Web Wiz Forums - Passwords

Print Page | Close Window

Passwords

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=4541
Printed Date: 02 April 2026 at 9:53am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Passwords

Posted By: garagetitan
Subject: Passwords
Date Posted: 26 July 2003 at 4:33am

Hey guys,

Is there any way to recover a password? I have forgotten my admin password, so i'm up the creek.

What can I do?

Replies:

Posted By: Bunce
Date Posted: 26 July 2003 at 4:34am

what version?

Assuming you have file access to the database???

-------------
There have been many, many posts made throughout the world...
This was one of them.

Posted By: b_bonnett
Date Posted: 26 July 2003 at 4:42am

If you've got the email functions turned on, then there is a link to reset your password on the Login page.

If you haven't, then I hope you've got some way to edit the database as follows:

Back up the database.
Register as a new user.
Open the database, go into tblAuthor, and copy the 'User_code', 'Password' and 'Salt' values from the account you just registered to the Admin account.
Log in to the Admin account using the password for the new account you created. Then change your password to something you'll remember and delete the new user you created.

Hope this helps,
Blair

-------------
Webmaster, http://www.planegallery.net/ - The Plane Gallery
Greetings From Christchurch

Posted By: garagetitan
Date Posted: 26 July 2003 at 8:01am

Hey guys Thanks heaps for your response.

Bruce - its version 7.01

Blar - I'll give that a go mate cheers.

I'm also worried, is there anyway to decode the encryption system on the databases? If so how? Maybe someone got a hold of my database file??

Cheers,

James

Posted By: WebWiz-Bruce
Date Posted: 26 July 2003 at 8:32am

Encryption is one way 160bit with added salt value so decryption is almost impossible, the only way would be to guess what the password is.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: garagetitan
Date Posted: 26 July 2003 at 9:31am

Ahh that makes me feel better

Posted By: pmormr
Date Posted: 26 July 2003 at 10:53am

i developed a tool to encode a new password so it will work with for forum decoders....

-------------
Paul A Morgan

http://www.pmorganphoto.com/" rel="nofollow - http://www.pmorganphoto.com/

Posted By: pmormr
Date Posted: 26 July 2003 at 10:59am

very simply, go into the database and find the administration ID (Its contained in the table "tblAuthor"). Find and copy the field named 'salt'. Copy it into the bottom of the script where it sayes "yoursalthere". Then replace the line that sayes "yourpasswordhere" with the password you want. Execute the script and it will print out a combo of numbers and letters. Copy that BACK into the "password" field of your database. Bam! your password's changed. (Mind you that this code will no longer work in newer versions, Bruce will soon change the forum so nobody can change the password like this...) This only encodes not decodes your password.

<%
Function getSalt(intLen)
' Function takes a given length x and generates a random hex value of x digits.
' Salt can be used to help protect passwords. When a password is first stored in a
' database generate a salt value also. Concatenate the salt value with the password,
' and then encrypt it using the HashEncode function below. Store both the salt value,
' and the encrypted value in the database. When a password needs to be verified, take
' the password concatenate the salt from the database. Encode it using the HashEncode
' function below. If the result matches the the encrypted password stored in the
' database, then it is a match. If not then the password is invalid.
'
'
' Note: Passwords become case sensitive when using this encryption.
' For more information on Password HASH Encoding, and SALT visit: http://local.15seconds.com/issue/000217.htm - http://local.15seconds.com/issue/000217.htm
'
' Call this function if you wish to generate a random hex value of any given length
'
' Written By: Mark G. Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact

Dim strSalt
Dim intIndex, intRand

If Not IsNumeric(intLen) Then
  getSalt = "00000000"
  exit function
ElseIf CInt(intLen) <> CDbl(intLen) Or CInt(intLen) < 1 Then
  getSalt = "00000000"
  exit function
End If

Randomize

For intIndex = 1 to CInt(intLen)
intRand = CInt(Rnd * 1000) Mod 16
strSalt = strSalt & getDecHex(intRand)
Next

getSalt = strSalt

End Function

Function HashEncode(strSecret)
' Function takes an ASCII string less than 2^61 characters long and
' one way hash encrypts it using 160 bit encryption into a 40 digit hex value.
' The encoded hex value cannot be decoded to the original string value.
'
' This is the only function that you need to call for encryption.
'
' Written By: Mark G. Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact
'
' The author makes no warranties as to the validity, and/or authenticity of this code.
' You may use any code found herein at your own risk.
' This code was written to follow as closely as possible the standards found in
' Federal Information Processing Standards Publication (FIPS PUB 180-1)
' http://csrc.nist.gov/fips/fip180-1.txt - http://csrc.nist.gov/fips/fip180-1.txt -- Secure Hash Standard SHA-1
'
' This code is for private use only, and the security and/or encryption of the resulting
' hexadecimal value is not warrented or gaurenteed in any way.
'
    Dim strEncode, strH(4)
    Dim intPos


