On Tue, 2006-09-05 at 15:27 -0700, Kevin Murphy wrote: > I've inherited this website and there is an application that is > running on it that has a bunch of passwords stored in a mysql table. > The problem is, the previous webmaster didn't leave me any > instructions on how they encrypted those passwords. I don't need to > figure out what the old passwords were, I just need to be able to > generate my own (until such time as I can rebuild this portion of the > website). > > The passwords are called in the application by: > > $_SERVER['PHP_AUTH_PW'] > > The passwords appear to be 16 character strings that predominately > have numbers in them (rather than letters) and don't appear to have > any punctuation (although it could be just the few I am looking at > that don't). > > Is there any way to tell how these passwords were encrypted? Yes, find the spot in the code responsible for creating new accounts or updating account passwords. Right there is where you'll find the information. Unless of course he used some kind of command line tool to manually add accounts --- which I doubt. Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
