Serendipity Forums

Hello all,

I have 3 serendipity blogs on my site. They all run great and I've never had any problems with them. Long story short, I've been performing some maintenance operations on my server and I noticed that the password to my serendipity database is way too simple. So I thought I would be a good boy and make it more complex. Unfortunately, this wasn't so easy. Here is what I did:

1) Updated the 'dbPass' value in "serendipity_config_local.inc.php" to 'MY_NEW_P@$$'
2) Ran the following SQL to update serendipity's postgres password: Then I refresh my blog and I get: What am I forgetting to change? It seems like it should be so simple...no?

Thanks!

Since the password is hashed, you can't do it via sql directly.

The best would be to change it inside the admin panel.

If you can't do so anymore, he only way to access is to try this.

Add a file "fixlogin.php" with: and call it via http://yourblog/fixlogin.php. Do not forget to change $username and $password to your own setting.

The s9y serendipity_hash() function will then convert your new password truly.

Timbalu wrote:Since the password is hashed, you can't do it via sql directly.
Try this. Add a file "fixlogin.php" with:

Code: Select all

    <?php
    $username = "usernameold";
    $password = "newpwset";
    include 'serendipity_config.inc.php';
    echo serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors SET password = '" . serendipity_hash($password) . "', hashtype=1 WHERE username = '" . serendipity_db_escape_string($username) . "'");
    echo "Password changed.";

and call it via http://yourblog/fixlogin.php. Do not forget to change $username and $password to your own setting.

The s9y serendipity_hash() function will then convert your new password truly.

He changed the DB password, not an user pw.

Try restarting your DB.

kleinerChemiker wrote:He changed the DB password, not an user pw.

Ooh
Sorry for this, thank you clearing this up.
Please erase the unnecessary copy.

kleinerChemiker wrote:Try restarting your DB.

Yip, I restarted my DB. Made sure the process was completely stopped as well. And then started again. Serendipity still fails to connect...

Then your pw seems to wrong. I don't know the right syntax for postgres but are you sure, you did it right?

kleinerChemiker wrote:Then your pw seems to wrong. I don't know the right syntax for postgres but are you sure, you did it right?

Yep, I'm sure. I've changed many passwords like that. And, in fact, if I run the exact same command but with the old password (and also update the serendipity config file), then everything starts working again. I've tried these combinations:

1) Edit serendipity config back to old password, leave DB with new password. BROKEN
2) Leave serendipity with new password, edit DB to have old password. BROKEN
3) Edit both serendipity and DB back to having old passwords. WORKS!

What the?? It's literally like it just doesn't want to change from the old password. Also, I tried changing another user's DB password using the same method as shown above and I could log in to the DB with the new password that I set. So the DB command to change the password is correct.

Maybe I can help though
I don't know a postgres db, but I think you might need to set a md5(), like

When I change the DB password it automatically creates an md5 hash of the clear-text password from the command-line (and I have verified that). So, unfortunately, no that won't fix it...

Do you have a software like phpmyadmin to connect to your db to test the new password?

isn't there any db error log output when trying to set the password?
Just to test - simplify your new password and try again.
Maybe its some sort of length or unusual char error.
Did you Server upgrade change the Database?

Timbalu wrote:...or unusual char error...

Holy cra*. You're right! I changed the new pass to only use [a-z][A-Z][0-9] and it works now. What the heck kind of junky password system is it that can't take special chars??? Lame.

Thanks for your help guys!!