Topi, User passwords, pleaaase help

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Topi, User passwords, pleaaase help

tomas pelak
1. pleaaaase help me, i have to find out the user passwords, where are they?

2. i change localphp settings, but it takes no effect, why?

thnx for response
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

Rotem Liss
tomas pelak wrote:

> 1. pleaaaase help me, i have to find out the user passwords, where are they?
>
> 2. i change localphp settings, but it takes no effect, why?
>
> thnx for response
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
>  
   1. They are in a table in the database, but as far as I understand,
      they are encrypted.
   2. What setting did you change? Did you try to force-refresh (Ctrl+F5
      in IE, Shift+F5 in Mozilla)?


--
#define Name RotemLiss
#define Mail mailSTRUDELrotemlissDOTcom
#define Site www.rotemliss.com


_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

tomas pelak
thanx for answering but,

1. is there a possibility somehow get this passwords? even when they are
encrypted? to get some list of then?

2. i change settings in localsettings.php, i implement code lines:

$wgGroupPermissions['*']['move']            = true;
$wgGroupPermissions['*']['read']            = true;
$wgGroupPermissions['*']['edit']            = true;
$wgGroupPermissions['*']['createpage']      = true;
$wgGroupPermissions['*']['createtalk']      = true;
$wgGroupPermissions['*']['talk']            = true;
$wgGroupPermissions['*']['upload']          = true;
$wgGroupPermissions['*']['reupload']        = true;
$wgGroupPermissions['*']['reupload-shared'] = true;
$wgGroupPermissions['*']['minoredit']       = true;


cause i want that unregistred users could make all changes, and what is
important to upload files, i restarted apache, and refreshed but when i
click on upload file i get message: not logged in, what should i do??? pls
help


On 6/5/06, Rotem Liss <[hidden email]> wrote:

>
> tomas pelak wrote:
>
> > 1. pleaaaase help me, i have to find out the user passwords, where are
> they?
> >
> > 2. i change localphp settings, but it takes no effect, why?
> >
> > thnx for response
> > _______________________________________________
> > MediaWiki-l mailing list
> > [hidden email]
> > http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
> >
> >
>
>   1. They are in a table in the database, but as far as I understand,
>      they are encrypted.
>   2. What setting did you change? Did you try to force-refresh (Ctrl+F5
>      in IE, Shift+F5 in Mozilla)?
>
>
> --
> #define Name RotemLiss
> #define Mail mailSTRUDELrotemlissDOTcom
> #define Site www.rotemliss.com
>
>
>
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
>
>
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

Rotem Liss
tomas pelak wrote:

> thanx for answering but,
>  
> 1. is there a possibility somehow get this passwords? even when they
> are encrypted? to get some list of then?

No.

>  
> 2. i change settings in localsettings.php, i implement code lines:
>  
> $wgGroupPermissions['*']['move']            = true;
> $wgGroupPermissions['*']['read']            = true;
> $wgGroupPermissions['*']['edit']            = true;
> $wgGroupPermissions['*']['createpage']      = true;
> $wgGroupPermissions['*']['createtalk']      = true;
> $wgGroupPermissions['*']['talk']            = true;
> $wgGroupPermissions['*']['upload']          = true;
> $wgGroupPermissions['*']['reupload']        = true;
> $wgGroupPermissions['*']['reupload-shared'] = true;
> $wgGroupPermissions['*']['minoredit']       = true;
>  
>  
> cause i want that unregistred users could make all changes, and what
> is important to upload files, i restarted apache, and refreshed but
> when i click on upload file i get message: not logged in, what should
> i do??? pls help
As for uploading, it's indeed a bug should be fixed, that even if you
allow anonymous users to upload, they are blocked from doing that.
"minoredit" and "move" work, but not "upload".

By the way:

    * "talk" is not a permission and you shouldn't specify it.
    * You shouldn't specify the permissions that the anonymous users
      already have.

So you can make your list shorter:

$wgGroupPermissions['*']['move']            = true;
$wgGroupPermissions['*']['upload']          = true;
$wgGroupPermissions['*']['reupload']        = true;
$wgGroupPermissions['*']['reupload-shared'] = true;
$wgGroupPermissions['*']['minoredit']       = true;

It will cause the same result.

