I have just downloaded subtext 2.5 source code and manage to run it on Visual Studio dev server. The problem is that whenever I try to navigate to admin/.. it redirects me to login page and it's not accepting default login credentials that are, I suppose, haacked and password respectively. But I was unable to login to the site.
Subtext_Host table of db contains following entry:
userid= Haacked, password= sIHb6F4ew//D1OfQInQAzQ== salt=KrPog8xD4kKBwW35zBxxCA== email=haacked#gmail.com datecreatedutc = 2011-06-11 21:37:29.533
I also tried resetting the password as described here (scroll to bottom) but to no avail.
The password you have reset is the Hostadmin password, accessible via http://<yoururl>/hostadmin/default.aspx by logging in there you should be able to reset the password for the particular blog you are interested in.
Related
I got to work on project using Wordpress Bitnami stack. Original developer does not remember password for root user for MySQL database. I tried to follow the steps on Bitnami website.
https://docs.bitnami.com/installer/apps/wordpress/administration/change-reset-password/
It seems like everything went throught but I am still not able to access the database using root user.
This is whats inside my mysql-init.txt
ALTER USER 'root'#'localhost' IDENTIFIED BY 'mypass';
Server's response is that this file have been executed but nothing.
I tried to change mysql-init.txt to following
ALTER USER 'root'#'localhost' IDENTIFIED BY 'mypass';
CREATE USER 'admin'#'localhost' IDENTIFIED BY 'mypass';
FLUSH PRIVILEGES;
After this went throught I am able to access the database using Admin user but my root password does not work. That means file have been executed correctly it just does not update my root password for some reason.
Stack is on Win 10
DB:Distrib 5.7.24, for Win32 on AMD64
Command to run DB with init file:
C:\Bitnami\wordpress-4.9.8-2\mysql\bin\mysqld.exe --defaults-file="C:\Bitnami\wordpress-4.9.8-2\mysql\my.ini" --init-file="C:\Bitnami\wordpress-4.9.8-2\mysql\mysql-init.txt" --console
The problem was in the mysql-init.txt file. Somehow I got a new line at the end of the password.
Very strange issue but hey Its solved.
ALTER USER 'root'#'localhost' IDENTIFIED BY 'mypass[Here was a new line]';
FLUSH PRIVILEGES;
I'm trying to setup my Google Identity Toolkit so users can reset their passwords. I'm following the documentation here: https://developers.google.com/identity/toolkit/web/required-endpoints#send_email_url
I'm using the PHP Gitkit Client outlined here: https://github.com/google/identity-toolkit-php-client/blob/master/src/GitkitClient.php
Specifically the function getOobResults() on line 307 seems to be unhappy for some reason. Here's where I'm at:
User sets up account and logs in successfully
User then logs out and starts to log back in, enters email in and clicks "Forgot password"
reCaptcha is shown, click check box and then hit continue
At this point my 'Send Email URL' endpoint (gitkitEmail.php) is successfully called and the following POST is set to it (dropping the full '&response' param since it goes on for a while):
action=resetPassword&email=xodfebefa%40nada.ltd&challenge&response=03ACgFB9tGlNt2KAGhrVY....
I then take that string and parse it using parse_str(); since getOobResults() is looking for an array. However, response I get back is always:
{
"response_body": {
"error": "CAPTCHA_CHECK_FAILED"
}
}
I searched around but can't find any details on this error. Any help would be appreciated. I don't have a reCaptcha setup anywhere on my site, unsure if this is expecting me to do that and that's why it's failing? Also, I did bump all my code to a production environment and got the same error there as I did on my localhost.
I inherited a web application that has uses individual SQL account for authentication. I need to update the login procedure to use a different type of hash.
Pseudo code
if (login(newhash(password)) == 0) // login using new hash function doesn't work
{
if (login(oldhash(password)) == 1) // login with old hash works
{
SqlConnection.ChangePassword(connstr);
login(newhash(password));
}
}
The problem is the second login(newhash(password) would not immediately work. If I put a System.Threading.Thread.Sleep(5000) in between the ChangePassword and the login then it would work. SqlConnection is closed properly when doing the login()
I also tried using sp_password instead, but it still won't authenticate immediately with the new password. Is there any way to eliminate this "password change lag"?
EDIT:
I added SqlConnection.ClearPool(conn) and the problem persist. SQL Profiler showed the following:
Audit Login Failed
Audit Login
SQL:BatchStarting
SQLBatchCompleted
Audit Login Change Password Event
Audit Login
Audit Login Failed
So everything is expected from 1-6, however I don't know where does #7 come from.
