-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrecovery.php
71 lines (57 loc) · 1.66 KB
/
recovery.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
/*
* Bludit Password Recovery Tool
* https://www.bludit.com
* Author Diego Najar
*/
echo 'Bludit Password Recovery Tool'.PHP_EOL;
// Constants
define('DS', DIRECTORY_SEPARATOR);
define('PATH_ROOT', __DIR__.DS);
if (!defined('JSON_PRETTY_PRINT')) {
define('JSON_PRETTY_PRINT', 128);
}
// User database file
$userDatabaseFile = PATH_ROOT.'bl-content'.DS.'databases'.DS.'users.php';
if (!file_exists($userDatabaseFile)) {
die('User database not found. File: '.$userDatabaseFile);
}
// Open user database file
$data = file($userDatabaseFile);
// Remove first line
unset($data[0]);
// Join the file
$data = implode($data);
// JSON to Array
$decode = json_decode($data, true);
if (empty($decode)) {
die('JSON file corrupted.');
}
// Check if admin username exists
if (!isset($decode['admin'])) {
die('< admin > username not found.');
}
// Change password
$salt = uniqid();
$password = md5(uniqid());
$passwordHash = sha1($password.$salt);
$decode['admin']['salt'] = $salt;
$decode['admin']['password'] = $passwordHash;
$decode['admin']['role'] = 'admin';
// Create the new database file
$data = "<?php defined('BLUDIT') or die('Bludit CMS.'); ?>".PHP_EOL;
$data .= json_encode($decode, JSON_PRETTY_PRINT);
// Save the new database file
if (file_put_contents($userDatabaseFile, $data, LOCK_EX)) {
echo PHP_EOL;
echo 'Username: admin'.PHP_EOL;
echo 'New password: '.$password.PHP_EOL;
echo PHP_EOL;
if (unlink(__FILE__)===false) {
echo '>> Delete this file now, do not keep it on the system <<'.PHP_EOL;
} else {
echo '>> The file recovery.php was deleted automatically for security reasons. <<'.PHP_EOL;
}
} else {
die('Error when try to save the new database file.');
}