🌍
English
Announcement
- [2024-04-17] Piwigo 14.4.0
- [2024-04-01] Piwigo in Hobbit runes
- [2024-03-01] Piwigo 14.3.0
- [2024-01-30] Piwigo 14.2.0
- [2023-12-29] Piwigo 14.1.0
#1 2016-04-07 01:46:05
- shdelady
- Member
- 2015-09-17
- 2
Can't login to my Piwigo
Hello
I am new to using Piwigo and I just installed a theme, wanted to go back to the administration page and Piwigo keeps telling me that my password is invalid and I get "Check your email for the confirmation link" which does not work when I try to change my password. What can I do, please help.
Piwigo version:
PHP version:
MySQL version:
Piwigo URL: http://www.travelnfarmboy.com
Offline
#2 2016-04-07 05:59:45
- ddtddt
- Piwigo Team
- Quetigny - France
- 2007-07-27
- 7207
Re: Can't login to my Piwigo
Hi :-)
You can update in database.
chose md5 function
You love Piwigo so don't hesitate to participate, learn more on the "Contribute to Piwigo" page. If you don't have much time for contribution, you can also help the project with a donation.
Offline
#4 2017-05-20 01:55:57
- tomscot2
- Member
- 2017-05-20
- 2
Re: Can't login to my Piwigo
I have the same problem. 'Installed latest version today. For some reason did not write down the admin password. So I tried to change the password in the piwiq_users section of the database.
I access the user database and change the password for user admin using MD5 hash generated here: http://www.miraclesalad.com/webtools/md5.php
However, when I try to logon it just returns to the login screen.
Offline
#5 2017-05-20 02:23:16
- tomscot2
- Member
- 2017-05-20
- 2
Re: Can't login to my Piwigo
I figured out my problem.
I didn't the MD5 Hash generator. phpMyAdmin generated the hash. I just selected MD5 and then typed in the password that I want to use and click Go.
So simple.
Last edited by tomscot2 (2017-05-20 02:24:20)
Offline
#6 2020-05-20 07:05:23
- zep
- Member
- 2020-05-20
- 1
Re: Can't login to my Piwigo
as an aside, if you're pretty comfortable with the command line, you can also use shell tools to get the same - the key point to remember is in generating the hash, you need to make sure to not include a \n in the string sent to md5sum.
e.g. you want 'echo -n "this is the password I will use" | md5sum'
instead of 'echo "this will never work" | md5sum'
I assume it has something to do with an attack vector based on knowing what the last char has to be/won't be and/or with the way the string is processed in php.
I mostly mention this because while it's handy, phpmyadmin is a super common thing for attackers to probe for when they poke at a site, and if they want it, I wanna make sure I don't have it or it's locked down tight. it took me a little while to figure out, thought it could be useful for someone else.
thanks for the software. hopefully I added this info in a reasonable manner.
Offline