I need to phpMyAdmin myself back into cp144 as an Admin I need to phpMyAdmin myself back into cp144 as an Admin
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

I need to phpMyAdmin myself back into cp144 as an Admin

Started by Raphaela, March 18, 2006, 11:29:03 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Raphaela

Yes. I'm an idiot. i get that. Now,

i want to phpMyAdmin into my database (done)
and create a new user with ADMIN access (done)
and then be able to use it to get to the admin.php page. (not done)
If I am in TABLE _users
And i have :

user_id  1
user_group  1
User_active  yes
user_name  xxx
user_password  yyy
user_lastvisit  0000-00-00 00:00
user_regdate  2006-03-17 00:00
user_group_list  Administrators
user_email  my@emai.com

and user_group 1 in table _usergroups is Administrators


yet, it is still unable to log me in under xxx  (you know that xxx : yyy is placeholder and not the actual id and password, right?)

I really don't want to have to install.php all over again. :/

thanks, Raph

Nibbler


Raphaela

*** Couldn't log in. Try again ***

After three tries, I get banned.

So I've figured out how to unban via the _banned table.

Nibbler

Make sure to set your password as the md5() of your password. You can do this with phpmyadmin using the box beside the text box you put the password in, you should then get a 32 character string in the db instead of your actual password.

Raphaela

Bingo. Perfect. All happy.

Now, only if you have the time/inclination to do so, tell me what md5() does and why is it neccessary/important?

Raphaela

Joachim Müller

it's a one-way encryption algorythm. As a result, it's not the actual password that get's stored, but a resulting md5-encrypted hash that is being compared to the has of the password you enter when you log in. It's a safety precaution: even if someones manages to get your md5-encrypted hash string, he won't be able to see your actual password.
Details: http://en.wikipedia.org/wiki/MD5 and many other pages.