    If len(strSecret) = 0 or len(strSecret) >= 2^61 then
  HashEncode = "0000000000000000000000000000000000000000"
  exit function
    end if


    'Initial Hex words are used for encoding Digest.
    'These can be any valid 8-digit hex value (0 to F)
    strH(0) = "FB0C14C2"
    strH(1) = "9F00AB2E"
    strH(2) = "991FFA67"
    strH(3) = "76FA2C3F"
    strH(4) = "ADE426FA"

    For intPos = 1 to len(strSecret) step 56

  strEncode = Mid(strSecret, intPos, 56) 'get 56 character chunks
  strEncode = WordToBinary(strEncode) 'convert to binary
  strEncode = PadBinary(strEncode) 'make it 512 bites
  strEncode = BlockToHex(strEncode) 'convert to hex value

  'Encode the hex value using the previous runs digest
  'If it is the first run then use the initial values above
  strEncode = DigestHex(strEncode, strH(0), strH(1), strH(2), strH(3), strH(4))

  'Combine the old digest with the new digest
  strH(0) = HexAdd(left(strEncode, 8), strH(0))
  strH(1) = HexAdd(mid(strEncode, 9, 8), strH(1))
  strH(2) = HexAdd(mid(strEncode, 17, 8), strH(2))
  strH(3) = HexAdd(mid(strEncode, 25, 8), strH(3))
  strH(4) = HexAdd(right(strEncode, 8), strH(4))

    Next

    'This is the final Hex Digest
    HashEncode = strH(0) & strH(1) & strH(2) & strH(3) & strH(4)

End Function

Function HexToBinary(btHex)

' Function Converts a single hex value into it's binary equivalent
'
' Written By: Mark Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact
'

    Select Case btHex
    Case "0"
        HexToBinary = "0000"
    Case "1"
        HexToBinary = "0001"
    Case "2"
        HexToBinary = "0010"
    Case "3"
        HexToBinary = "0011"
    Case "4"
        HexToBinary = "0100"
    Case "5"
        HexToBinary = "0101"
    Case "6"
        HexToBinary = "0110"
    Case "7"
        HexToBinary = "0111"
    Case "8"
        HexToBinary = "1000"
    Case "9"
        HexToBinary = "1001"
    Case "A"
        HexToBinary = "1010"
    Case "B"
        HexToBinary = "1011"
    Case "C"
        HexToBinary = "1100"
    Case "D"
        HexToBinary = "1101"
    Case "E"
        HexToBinary = "1110"
    Case "F"
        HexToBinary = "1111"
    Case Else
        HexToBinary = "2222"
    End Select
End Function

Function BinaryToHex(strBinary)

' Function Converts a 4 bit binary value into it's hex equivalent
'
' Written By: Mark Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact
'

-------------
Paul A Morgan

http://www.pmorganphoto.com/" rel="nofollow - http://www.pmorganphoto.com/

Posted By: pmormr
Date Posted: 26 July 2003 at 10:59am

sorry if the code's a bit long...

-------------
Paul A Morgan

http://www.pmorganphoto.com/" rel="nofollow - http://www.pmorganphoto.com/

Posted By: pmormr
Date Posted: 26 July 2003 at 11:04am

does the email thingy just reset your password or tell you the password. If it told you the password, then there is a decoding function contained in the forum...

-------------
Paul A Morgan

http://www.pmorganphoto.com/" rel="nofollow - http://www.pmorganphoto.com/

Posted By: WebWiz-Bruce
Date Posted: 26 July 2003 at 11:38am

The forgotten password feature creates a new password for you which is then emailed to the email address that the user gave when they registered.

There is no way of retrieving lost passwords.

Posted By: Bliss
Date Posted: 26 July 2003 at 8:32pm

Well, the the new password works, so I don't see what the problem would be.

Posted By: b_bonnett
Date Posted: 27 July 2003 at 1:41am

Bliss wrote:

Well, the the new password works, so I don't see what the problem would be.

It only works if the email functions are turned on, otherwise it can't send the new password. So if they aren't, you have to find some other way...

Blair

-------------
Webmaster, http://www.planegallery.net/ - The Plane Gallery
Greetings From Christchurch