Was building the change password feature but ended up locking myself out.
Have hashed the password before saving:
$user->password = Hash::make($request['password']);
$user->save();
I've also tried copying the hashed password in db from a known account to replace the password under my account, and I still couldn't log in with that account's password.
How do I change the password field in db directly?
Also,
How does laravel does it's password check? I've tried printing the output below and they change on every page refresh.
{{ bcrypt('mypassword') }}
{{ Hash::make('mypassword') }}
{{ password_hash('mypassword', PASSWORD_BCRYPT) }}
If it changes every time, how would it be able to check the stored password?
Update
So I used tinker and realised that I was looking at the wrong db! My bad. But I still don't understand why the password hash changes everytime. I still couldn't authenticate after saving a new password.
Update 2
After some reading hashing will always return a different value [link].
Also realise I saved the wrong input value causing the password saved to be wrong.
Related
We may have been hacked as one of our links now goes to a dodgy site.
1. wp_users in our db: I checked our user_login, user_pass, user_email etc...
I use them to try and login to our wordpress account and it says one of them is incorrect would you like to reset password but we never receive anything in out inbox - not in junk mail, not anywhere etc...
As I say, in our db everything is correct.
How am I supposed to reagin my password?
You can change the password directly in phpmyadmin but you will need to convert it to a md5 hash string first. Just google md5 hash generator and write a password to convert, then you can paste the converted string into the password field for the desired user in the database.
Then when you are logged in, change password in wp-admin to make sure everything works as it should.
I'm using the FOSUserBundle on a Symfony project, and I would like to know if, when a user changes his password, I can have access to his former password. The one he's supposed to enter in the "current password" field.
I have a system of encryption on my project, and it's partially based on the user's password, that's why I need it, to update the user's encryption settings.
I created a listener when the user changes his password but I don't know how to get his former password. Or current password, whatever.
Thank you for your help !
Short answer: NO. If user won't give you his current password by typing it in form it's impossible to guess his password.
Only option to have access to current user's password is when password is stored in database in plain text which is rather not the case.
The way passwords are stored in db usually is by using hashing function which are designed to be impossible to invert - you are able to hash your password but you can't unhash it.
In theory you could try to use Rainbow tables but it's not something you could use in regular way on every passwprd change because it's very CPU heavy.
encrypt the new password.
compare the hash of the new password and the hash password in the database.
I forgot my wordpress admin password but i am able to get into my DB and have the hashed password and also i have salt key from my wp-config.php file.
Does anyone know how can i get my password back from above details.
I tried doing forgot password thing but i never got email to reset password.
Open localhost/phpmyadmin
Open the database then table wp_users
Edit the corresponding row of user
Copy and keep the old password (for backup)
Edit field `user_pass' and type value
Change Type to MD5 and then update the row.
You can reset your password using database password field.
goto your database users table.
find password field. It can be seen as hash.
Generate new hash using this generator, http://www.danstools.com/md5-hash-generator/
replace new hash.
Input a new password and generate its hash.
Then update password column in the user table through MySQL database with the new generated hash.
After that you can log in to the backend using the new password.
On a blog of mine, a user asked me if I could tell him his password from that account, which happens to be the same password he used on multiple accounts, on an email which was deactived - the point is he needs that specific password.
Since the only option in the Wordpress Dashboard is to change the password, I had to look in phpmyadmin, under wp_users table at his password. The things is, the password is encrypted unde wordpress's unique encoding hash, phpass I believe, since it starts with $P$B. If it was 2008 again and wordpress would've used MD5 to enconde password in sql tables, it would have been easier.
From my knowledge I know that phpass pasword can't be decrypted, naturally, since it's a one-way encryption method. The only way would be to bruteforce it, which is out of the question.
And then, I thought about resending the user an e-mail containing the password. I searched the plugins page and found one named: 'Re-send Welcome e-mail' which still resets it eventualy.
I think that this method is plausable, because, if I change the password in the wp_users table with another one encoded in phpass, he can login with the new one, so Wordpress somehow verifies it by encoding or decoding it, or by enconding it and comparing the hash of the password entered with the one already present in the wp_users table, under that user's row.
Is there a plugin available or a turn-around to this situations? I overthinked the whole situation and now I'm out of solutions which are in my league of knowledge.
The whole idea of hashing is that you can't read the password. So no, you can't resend or retrieve the password from a hashed string besides trying bruteforce.
http://en.wikipedia.org/wiki/Cryptographic_hash_function
I modified register usercontrol with my custom fields. In this control it doesn't have password field. I am generating password randomly with Membership.GeneratePassowrd() method. I am sending email to the user after registering using Membership.Getuser(username).GetPassword() method.Every thing is fine when i kept the PassowrdFormat=Clear in web.config file. Now i want to change to passwordFormat=Hashed. But if i use the passwordFormat as Hased then it is unable to retrieve the password. Bottom line is i want to send the password to the user which is hashed one. What is the workaround for this one. I am searching in google, but no suitable answers were found. It would be great full if any one give your helping hand.
I followed these link1, link2 but didn't give any solution.
As far as I am aware it's not possible to derive the plain text password from the hashed password stored in the database. If you need to send the plain text password via e-mail then you will need to keep track of it separately.
Depending on how your code is written it could just be as straightforward as saving the result of Membership.GeneratePassword() to a string variable and ensuring you send that in the e-mail and not any password values retrieved from the database.