0

I'm working on a project, continuing a work of somebody else I need to have user name and PW for the update I want to make I can access database it is a MYSQL database. I can see user names but I can't know the PW of any user to do my tests.

I tried to make a new user using the insert tab in php my admin but the query generated was like this

INSERT INTO `user`
            (`id`, `username`, `auth_key`, `password_hash`, 
            `password_reset_token`, `email`, `status`, `created_at`, 
            `updated_at`, `central_branch`) 
VALUES ([value-1], [value-2], [value-3], [value-4], [value-5],
        [value-6],[value-7],[value-8],[value-9],[value-10])

where auth_key, password_hash generated from the pw in the view can any body help me either create user or know pw of any user

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
user3703199
  • 33
  • 1
  • 8

1 Answers1

0

In general, hashes are not reversible. So if the value of password_hash in your table is storing a hash, you can't get the original plaintext password back from that hash. You can replace it with a new hash string for a password you know, but you can't reverse the existing hash to get the password that was used to generate that hash.

If you can't ask the original developer, and that developer didn't leave any notes about the password for you, then you can only replace it with a new password hash.

If you can't do that because you don't have privilege to update the table, then you need to use the instructions for starting the MySQL Server without privilege enforcement, so you can make users and grant privileges for yourself to work on it. See https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html

Bill Karwin
  • 538,548
  • 86
  • 673
  • 828
  • I have the previllage to update but dontknow how to replace it with a new password hash can you help me? there is no way to contact the orginal developer – user3703199 Jun 15 '22 at 18:31
  • I cannot, because I don't know your application code. There are many ways to generate a hash, and I don't know which one is used in your code. You're going to have to read your code to find out. – Bill Karwin Jun 15 '22 at 18:39
  • We could make a guess at the hash function used based on the length of the hash strings (see my answer to https://stackoverflow.com/questions/247304/what-data-type-to-use-for-hashed-password-field-and-what-length/247627#247627). But we still wouldn't know whether the hash is actually hashed multiple times from the input, and how many times. – Bill Karwin Jun 15 '22 at 18:41
  • = $form->field($model, 'username')->textInput(['autofocus' => true]) ?> = $form->field($model, 'email') ?> = $form->field($model, 'auth_key')->hiddenInput(['readonly' => true])?> = $form->field($model, 'password_hash')->hiddenInput(['readonly' => true])?> – user3703199 Jun 15 '22 at 18:51
  • As far as I can tell, none of that describes the hashing function used to store your passwords. I'm not volunteering to tutor you on your whole app. – Bill Karwin Jun 15 '22 at 19:44