On Sep 5, 2006, at 4:14 PM, Robert Cummings wrote:
On Tue, 2006-09-05 at 15:27 -0700, Kevin Murphy wrote:
I've inherited this website and there is an application that is
running on it that has a bunch of passwords stored in a mysql table.
The problem is, the previous webmaster didn't leave me any
instructions on how they encrypted those passwords. I don't need to
figure out what the old passwords were, I just need to be able to
generate my own (until such time as I can rebuild this portion of the
website).
The passwords are called in the application by:
$_SERVER['PHP_AUTH_PW']
The passwords appear to be 16 character strings that predominately
have numbers in them (rather than letters) and don't appear to have
any punctuation (although it could be just the few I am looking at
that don't).
Is there any way to tell how these passwords were encrypted?
Yes, find the spot in the code responsible for creating new
accounts or
updating account passwords. Right there is where you'll find the
information. Unless of course he used some kind of command line
tool to
manually add accounts --- which I doubt.
Unfortunately, thats precisely what it appears that they did. There
is no code anywhere I can find for updating/adding accounts. As far
as I can tell the only place that the accounts exist or can be edited
is directly into the mysql database, with the password all ready
encrypted.
Of course, I could be missing something. I'll keep looking.....
Cheers,
Rob.
--
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting |
| a powerful, scalable system for accessing system services |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
