1.1.16 how to generate manually correct password hash?


(BigBoatCap) #1

Hello, fellas!

I’m trying to reset admin password, updating db record as follows, SQL-query:

update adm_user set password_hash = ‘NEW_HASH_GOES_HERE’ where username like ‘admin’;

Now, the main goal is to generate a new password hash string correctly.
As I see, there is a straightforward way to do it - just by running the part of Yii framework code, which creates hash during sign-up process. Which i think is:

            $password = '1axxxxxxxxxxxxxxxxxxxxxxxxxxxxFyu';//Yii::app()->getSecurityManager()->generateRandomString(7, true);
            $password_hash = CPasswordHelper::hashPassword($password);

… from $SITE_DIR/protected/modules/Clasificator/models/PersonalInformation.php script.
And what i’d like to understand here:
What is that string ‘1aRT$33)r#etZDk7Toy6g30HbV78qwWwq134mFyu’ ? Is it a “salt” or smth. ?

And finally what i’ve got:

cat genhash.php

<?php include("../framework/base/CComponent.php"); include("../framework/base/CModule.php"); include("../framework/base/CApplication.php"); include("../framework/yii.php"); include("../framework/utils/CPasswordHelper.php"); $password = 'adminpassword';//Yii::app()->getSecurityManager()->generateRandomString(7, true); $password_hash = CPasswordHelper::hashPassword($password); echo ($password_hash); ?>

… throws me:

Fatal error: Call to a member function getSecurityManager() on a non-object in /var/www//framework/utils/CPasswordHelper.php on line 188

As you can see, i’ve some PHP-class import problem here.
Any help would be appreciated.
Thank you in advance.


(Alexander Makarov) #2

How about writing a command instead? https://www.yiiframework.com/doc/guide/1.1/en/topics.console#creating-commands


(BigBoatCap) #3

Hello, and thank you for getting in touch.

Would you please provide an example for generating a password hash ?


(Alexander Makarov) #4

Sure:

CPasswordHelper::hashPassword($password);

But you must be in the context of a command.


(BigBoatCap) #5

Actually i couldn’t run this yiiconsole command, don’t know why, but it couldn’t connect with the same psql params in protected/config/console.php
But i got the default password hash from protected/modules/User/components/UserModuleInstall.php which is:
$2a$13$hUjtMwR9BNTyjGXw7vOByeoC2d1dnuuAwfu4QP5lckP55KMACXtru
( ‘admin’ password )
And this was enough to get in.
Thank you for your assistance.