--
#define Name RotemLiss
#define Mail mailSTRUDELrotemlissDOTcom
#define Site www.rotemliss.com


_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

tomas pelak
thanx,
but what bug should be fixed for uploading, give me the steps please, what
should i do exactly?
thank you


On 6/5/06, Rotem Liss <[hidden email]> wrote:

>
> tomas pelak wrote:
>
> > thanx for answering but,
> >
> > 1. is there a possibility somehow get this passwords? even when they
> > are encrypted? to get some list of then?
>
> No.
>
> >
> > 2. i change settings in localsettings.php, i implement code lines:
> >
> > $wgGroupPermissions['*']['move']            = true;
> > $wgGroupPermissions['*']['read']            = true;
> > $wgGroupPermissions['*']['edit']            = true;
> > $wgGroupPermissions['*']['createpage']      = true;
> > $wgGroupPermissions['*']['createtalk']      = true;
> > $wgGroupPermissions['*']['talk']            = true;
> > $wgGroupPermissions['*']['upload']          = true;
> > $wgGroupPermissions['*']['reupload']        = true;
> > $wgGroupPermissions['*']['reupload-shared'] = true;
> > $wgGroupPermissions['*']['minoredit']       = true;
> >
> >
> > cause i want that unregistred users could make all changes, and what
> > is important to upload files, i restarted apache, and refreshed but
> > when i click on upload file i get message: not logged in, what should
> > i do??? pls help
>
> As for uploading, it's indeed a bug should be fixed, that even if you
> allow anonymous users to upload, they are blocked from doing that.
> "minoredit" and "move" work, but not "upload".
>
> By the way:
>
>    * "talk" is not a permission and you shouldn't specify it.
>    * You shouldn't specify the permissions that the anonymous users
>      already have.
>
> So you can make your list shorter:
>
> $wgGroupPermissions['*']['move']            = true;
> $wgGroupPermissions['*']['upload']          = true;
> $wgGroupPermissions['*']['reupload']        = true;
> $wgGroupPermissions['*']['reupload-shared'] = true;
> $wgGroupPermissions['*']['minoredit']       = true;
>
> It will cause the same result.
>
> --
> #define Name RotemLiss
> #define Mail mailSTRUDELrotemlissDOTcom
> #define Site www.rotemliss.com
>
>
>
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
>
>
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

Rob Desbois
In reply to this post by tomas pelak
Tomas:
>> 1. is there a possibility somehow get this passwords? even when they are
>> encrypted? to get some list of then?

You can obtain a list of the encrypted passwords from the database, however it is of no use to you.
The encryption employed is one way (i.e. cannot be decrypted.) so there is absolutely no way of recovering the passwords from their encrypted versions.
Sorry!

--Rob


On 6/5/06, Rotem Liss <[hidden email]> wrote:

>
> tomas pelak wrote:
>
> > 1. pleaaaase help me, i have to find out the user passwords, where are
> they?
> >
> > 2. i change localphp settings, but it takes no effect, why?
> >
> > thnx for response
> > _______________________________________________
> > MediaWiki-l mailing list
> > [hidden email]
> > http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
> >
> >
>
>   1. They are in a table in the database, but as far as I understand,
>      they are encrypted.
>   2. What setting did you change? Did you try to force-refresh (Ctrl+F5
>      in IE, Shift+F5 in Mozilla)?
>
>
> --
> #define Name RotemLiss
> #define Mail mailSTRUDELrotemlissDOTcom
> #define Site www.rotemliss.com
>
>
>
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
>
>
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

Rotem Liss
Rob Desbois wrote:

> You can obtain a list of the encrypted passwords from the database, however it is of no use to you.
> The encryption employed is one way (i.e. cannot be decrypted.) so there is absolutely no way of recovering the passwords from their encrypted versions.
> Sorry!
>
> --Rob
>  
However, if you want to reset a password, I **think** you can create MD5
key to the new password, then apply it in some field in the user table.
I'm not sure it will work, so be careful.

