Password reset

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
rrh
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 21 Mar 2013, 23:40

Password reset

Postby rrh » 21 Mar 2013, 23:52

I can't log in. There's apparently no built-in way to reset my password.

I found this thread:
viewtopic.php?f=1&t=1095&p=4880&hilit=login+password#p4880

Where fox said reinstall the schema

I looked in the schema for just the lines referencing the login. (For obvious reasons, I'd rather not lose all my subscriptions.)

I found a line that said
insert into ttrss_users (login,pwd_hash,access_level) values ('admin','SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 10);

which I converted into

update ttrss_users set pwd_hash = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8' WHERE login = 'admin';

Which does change the value of pwd_hash, but does not allow me login with "password" again, so there must be something I'm missing.

Anyone else have any success with resetting their password without destroying their subscriptions?

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Password reset

Postby fox » 22 Mar 2013, 10:26

You'll need to set salt to '' for the old-style password hashes to work. That should do it.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Password reset

Postby fox » 22 Mar 2013, 14:31

I'll add a basic reset password to email thing for 1.7.5.

rrh
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 21 Mar 2013, 23:40

Re: Password reset

Postby rrh » 22 Mar 2013, 19:53

That did the job!

So my final version was

Code: Select all

update ttrss_users set pwd_hash = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', salt= '' WHERE login = 'admin';


That returns your password to password so you can login again.

madeingermany
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 30 Mar 2013, 02:06

Re: Password reset

Postby madeingermany » 30 Mar 2013, 02:15

So weird, I can't log in to my site anymore. Yesterday it worked.
I used the reset password email, but that password wasn't accepted either (and I received an error about an empty salt on that page).

I tried the sql from rrh, but it still won't work. Any other ideas?

oats
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 30 Mar 2013, 06:37

Re: Password reset

Postby oats » 30 Mar 2013, 19:51

madeingermany wrote:I tried the sql from rrh, but it still won't work. Any other ideas?


I had a similar issue (I think it didn't like the length of the password I set) but was able to resolve it and log in with admin/password after running the above while logged into mysql as the tt-rss user. Are you specifying to use the ttrss database before running the code above?

Should be something like this:

Code: Select all

use ttrss
update ttrss_users set pwd_hash = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', salt= '' WHERE login = 'admin';

madeingermany
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 30 Mar 2013, 02:06

Re: Password reset

Postby madeingermany » 30 Mar 2013, 21:37

Thanks, oats.

Yes, I selected the right DB and when I look in the users table, I see the password hash. I am actually still logged in as admin in one of my browsers. So I set the password for my user again and still I can't log in in another browser.

Really weird. I ended up deleting my tt-rss directry and getting the trunk from git, now it works again.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Password reset

Postby fox » 30 Mar 2013, 22:02

There was a bug in user editor where quotes and possibly other special symbols got escaped so password hash was incorrect, that got recently fixed. Maybe you encountered that one?

User avatar
[email protected]
Bear Rating Trainee
Bear Rating Trainee
Posts: 3
Joined: 10 Jun 2013, 12:59
Location: Sniffing Ur Traffic
Contact:

Re: Password reset

Postby [email protected] » 10 Jun 2013, 13:06

There is two workarounds to this (at least this is what I did):
1- Use a tool like Wireshark and sniff the reset request (the one sent to your email used for registration), the email is sent CLEAR TEXT, so anyone can get access to it with the work of a sniffer.
2- Use a Fake SMTP tool such as nilhcem.github.io/FakeSMTP/ and let the forget your password send the email to that FAKE SMTP server.

Anyway, thanks to the Tiny-RSS team for their great work :)

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Password reset

Postby fox » 10 Jun 2013, 13:13

The point of doing any of this instead of running 1 SQL query is

User avatar
sleeper_service
Bear Rating Overlord
Bear Rating Overlord
Posts: 884
Joined: 30 Mar 2013, 23:50
Location: Dallas, Texas

Re: Password reset

Postby sleeper_service » 10 Jun 2013, 13:38

fox wrote:The point of doing any of this instead of running 1 SQL query is


when all you've got is a network sniffer, everything looks like a nail?

User avatar
[email protected]
Bear Rating Trainee
Bear Rating Trainee
Posts: 3
Joined: 10 Jun 2013, 12:59
Location: Sniffing Ur Traffic
Contact:

Re: Password reset

Postby [email protected] » 10 Jun 2013, 13:43

@fox

I saw that running the query didn't succeed for all, so rather than risking being BANNED from the system, I went through the easy way (PLAIN TEXT EMAILS).

kai
Bear Rating Trainee
Bear Rating Trainee
Posts: 7
Joined: 09 Jul 2013, 15:28

Re: Password reset

Postby kai » 09 Jul 2013, 15:29

I also forgot my password, and I didn't install it so I don't know the email that was used. How do I modify the schema?

vilain
Bear Rating Trainee
Bear Rating Trainee
Posts: 40
Joined: 29 Jun 2013, 08:57

Re: Password reset

Postby vilain » 10 Jul 2013, 04:12

The passoword, AFAIK, is a one-way hash (usually its the MD5 hash with a salt). So you can't set it yourself using something like phpMyAdmin. But you *can* lookup the row in the ttrss_users table and find out what email is assigned to the account. And you can change it. Then when you attempt to login, the email will go whereever you set it.

xtaz
Bear Rating Master
Bear Rating Master
Posts: 174
Joined: 24 Dec 2009, 16:48

Re: Password reset

Postby xtaz » 10 Jul 2013, 07:03

You *can* set it using something like phpmyadmin. Just have to do the hashing yourself that's all. The easiest thing to do is just to take the already made hash out of schema/ttrs_schema_mysql.sql which says SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 and update your own user entry with that. Then the password is the default, which is password.

Or make your own, and just stick SHA1: on the front of it.

Code: Select all

$ echo -n password | sha1
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8


Return to “Support”

Who is online

Users browsing this forum: No registered users and 23 guests