Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Oct 2012
    Location
    Birmingham
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    help with downloaded script possible database problem

    Hi,
    I was torn between which forum to post this question in but here goes.
    I have recently downloaded a php script from cobrascripts. It is called autohits
    I have tried contacting cobrascripts but as it is a free script they are not interested in helping. So I am hoping someone here will help me. I have done as they said,
    Installed script
    Installed database table
    and it works to some degree ie I have created a fake account and managed to login as a regular user.
    The problem is I can not access the admin area with the username and password they have given me.
    Is there away around this ?
    When I login to phpMyAdmin there is no user listed there called admin, so I created a user called "admin" and gave it the password "test" but it still did not work. I'm not sure if that is because I have created the user inaccurately or not. As my phpMyAdmin skills are not as good as I would like.
    Can anyone help me get this up and running ie point my nose in the right direction.
    I think If I could create an admin account directly in my user table database it might work.

    I worked on the assumption that if one can create a user account then I have installed the table correctly. So now you have it why cant I login to admin panel

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,338
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    It could be anything.

    I could have a look for you via teamviewer / vnc but it would cost as its unchartered territory.

    When you created a new password in your phpmyadmin did you use a hash or a plain text password?
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    New to the CF scene
    Join Date
    Oct 2012
    Location
    Birmingham
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I used a plain text password,

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,338
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Most scripts don't use plain text passwords - they use a hash. This is so that no admin, hacker or anyone else can ever find the users real password aud use it to abuse a users account elsewhere.

    When the password is sent to the script it will hash it (in other words convert it to a digital equivalent of a finger print). It will then compare this to the hash stored in the database. If they are the same then its a successful login. If not.. its a failed login.

    Now, if you've been putting in a plain text password into your database it will never match what the script is comparing it to.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    New to the CF scene
    Join Date
    Oct 2012
    Location
    Birmingham
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for getting back to me,
    OK it would seem when I was looking for the admin user account that was supposed to be setup with the script. I was looking in the table under user, when it was actually listed in the table under "pass"

    So the admin account is listed and there is a hash password there. Is it possible to convert the hash password in to a plain text one so I can see what it is? (because it is obviously not what I was told)
    Or do I need to somehow remove the hash password that is there and replace it.
    Regards Nige.

  • #6
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,338
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    No you cannot decrypt a hashed password. Re-read what I said above about them. The whole point is that others can't get your original password if they gain access to the database.

    You really need to consult the docs that came with your script. So far with the questions you've asked you're starting to look like a wannabe attacker so I would recommend that it you're genuine, you go back to the site you downloaded it from and check out the docs thoroughly.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •