zenphoto forums » General Zenphoto Discussion

admin user password change

(3 posts)

Tags:

  1. EoinDubh

    Member
    Joined: Jan '11
    Posts: 20

    One of my ZenPhoto sites was hacked a few weeks ago. I have cleaned the site and updated to 1.4.1.5. The site is working OK except for 1 issue: I cannot login as the administrator. I can log in as another user with much lower rights.

    I maintain a spreadsheet of the passwords and MD5 hashes for this site so I went in and checked the database and the hash looks OK. I tried changing it to another hash that I have the password for and still cannot login. I created a new user with the same rights as the admin account and created a new password, generated the hash for it and inserted it for that user. I still cannot login as an admin.

    In the database, the rights are listed as 1955052533. Is this correct or did something get changed in the hack to block admin access?

    Posted 1 year ago #

  2. Zenphoto development team
    acrylian

    Developer
    Joined: Jul '07
    Posts: 13,357

    I will leave the topic to my collegue sbillard. But you should really upgrade to 1.4.1.6...

    Don't forget to read the Forum rules and usage resources
    Posted 1 year ago #

  3. Zenphoto development team
    sbillard

    Chief Developer
    Joined: May '07
    Posts: 9,768

    In my database, the full admin rights are: 1961343989. Without actually decipyphering the numbers I cannot say if yours are wrong, though. All that really matters is one bit that is the ADMIN_RIGHTS value.

    I am not sure changing hashes is of any use. Unless it was an old hash for the same user with different password there is no way it would work.

    One thing you can try is to remove the admin from the database. This will promote one of the lessor rights users to full admin. So if this is the one you can log in as, you can then re-create the full admin user.

    I really do not know what could have gone wrong that some users work and others do not. The algorythm for hashing would be the same in all cases.

    Don't forget to read the Forum rules and usage resources
    Posted 1 year ago #

RSS feed for this topic

Reply

You must log in to post.