Results 1 to 8 of 8

Thread: Admin Login + User login no longer works

  1. #1
    Join Date
    Jan 2005
    Posts
    24

    Default Admin Login + User login no longer works

    Hello,

    Been struggling with my 2.0.4 upgrade and was recently able to login as admin as well as the 17 users but now no login is accepted.

    error: That username doesn't exist in our database.

    -Checked database, all is fine.
    - Used myPhPAmin panel to database to change adimin password to "password" as shown in another posting.... but still failed.
    - re-uploaded all amin files... still failed.

    Tried to lookup password from admin page but receive fatal error:
    Site Crashed WARNING --> 67.118.118.158 ON July 23, 2005, 2:16:21 am

    SQL statement that failed below:
    ---------------------------------------------------------
    SELECT userdb_emailaddress, userdb_user_password FROM userdb WHERE userdb_emailaddress='

    Anyone know what to do next???

    Any assistance will be most appreciated.


    Thanks in Advance,
    nbyrd

  2. #2
    Join Date
    Jul 2003
    Location
    California
    Age
    42
    Posts
    4,229

    Default

    PM Me your website address, phpMyAdmin information and an FTP login and I'll take a look at it and try to figure out what went wrong where.
    Open-Realty 2 Documentation

    ~The Difference Between an ORDEAL and an ADVENTURE is ATTITUDE~

  3. #3
    Join Date
    Jun 2004
    Location
    Central Mexico
    Posts
    327

    Default changing password

    although I see the "solution" referred to in this thread of changing the password directly in the password field for the Admin, that, of course, will never work because the MD5 algorithm is looking for an encrypted password in that field. It will not know "password" in its unencrypted form even as it stares nakedly at the unencrypted word itself.

    HOWEVER, since you can get into the user admin files....simply go make another account in Open Realty using the web browser if you have a link for new members or Agents to join. Whatever form you have access to. Fill out the password field in the website form with either "password" or a new password--(should use this opportunity to really make up a more secure password).

    Save the new account. Then go into that new account at the database you've created using phpmyadmin (since you mention that one). Do a Control+C on the new account's encrypted password code. Then look up your OR admin password field if you are using English in the table: "default_en_userdb: , go into the Edit mode to get access to "userdb_user_password" and paste the whole crypted string in with Control+V making sure to completely replace the old string.

    Save it and then you should be able to enter OR admin with that password. And, you may want to delete the "test account" after that.

  4. #4
    the_sandking's Avatar
    the_sandking is offline hadron remnant - Moderation Fachmann
    Join Date
    Apr 2003
    Location
    Nullspace
    Posts
    5,289

    Default

    Actually, you can change the password via PHPmyAdmin, if you already have a known MD5 HASH value like the default OR password.

    http://support.open-realty.org/showp...21&postcount=4
    "Much of what looks like rudeness in hacker circles is not intended to give offense. Rather, it's the product of the direct, cut-through-the-BS communications style that is natural to people who are more concerned about solving problems than making others feel warm and fuzzy."

    "We gotta' go to the crappy town where I'm a hero!"
    -Hoban 'Wash' Washburne 2485-2519


    "When you’re born you get a ticket to the freak show. When you’re born in America, you get a front-row seat.."
    -George Carlin 1937-2008

    New to Open-Realty® and need help? Check the:
    -OR DOCUMENTATION -

    Important: Read this at least once in your lifetime
    How To Ask Questions The Smart Way

  5. #5
    Join Date
    Jun 2004
    Location
    Central Mexico
    Posts
    327

    Default exactly

    YEP, Sandking, if, as you say, you ALREADY have that "..known MD5 HASH value like the default OR password"--it would be simple to create the "fix".

    Which is kind of weird, isn't it? The idea that the MD5 Hash value is the same for a given word on any server....

    Somehow that just seems a little insecure!

  6. #6
    the_sandking's Avatar
    the_sandking is offline hadron remnant - Moderation Fachmann
    Join Date
    Apr 2003
    Location
    Nullspace
    Posts
    5,289

    Default

    If the MD5 hash of a constant string (like "password") wasn't always the same, (a constant too) you couldn't use it. Now, encrypting strings using key-pairs is a different story altogether.

    More info:
    http://www.faqs.org/rfcs/rfc1321
    "Much of what looks like rudeness in hacker circles is not intended to give offense. Rather, it's the product of the direct, cut-through-the-BS communications style that is natural to people who are more concerned about solving problems than making others feel warm and fuzzy."

    "We gotta' go to the crappy town where I'm a hero!"
    -Hoban 'Wash' Washburne 2485-2519


    "When you’re born you get a ticket to the freak show. When you’re born in America, you get a front-row seat.."
    -George Carlin 1937-2008

    New to Open-Realty® and need help? Check the:
    -OR DOCUMENTATION -

    Important: Read this at least once in your lifetime
    How To Ask Questions The Smart Way

  7. #7
    Join Date
    May 2004
    Location
    Long Island, NY
    Age
    49
    Posts
    9,796

    Default

    I've never heard of md5 being insecure. The only security issue would be if you didn' change the default password or if someone knew your password. It doesn't matter if the md5 hash for a word is always the same, if they don't know the word, they can't get into your site.

  8. #8
    Join Date
    Jul 2003
    Location
    California
    Age
    42
    Posts
    4,229

    Default

    Only way that could be insecure would be if somebody was able to gain access to your database to read the MD5 password and compare it to a list of common word's MD5 hashes... two problems with this are 1, you shouldn't be using common words for your password in the first place.. and 2: if they're in the database.. you have much bigger problems than them reading an MD5 hash and figuring out the password to it.. they can just delete and put their own password in at that point.. delete everything or do whatever the heck they want... so I wouldn't stress over it too much.

    Oh.. and for the real kicker on MD5... more than one word may end up with the same exact MD5 hash as well... so "Password" may end up with the same MD5 hash as "k3i23dkfi" now how's that for a mind screw huh?
    Open-Realty 2 Documentation

    ~The Difference Between an ORDEAL and an ADVENTURE is ATTITUDE~

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •