The values in password column in the database are generated by this function in engine/lib/users.php:
function generate_user_password(ElggUser $user, $password) {
return md5($password . $user->salt);
}
So it's basically a MD5 hash of the cleartext password and some per-user salt. With $user->salt from the database, it should be straightforward to compute $user->password to go to the database for a new password of choice.
@Patrick & @All
I usually have a canned UID (admin) & PWD (qwerty1234) to zap via PhpMyAdmin when ppl get into trouble ;-) works every time lolz ;-O
Mi pregunta es: estoy trabajando en mi localhost, y cuando comienzo la sesión me aparece predeterminado nombre de usuario y contraseña, como hago para sacar mi contraseña predeterminada? alguien sabe. Muchas Gracias Daniel
[Moderator: this comment was off-topic. It was moved to its own topic.]
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.