Mailing List Archive: Recovering a lost password, Part II?

Recovering a lost password, Part II?

Mar 29, 2004, 6:52 AM

Post #1 of 4 (1253 views)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a user who has forgotten their password. For a number of reasons,
email is not available on this system, so I need to jam a new password into
the database for him.

I see the user_password and user_newpassword fields in the user table, but
they are obviously hashes of some sort.

Can someone post the syntax of the appropriate SQL to insert a new password?

Thanks in advance.

AL

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001

iQCVAwUBQGgqINuN3h5YyVRRAQKsIgP9EVIVmPhZAtOYv4eMQAMIZxMjbPNrCai2
J/eSWjI44Soo8CP+TIPJmaTkDWFQcwtBUdT3iruUOqIGfbgIekil1BHfOcY4LBGV
Q18NayOjyULpeW0NFNZDM9bLirSAfGgcIAtLpPZg90W7ih2tnzUtMvCyL6RCmsww
+NIlDTE9bWQ=
=s+dN
-----END PGP SIGNATURE-----

Re: Recovering a lost password, Part II? [ In reply to ]

juxo at consumerium

Mar 29, 2004, 3:27 PM

Post #2 of 4 (1245 views)

Permalink

Al Potter kirjoittaa maanantaina, 29. maaliskuuta 2004, kello 16:52:
>
> I see the user_password and user_newpassword fields in the user table,
> but
> they are obviously hashes of some sort.
>
> Can someone post the syntax of the appropriate SQL to insert a new
> password?

I _guess_ that the hash used is standard UNIX passwd hash which can be
invoked with command 'htpasswd' but I do not know this for certain, I
just do not see any reason to use any other hashing scheme

see 'man htpasswd' or 'htpasswd' or 'htpasswd --help' for more
information

I hope this helps.

-juxho

Re: Recovering a lost password, Part II? [ In reply to ]

apotter at icsalabs

Mar 29, 2004, 11:57 PM

Post #3 of 4 (1236 views)

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mailinglists@patrice.ch said:

> If you want to create a new password, you can create the following
> PHP file:
> ,----[ genpwd.php ]
> | <?
> | $user_id=123;
> | $pass="reset";
> | $salt=true;
> |
> | if($salt)
> | $pass_md5=md5($pass);
> | else
> | $pass_md5=$pass;
> |
> | print md5("{$user_id}-{$pass_md5}");
> | print "\n";
> | ?>
> `----

This did the trick, so thank you very much.

Is there any chance this functionality could make it into a production
release, preferably as a Sysop Only special Page?

AL

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001

iQCVAwUBQGkaatuN3h5YyVRRAQLb+gP/VlToWvawAnGvZM4IkuDyjfR9jGmekyJ0
SMshQj3Y7qmkUVJ7gXbIgz7RtfOsdEKN+7gudANG/LrF+cWFtLKNDWxa7zGK+hpv
xqTfAYx/YyoKUmLGq6o7bomwACGC6yVugaN5OW3SH/ECuIuV6BmqVr8oDSFIQ1pQ
iDT2puESu0A=
=6AkM
-----END PGP SIGNATURE-----

Re: Recovering a lost password, Part II? [ In reply to ]

mailinglists at patrice

Mar 30, 2004, 12:17 AM

Post #4 of 4 (1233 views)

Permalink

Juho Heikkurinen <juxo@consumerium.org> writes:

> I _guess_ that the hash used is standard UNIX passwd hash which can be
> invoked with command 'htpasswd' but I do not know this for certain, I
> just do not see any reason to use any other hashing scheme
>
> see 'man htpasswd' or 'htpasswd' or 'htpasswd --help' for more
> information

I looked at the code. The relevant function is encryptPassword() in
User.php. The password is calculated like this:
md5(USER_ID + "-" + md5(USER_PASS))

Unless you have set $wgPasswordSalt to false in which case it is
md5(USER_PASS)

If you want to create a new password, you can create the following
PHP file:
,----[ genpwd.php ]
| <?
| $user_id=123;
| $pass="reset";
| $salt=true;
|
| if($salt)
| $pass_md5=md5($pass);
| else
| $pass_md5=$pass;
|
| print md5("{$user_id}-{$pass_md5}");
| print "\n";
| ?>
`----

Adjust the first three lines to your needs and execute it on the
command line with: `php genpwd.php' (no quotes). Or put it into your
Web path and execute it with your favorite browser¹.

Hope this helps,
Patrice

______________
¹ <http://www.mozilla.org/products/firefox/>

--
Jesus answered, "I am the way and the truth and the life. No one comes
to the Father except through me." (The Bible, John 14:6)