I noticed with my previous instalation of Coppermine ( I think it was 1.3.x something ) that I could log into myPHPAdmin and fish out user passwords directly. This was most useful for me since me and my family were a rather forgetful bunch.
Now that I'm on a new host, with 1.4.2, when I got into myPHPAdmin, all the passwords are in MD5 hash, and bruteforce reversal takes about 15 days.
Does anyone know how to turn off MD5 hashing, so that passwords are stored and able to be viewed in standard text?
Sorry, and thankyou all in advance,
Saril
"enable_encrypted_passwords" in coppermine's config table (only editable using phpMyAdmin) - set to "0". However, this will reset all your passwords, you have to reset them. Disabling password encryption is not recommended though. Instead: teach your users to use the "forgot password" link on the login screen to request a new password. Although the admin rules, it's better that he can't see user's passwords, as people tend to re-use passwords for different systems - if the admin can see user's passwords, he may be able to get access to other systems he's not suppossed to have. That's the main reason why we chose to introduce password encryption for cpg1.4.x in the first place.