├── LICENSE ├── README.md └── recovery.php /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 BLUDIT 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Bludit Password Recovery Tool 2 | This tool allow you to recover the password for the `admin` user. 3 | 4 | ## How to recover the password 5 | 1. Download the file `recovery.php`. 6 | 2. Upload to your Bludit installation, on the root folder. 7 | 3. Open the file with your browser, for example: `https://example.com/recovery.php`, change the `example.com` for your domain. 8 | 4. A new password for the `admin` is generated and displayed on the browser. 9 | 5. Log in to the admin panel with the user `admin` and the new password generated. 10 | 6. Delete the file `recovery.php` from your Bludit 11 | 12 | ## [ADVANCED] How to recover the password via the command line 13 | You can execute the php file `recovery.php` via the command line. 14 | ``` 15 | # Go to the directory where you have installed Bludit 16 | cd /var/html/bludit 17 | 18 | # Download the file 19 | curl -o recovery.php https://raw.githubusercontent.com/bludit/password-recovery-tool/master/recovery.php 20 | 21 | # Execute the tool 22 | php recovery.php 23 | ``` 24 | 25 | ``` 26 | Bludit Password Recovery Tool 27 | 28 | Username: admin 29 | New password: 80b4092c27471576fbff4fd645328b91 30 | 31 | >> Delete this file now, do not keep it on the system << 32 | ``` 33 | -------------------------------------------------------------------------------- /recovery.php: -------------------------------------------------------------------------------- 1 | username not found.'); 42 | } 43 | 44 | // Change password 45 | $salt = uniqid(); 46 | $password = md5(uniqid()); 47 | $passwordHash = sha1($password.$salt); 48 | $decode['admin']['salt'] = $salt; 49 | $decode['admin']['password'] = $passwordHash; 50 | $decode['admin']['role'] = 'admin'; 51 | 52 | // Create the new database file 53 | $data = "".PHP_EOL; 54 | $data .= json_encode($decode, JSON_PRETTY_PRINT); 55 | 56 | // Save the new database file 57 | if (file_put_contents($userDatabaseFile, $data, LOCK_EX)) { 58 | echo PHP_EOL; 59 | echo 'Username: admin'.PHP_EOL; 60 | echo 'New password: '.$password.PHP_EOL; 61 | echo PHP_EOL; 62 | 63 | if (unlink(__FILE__)===false) { 64 | echo '>> Delete this file now, do not keep it on the system <<'.PHP_EOL; 65 | } else { 66 | echo '>> The file recovery.php was deleted automatically for security reasons. <<'.PHP_EOL; 67 | } 68 | 69 | } else { 70 | die('Error when try to save the new database file.'); 71 | } --------------------------------------------------------------------------------