I am using a wordpress site. I just want to know , How to get a plain text from encrypted password(stored in wordpress database). I used the $wp_hasher->CheckPassword($plain_password, $password_hashed) to check the password is correct or not. But this time i would like to know how to get plain text.
This is one of the proposed solutions found in the article Jacob mentioned, and it worked great as a manual way to change the password without having to use the email reset.
In the DB table wp_users, add a key, like abc123 to the
user_activation column.
Visit yoursite.com/wp-login.php?action=rp&key=abc123&login=yourusername
You will be prompted to enter a new password.
You will not be able to retrieve a plain text password from wordpress.
Wordpress use a 1 way encryption to store the passwords using a variation of md5. There is no way to reverse this.
See this article for more info http://wordpress.org/support/topic/how-is-the-user-password-encrypted-wp_hash_password
Related
I am making a simple crud operation in Spring and hibernate Project. when i click in edit my Url is edit/{id} and for update is update/{id}.The id is primary key,auto generated which was save in database like 1,2,3...
I want to know that id should be encoded or not in html page.Can anyone help me.
If you want to provide security
Encode the id use Base64.
Encoded id return to front
When click to edit the id will come to controller
Then you can easily decode it.
No need to encode the ID.
Its okay to keep it as it is.
If you are afraid of security then apply security on method or application level.
I got lots of not followed page on Google Webmaster. I check them and is because lots of url are like http://www.mysite.net/2013/06/burn-notice-7%C3%9702-sub-espanol-online.html
whe the correct url have to be http://www.mysite.net/2013/06/burn-notice-7x02-sub-espanol-online.html
Im try to post a title wit many "x" on it and the only that weird %C3%97 when I post for example a new serie episode like this title: Burn Notice 7x02 Sub Español Online. When the x is between number appear %C3%97 and that made my posts duplicate.
So I try to fix changed the database collation from latin1_swedish_ci to utf8_general_ci but is still the same happend. I check as well my wp-config.php and is define('DB_CHARSET', 'utf8');
Please, some body know any good solution to fix all this situation? The database is quite big and supouse if I find a solution I need update the old url.
Thank you on advance
The URL you say Google is using:
http://www.mysite.net/2013/06/burn-notice-7%C3%9702-sub-espanol-online.html
is almost the same as the URL:
http://www.mysite.net/2013/06/burn-notice-7x02-sub-espanol-online.html
as the percent encoded characters actually repreesent Unicode Character 'MULTIPLICATION SIGN' aka it's an '×' not an 'x'. Google is just using the percent encoded version to be safe. That means that your database is probably fine, as it is showing URLs as valid UTF8.
The problem probably lies in how you're interpreting the requested URL and trying to match it to the database. PHP should already be decoding the percent encoded value to '×', so either:
Something is breaking the string (e.g. calling a non-multibyte safe function like strtolower() instead of mb_strtolower()).
Your PHP code is connecting to the database in a character set other than UTF8, please check that your my.cnf file contains 'default-character-set=utf8' in the client section.
or there's some other issue. The URL does appear valid though.
I’ve a bit of annoying problem with a Drupal site. I’ve a “recommend to a friend” field where one can send an article link to an E-mail address. The problem is, that it uses the variable !name in the mail and when I’m receive a mail, it uses the name before the “#” in my mail.
I use my mail as username, so if I’ve registered a user with the username: johndoe#google.com it will present the !name variable as johndoe.
What I want is to display the first name (and maybe the last name) so it says: John Doe recommends this article …
But how can I do that? I’ve search like crazy for the setting.
Thanks
Sincere
- Mestika
To replace user names in quotes by reals names it's necessary to replace Phorum´s standard function for quoting. Since it only makes sense to have one module modifying the quoted text, you can disable this one part of this module. Use System Sanity Checks to control if there is only one module using the quote hook. The default value is "disabled".
TUV Rheinland of North America
You could also try the Custom Tokens module. I use it to get text from my user's Content Profile.
For a Web Application I'd like to generate an email validation link and send it to the user. Like on many public websites, the user should click it to validate his email address. Looks similar to this:
http://www.foo.bar/validation?code=421affe123j4h141k2l3bjkbf43134kjbfkl34bfk3b4fkjb43ffe
Can anybody help me with some hints about the proper generation of those validation tokens? Googling best practices turned out to be more difficult than I though it would be. The links should:
... not require the user to log in first.
... not reveal any login credentials to keep the application secure
... allow me as a developer to efficiently validate the token. I'm pretty sure I need a way to extract the user identifier out of the code to meet this criteria. Don't I?
Furthermore, would you go for a random code, which is saved somewhere, or a generated code which I can recalculate for validation?
Thanks for any replies!
Matthias
P.S. I'm working with ASP.NET 3.5, in case there's an out-of-the-box feature to perform this.
Some suggestions to get you started:
Use GUIDs
Use some sort of salted hash (MD5, SHA1, etc)
Use a random string of characters (the more characters the less likely you'll have collisions)
Store it in a database temporarily, and timestamp it so that it expires after a certain period of time
The simplest way to do it is generate a GUID, store that in the database tying it to their user account and then give them a time-frame within which to click a link with that GUID in.
That validates they are the correct person without making the URL calculable whilst making it resistant to dictionary style attacks.
I construct the hash in a way that can be re-created:
code = MD5( my_hash + user_email + register_timestamp )
Then send a link to http://example.com/validation/?code = 4kj34....
Validation does a lookup like:
SELECT id
FROM users
WHERE
MD5( CONCAT( my_hash, user_email, register_timestamp ) ) = code
AND activated = 0
If you get a single result, update their 'activated' field and sign them in. You can also do some math on their 'register_timestamp' field for a poor man's TTL
I would probably use a Guid. Just create a Guid (by calling Guid.NewGuid()), store it as the validation token for that user, and include it in the validation link.
I am using the node invite and token module.
I have followed this flash tutorial video: http://www.adevbox.com/files/2008-06-25_1703.swf
My problem is regarding the email format being sent.
In the ?q=admin/settings/node_invite
I have checked the blog entry checkbox. Now the node invite works but I can't format my body section value correctly.
For example:
I entered in the textarea
Hi <bold>
Then the result when I open the email message is still the same:
Hi <bold>
Same with if I use <b>bold here</b> then it will also be the format when I open the email message.
How can I format it correctly? Am I missing something simple? I am thinking of using htmlspecialchars but I don't where to put it.
Thanks in advance :)
Kind Regards,
Mark
My understanding of the Invite module is that there is no Input Filter for the template. This means that the only format that is accepted is plain text. This means that it will convert HTML into the escaped code you see.
You can validate this looking at the variables in the database. Your best bet it so path Invite (or ask for a features) to allow HTML as a valid format.