Password

Cityrock

How do I retrieve my clients password on a php site. I am unable to connect the programmer that created the website for me.

Would anyone know where would I be able to retrieve all passwords on the site?

thorpe

If they have been hashed using md5 (highly likely/common), they are irreversable / unrecoverable.

leatherback

but for sure.. The person building the site has included a retrieve / reset password module!?

Otherwise.. I have to agree with Cityrock.. Pretty likely you cannot retrieve them. You might be able though to build a temporary script quite easily, which would insert a new password into the password fields in your database, assuming you have acces to that.

I am assuming that you want to reset all passwords, or something; Just perform an "update TABLE set password = $pass" where user = username; However, make sure that you remove the script from the server after sorting out your current problem, and build / have someone build a useradmin interface

Cityrock

I have asset to the admin site of the website but I do not see any function of that nature to reset passwords...

Pieman86

Are the passwords being stored in a database? Do you have access to that? Do you know what format the passwords are stored in?

Like someone suggested, if they are being stored in a database in a hashed format, you can set a new one, but you probably can't retrieve the old one (not that you'd want to if it wasn't memorable enough).

Cityrock

I do not know what format the passwords are in and I don't know what is a hashed format?

Pieman86

Hashing basically means taking a password and distorting it in a certain way so that it's very hard to guess what the original password was.

For example, the MD5 hash of the password "PASSWORD" is "319f4d26e3c536b5dd871bb2c52e3178".

Often, passwords are stored in this "hashed" format. When a user tries to log in, whatever password they typed in is hashed in the same way and compared with the hashed version of the password stored in the database, and they're allowed in if the two hashes match.

The reason for doing this is if someone manages to see your database, they can only steal the hashes, not the original passwords, which is less useful to them because they can't actually use them to log in.

Anyway, all that aside, if you don't know where/how the passwords are stored, you need to find out from someone who does...there's not much we can do otherwise.

leatherback

Cityrock: Sounds to me like you have not much (none?) PhP programming experience. These home-built websites often consist of so many seperate files, which all interlink, that without a reasonable amount of knowledge, it is hard to find out what is happening with the scripts (An sometimes even for experienced home-programmers.

IF you can find a file with a name like login.php / login.inc / authentication.phph.inc, you could try to find in that the words $pass/$user/$password/$username and see what happens with them, and post that section of 10-20 lines here. Maybemaybemaybe we can then help you.

Also.. If you have a PhPMyAdmin section, you could look for a table called users, although I doubt that will be open for you to acces.
It pays to get a local consultant to have a quick look. In an 30 min to an hour he/she should be able to tell you what is needed. (You can of course flip it back here, and see whether that is a realistic price / time / job estimation.