--
#define Name RotemLiss
#define Mail mailSTRUDELrotemlissDOTcom
#define Site www.rotemliss.com


_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

Ron Hall
Rotem Liss wrote:

>
> Rob Desbois wrote:
>
> > You can obtain a list of the encrypted passwords from the database,
> however it is of no use to you.
> > The encryption employed is one way (i.e. cannot be decrypted.) so
> there is absolutely no way of recovering the passwords from their
> encrypted versions.
> > Sorry!
> >
> > --Rob
> >  
> However, if you want to reset a password, I **think** you can create MD5
> key to the new password, then apply it in some field in the user table.
> I'm not sure it will work, so be careful.
>
    I have nefarious things like this in the past with outher systems -
notably LDAP
    where I chose a password encrypt it and then cut and paste the new
MD5 (or crypt) string where
    it is supposed to be and viola!(sic) It works.

    YMMV

    r

PS
    and yes be careful. You should probably take the opportunity to
install phpMyAdmin.

    r

_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

Rob Desbois
In reply to this post by Rotem Liss
>> However, if you want to reset a password, I **think** you can create MD5
>> key to the new password, then apply it in some field in the user table.
>> I'm not sure it will work, so be careful.

I've just been trawling through the source and come up with the following:
In LocalSettings.php you need to add the line:
   $wgPasswordSalt = false;

Then run the following on the database:
   UPDATE user SET user_password=MD5('the_new_password') WHERE user_name='the_user';
You should then be able to log in via the username and new password.
Don't forget to remove the added line from LocalSettings.php once done with.

Hope that helps,
--Rob


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

tomas pelak
well ok, but where should i write it this command update..... and so on, how
should i run it on the database?

On 6/5/06, Rob Desbois <[hidden email]> wrote:

>
> >> However, if you want to reset a password, I **think** you can create
> MD5
> >> key to the new password, then apply it in some field in the user table.
> >> I'm not sure it will work, so be careful.
>
> I've just been trawling through the source and come up with the following:
> In LocalSettings.php you need to add the line:
>   $wgPasswordSalt = false;
>
> Then run the following on the database:
>   UPDATE user SET user_password=MD5('the_new_password') WHERE
> user_name='the_user';
> You should then be able to log in via the username and new password.
> Don't forget to remove the added line from LocalSettings.php once done
> with.
>
> Hope that helps,
> --Rob
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

Rob Desbois
>> well ok, but where should i write it this command update..... and so on, how should i run it on the database?

I'm assuming here that you are running the wiki on your own server, not hosted.
>From command-line (probably xterm if you're on linux or go to windows->run and type cmd if on windows) run the command:
  mysql --user=your_database_username -p
and type in your password when prompted.
Type:
  use wiki; <enter>

Again, I'm assuming that you're running it under MySQL.
Depending on how you installed it, you may have to change bits.
The username is what you put as $wgDBuser in LocalSettings.php, password is $wgDBpassword and for the "use wiki;" command, change wiki to your $wgDBname if different.
If $wgDBprefix is not "", you'll need to change the SQL command to
  UPDATE prefix_user ...
where "prefix_" is as in LocalSettings.php

If you aren't on your own server but on hosted, you should have access to your database, perhaps via phpMySql?
Beyond this I can't really help as it's too specific to you.

--Rob


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Topi, User passwords, pleaaase help

tomas pelak
thank you very much for your help, it works!!!!!!! ´thanx

On 6/5/06, [hidden email], <[hidden email]> wrote:

>
> >> well ok, but where should i write it this command update..... and so
> on, how should i run it on the database?
>
> I'm assuming here that you are running the wiki on your own server, not
> hosted.
> >From command-line (probably xterm if you're on linux or go to
> windows->run and type cmd if on windows) run the command:
> mysql --user=your_database_username -p
> and type in your password when prompted.
> Type:
> use wiki; <enter>
>
> Again, I'm assuming that you're running it under MySQL.
> Depending on how you installed it, you may have to change bits.
> The username is what you put as $wgDBuser in LocalSettings.php, password
> is $wgDBpassword and for the "use wiki;" command, change wiki to your
> $wgDBname if different.
> If $wgDBprefix is not "", you'll need to change the SQL command to
> UPDATE prefix_user ...
> where "prefix_" is as in LocalSettings.php
>
> If you aren't on your own server but on hosted, you should have access to
> your database, perhaps via phpMySql?
> Beyond this I can't really help as it's too specific to you.
>
> --Rob
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
> _______________________________________________
> MediaWiki-l mailing list
> [hidden email]
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l