Can't get a new password! Can't get a new password!
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Can't get a new password!

Started by sussiny, August 23, 2006, 03:06:01 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

sussiny

Hello

I'm new to coppermine gallery. Just installed it on my site. I installed the latest version. Anyway...I forgot my password (I'm the administrator of the gallery) and when I click on the link "Forgot your password" I get a mail that contains a link wich I have to activate, after that a new mail is supposed to be sent with a new password..but that doesn't work.  :-\ No mail with a new password and I don't know how to get in to my gallery.  ???

Thanks in advance for your help

Regards
Sussi
Sweden

sussiny

I fixed a new password, but the mail still doesn't work. Only the first link wich you activate but the mail with the new password doesn't arrive to the mailbox. So I have to ask a friend who knows php programming. Maybe someone here on this forum knows what's wrong? Could it be some sort of a bug?

To fix a new password I did this!

First I made a backup of the gallery tables, then I deleted the gallery tables in the database. uploaded the install.php again (and deleted the install.lock file wich was made in the include folder after the first installation), then I installed the gallery again over the old installation and then I chose a new password.

Then I made a new backup of the new user table and copied the password, and pasted it into the old user table. Then I deleted the new gallery tables and uploaded the old tables to the database, but with a changed password in the user table.

So that's how I manage to get in to my gallery again.

Maybe this will be a help for someone sometime.

have a nice evening

Sussi
Sweden

Joachim Müller

Your workaround sounds a bit complicated. Why not just edit the database entry and enter a new md5-value for your password? Another option: register as new user, then use phpMyAdmin to make him admin by changing his usergroup to "1". There are various postings that explain how to come up with a md5 hash of a password.

sussiny

Hi GauGau

Thanks for your reply.
Well about making a new password.... I try to change the password in the database, But when you register to the gallery and make a password, the system change the password in the database into a long line of different numbers and letters. It's kind of a security, so the headadmin can never see the users passwords in the database. That's why I couldn't change it. I tried to, but I couldn't get in to the gallery. And that's why I couldn't make a new user, cause I couldn't create the password in the database.

But my question is still, why does'nt the system send the mail with the new password? Is it a bug? I installed the latest version of coppermine 1.4.8.

Sussi

Joachim Müller

#4
Quote from: sussiny on August 24, 2006, 07:09:23 AM
the system change the password in the database into a long line of different numbers and letters. It's kind of a security
Yes, only the md5 hash of the password is being stored in the database for security reasons, as I suggested above. That's why you're suppossed to write the md5 hash of your new password into that field. It's pretty easy to come up to do that - bmossavari has posted a nice little script that does this for you as far as I remember, you might want to search for his post. He even described a sample hash for temporary recovery. After all, coming up with a very, very simple PHP script to generate the hash is easy as well, or use one of the many desktop apps that will create md5 hashes for you.
If this is to complicated for you, you could have gone for option two and register a new user and make him admin after registration - this doesn't make it necessary to fiddle with md5-hashes at all.

Quote from: sussiny on August 24, 2006, 07:09:23 AMBut my question is still, why does'nt the system send the mail with the new password? Is it a bug?
I don't know - maybe the email got caught in your spam filters, or there's something fishy with your server's email setup. I don't think that it's a bug, as you're the first to report this behaviour, although cpg1.4.8 has been released quite some time ago. If it were an actual bug, others probably would have reported this issue before.
I'm not sure why you insist - you were able to restore admin controls, so this should teach you the lesson to memorize your admin account data and keep passwords in a safe place in the future in case you get locked out.

There are various other postings about lost passwords and md5 encryption, e.g. http://forum.coppermine-gallery.net/index.php?topic=29320.0

Sami

and here is a very simple MD5 creator:
you need to (unzip and) run it on a web server with php support
‍I don't answer to PM with support question
Please post your issue to related board

Nibbler

phpmyadmin will hash the password for you, just select md5 from the dropdown box when you edit the value.

sussiny

#7
Quote from: GauGau on August 24, 2006, 08:03:13 AM
I don't know - maybe the email got caught in your spam filters, or there's something fishy with your server's email setup. I don't think that it's a bug, as you're the first to report this behaviour, although cpg1.4.8 has been released quite some time ago. If it were an actual bug, others probably would have reported this issue before.
I'm not sure why you insist - you were able to restore admin controls, so this should teach you the lesson to memorize your admin account data and keep passwords in a safe place in the future in case you get locked out.

There are various other postings about lost passwords and md5 encryption, e.g. http://forum.coppermine-gallery.net/index.php?topic=29320.0

Thank you all for your replies and help. i will try the md5 hash next time.

Well the reason why I insist on this is that, if I want to add people into the gallery like my friends and family (I don't have public registration) and if any of them would loose their password, they can't get a new password by themselves.
I've never seen this problem before. I've had phpbb forums and there's never been a problem to get a new password. I also have a site where I've installed phpnuke and there's never been a problem with that either or the cms e107 wich I use on my personal site.

I tried the coppermine photo gallery plugin with e107 and it worked at the beginning. My site was all in Swedish at that time. Then I installed english language tables so foreign visitors was able to view my site in english , and after that I couldn't use the cpg plugin anymore, it didn't work. So that's why I installed cpg 1.4.8 in a subfolder.

If I could use the cpg plugin instead, the password problem would be easily solved, 'cause there's no problem to get a new password in the cms e107, but I can't understand why the password e-mail don't work in cpg. If it would be problem with the e-mail server set up, then it would be a problem with the cms system too (to get a new password),,,wouldn't it? And the mail goes to my gmail and I looked in the spamfolder, but nothing was there neither.

And as you said GauGau; no one has reported this issue before, so this seems to be the first time this problem comes up. ::)...
....or others are much better to remember their passwords than I am  ;D


Quote from: bmossavari on August 24, 2006, 08:31:01 AM
and here is a very simple MD5 creator:
you need to (unzip and) run it on a web server with php support

Shouldn't it be an url in your post, bmossavari? or am I missing something here? ???


Quote from: Nibbler on August 24, 2006, 07:02:57 PM
phpmyadmin will hash the password for you, just select md5 from the dropdown box when you edit the value.

Yes this is much easier than to reinstall and make backups and copy and paste... :) You see I tried to write a new password, but it didn't work because it wasnt't hashed and I didn't know how to do that, but now I know. Thank you Nibbler.

Quote from: GauGau on August 24, 2006, 05:00:02 AM
Your workaround sounds a bit complicated. Why not just edit the database entry and enter a new md5-value for your password? Another option: register as new user, then use phpMyAdmin to make him admin by changing his usergroup to "1". There are various postings that explain how to come up with a md5 hash of a password.

You see GauGau..I didn't understand what you was talking about here, but now I do ;D


Have a nice evening everyone and thanks again for all your help.

Sussi

Joachim Müller

Quote from: sussiny on August 24, 2006, 09:29:44 PM
Shouldn't it be an url in your post, bmossavari? or am I missing something here? ???
There's an attachment at the bottom of his posting!

sussiny

Sorry I didn't notice the file.

Thank you

Sussi