I believe it's a connection in the connection pool that is getting in your way, How Can I Prevent Recurring Automatic Connections to Oracle Database? . Try clearing the pool before trying to reauthenticate, https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.clearpool(v=vs.110).aspx .
I have only recently been looking into ACS, AAL, WAAD and I would like to avoid redirecting users to the login page of their IDP. I want to keep my users within my site and present them with a dropdown to choose who they wish to authenticate with and an area to request a username and password, then acquire token via code. Is this possible?
I have been reviewing some sample applications and produce a quick mock-up, but cant seem to get things working e.g.
_authContext = new AuthenticationContext("https://littledeadbunny.accesscontrol.windows.net");
string enteredEmailDomain = UserNameTextbox.Text.Substring(UserNameTextbox.Text.IndexOf('#') + 1);
IList<IdentityProviderDescriptor> idpdList = _authContext.GetProviders("http://littledeadbunny.com/NonInteractive");
foreach (IdentityProviderDescriptor idpd in idpdList)
{
if (String.Compare(ServiceRealmDropDownList.SelectedValue, idpd.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
Credential credential;
credential = new UsernamePasswordCredential(enteredEmailDomain, UserNameTextbox.Text, PasswordTextbox.Text);
_assertionCredential = _authContext.AcquireToken("http://littledeadbunny.com/NonInteractive", idpd, credential);
return;
}
}
Using the code above, when I try to use the Windows Azure Active Directory User (admin), i get the error "Data at the root level is invalid. Line 1, position 1." where I attempt to acquiretoken.
When I use Google, I get an error "0x8010000C: No identity provider matches the requested protocol".
If there is a working sample? if I am doing something obviously wrong, I would appreciate the correction.
This is not supported for passive identity providers. IdPs like Google, Facebook, etc. don't want other people collecting credentials for them, as this leads to security issues and possible phishing attacks. They also don't support it because they need to be able to show a permission dialog (that screen that asks the user if they want to release data to you) which they can't do without the browser redirecting to them. Furthermore, Google in particular supports two-factor auth, which you couldn't replicate, and generally collecting credentials opens up whole cans of worms around other UI problems such as incorrect or forgotten passwords.
This is also generally a bad user experience, because your users are fairly likely to already be logged in to Google and have cookies there. If so, and if they've already consented to your app, they would just be silently redirected back to you. In your scenario, even if the user is already logged in they'd still have to provide a username/password.
The correct way to do these sorts of logins is to render a browser control in your app that allows the user to log in at their IdP, which is what AAL helps with.
I had the same error, executing a powerscript solved that error
PS C:\windows\system32> $replyUrl = New-MsolServicePrincipalAddresses
-Address https://mydomain.accesscontrol.windows.net/
PS C:\windows\system32> New-MsolServicePrincipal -ServicePrincipalNames
#("https://mydomain.accesscontrol.windows.net/") -DisplayName
"MyDomain Namespace" -Addresses $replyUrl
But i'm stuck anyway with a 403 permission error
If you get any further i would like to know how :)
I can't figure out how to change the webdav password. I've done some searching, found many resources of how to add a new user to webdav, but nothing about changing password. Anyone know?
Passwords are stored in webdav.htpasswd file.
If you open it, you will see an entry like this
wampp:XAMPP with WebDAV:bc7f2b670e7e965e307feb30492e642e
That's the entry for user wampp: in realm XAMPP with WebDAV: with password which is encrypted.
To change password, you should use htdigest.exe.
See manual. It is used to create and update user authentication files. You should find in the bin directory of xampp installation.
To do that, do :
htdigest.exe "pathto/webdav.htpasswd" "XAMPP with WebDAV" yourusername
This will be returned:
Adding user yourusername in realm "XAMPP with WebDAV"
You will then be asked for the password for yourusername
New password: yourpassword
Re-type new password: yourpassword
Reference: http://www.apachefriends.org/f/viewtopic.php?f=16&t=38897
Replace the content of the file C:\Program Files\xampp\security\htpasswd.webdav with your username, a colon and the password. Note: Everyone who can see this file can see the password!
Assuming you're talking about doing a password change at the server from a client, I don't believe WebDAV supports such a transaction.
You'd use something like a shell logon or a Web-based admin page to do this.
This always struck me as odd for a lot of network services, for example FTP or email. It seems to be common though.