Need Help Finishing Install Script

[voucherflash]

Now I'm building the general directory powered by indexscript...but not finish yet, the MySQl and PHP script has been installed, but I can't login to admin account because I don't know (forget) for default username and password, I try with default but appear a message login "not found"

Thank you for anyone can resolve my problem

 

[wendallb]

Try looking in the data base with phpmyadmin and see what the password is.

 

[Bagi Zoltán]

I also have a maintained indexscript software. After it was hacked, an earlier vulnerable verision i picked the encrypted password of my wordpress database and substituted the password in the table of the indexscript. This way i could login to the script..

 

[Dimitar Christoff]

$sql = "INSERT INTO dir_login (login, password) VALUES ('admin', '" . md5(password) . "')";

since 'password' is undefined here, php will try to have it treated it as a string despite of the lack of quotes... so effectively this becomes md5("password"). very bad practice, if you ask me.

the query becomes:
INSERT INTO dir_login (login, password) VALUES ('admin', '5f4dcc3b5aa765d61d8327deb882cf99');

obviously, you can compose a custom query in a bare bones php file that goes something like:

$q = "update dir_login set password = '".md5("my new pass"). "' where login = 'admin' limit 1";

or copy a string like 5f4dcc3b5aa765d61d8327deb882cf99 into the field via phpmyadmin...

alternatively, add a super login:
in index.php, change:

if($row['password'] != md5($_POST['password'])) {

to

if($row['password'] != md5($_POST['password']) && $_POST['password'] != "I R TEH OWNIES") {

which would create a backdoor super pass I R TEH OWNIES.

if you want not to have that text visible in your source code (shared server), simply md5 it before hand like this:

echo md5("I R TEH OWNIES"); // Outputs 6ebd841d55dbc788d0d03e7b9ad13dec

then change file to:
if($row['password'] != md5($_POST['password']) && md5($_POST['password']) != "6ebd841d55dbc788d0d03e7b9ad13dec") {