the password stored there in cleartext or do I need to use some scheme to transform it before storing in the database?
Re: Reset admin password from database [message #168770 is a reply to message #168769] Fri, 19 July 2013 23:16 Go to previous messageGo to next message
archimedes is currently offline  archimedes
Messages: 3
Registered: July 2013
Karma: 0
Junior Member
Solved it (looking in users_reg.inc). It generates a 9-character string applying MD5 to a random string, then concatenates the salt with the SHA-1 of the plain text, then applies SHA-1 again to the salt + SHA-1 passwd to get the password that is stored in the database. To change it in the database you can set the salt to an arbitrary string of length 9, calculate the SHA-1 of the password you want to set, then concatenate the salt with the result of the SHA-1 and then calculate the SHA-1 of this and update the database with the result.
Re: Reset admin password from database [message #169303 is a reply to message #168770] Fri, 20 September 2013 20:38 Go to previous message
juha is currently offline  juha   Czech Republic
Messages: 1
Registered: September 2013
Karma: 0
Junior Member
There is more elegant way when you have an access to backend database and you have forgotten user password.

Query the login and email

SELECT login, email FROM fud30_users;

and change the email to valid one

UPDATE fud30_users SET email="my(at)valid(dot)email' WHERE login=admin;
COMMIT;

Remediate the password on password recovery screen in fudforum (link from logon dialog).
* Follow email instructions and that's it (follow one reset link and wait for 2nd email with initial password)

Of course when your mail system is not workin is much dificult (constructing SHA hashes again). Does anyone try to manipulate with privileges or user id ?


petr
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Insert a message into a thread
Next Topic: Switch between User view and admin view
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 04:17:06 GMT 2024

Total time taken to generate the page: 0.02380 seconds