Zblog PHP administrator forgot to reset and retrieve the password

Any password that is not used for a long time without a firm memory may be completely forgotten. We can also take our ID card to the counter to reset the bank card password. What should we do if the background administrator of ZblogPHP website forgot his login password? If the website already has a lot of data, it is obviously not advisable to reinstall the program. As users often ask, today's editor of Yiwu Library will talk about several methods for ZblogPHP background administrator to modify and reset after forgetting the login password.

1、 The [Z-BlogPHP Password Retrieval Tool] provided by the official Zblog members has the following codes:

 <? php require './ zb_system/function/c_system_base.php'; $zbp->Load(); if(isset($_GET['uid'])){ $m=$zbp->members[$_GET['uid']]; $un=$m->Name; $zbp->user = $m; if($blogversion>131221){ $ps=md5($m->Password . $zbp->guid); }else{ $ps=md5($m->Password . $zbp->path); } setcookie("username", $un,0,$zbp->cookiespath); setcookie("password", $ps,0,$zbp->cookiespath);     if(isset($GLOBALS['hooks']['Filter_Plugin_VerifyLogin_Succeed'])){         foreach ($GLOBALS['hooks']['Filter_Plugin_VerifyLogin_Succeed'] as $fpname => &$fpsignal) {             $fpname();         }     } Redirect('zb_system/admin/?act=admin'); die(); } ?><! DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Language" content="zh-cn" /> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache,must-revalidate"> <meta http-equiv="expires" content="0"> <meta name="robots" content="none" /> <title>Z-BlogPHP Password Reset Tool</title> <style type="text/css"> <!-- * { font-size: 14px; } Body {margin: 0; padding: 0; color: # FFFFFF; font size: 12px; background: # FFFFFF; font family: "Microsoft Yahei", "Bold", "Tahoma";} h1, h2, h3, h4, h5, h6 { font-size: 18px; padding: 0; margin: 0; } a { text-decoration: none; } a:link { color: #FFFFFF; text-decoration: none; } a:visited { color: #FFFFFF; text-decoration: none; } a:hover { color: yellow; text-decoration: underline; } a:active { color: yellow; text-decoration: underline; } p { margin: 0; padding: 5px; } table { border-collapse: collapse; border: 0px solid #333333; background: #ffffff; margin-top: 10px; } td { border: 0px solid #333333; margin: 0; padding: 3px; } img { border: 0; } hr { border: 0px; border-top: 1px solid #666666; background: #666666; margin: 2px 0 4px 0; padding: 0; height: 0px; } img { margin: 0; padding: 0; } form { margin: 0; padding: 0; } #frmLogin { position: absolute; left: 50%; top: 40%; margin: -150px 0px 0px -300px; padding: 0; overflow: hidden; width: 600px; height: 400px; background-color: #3a6ea5; border: 0px solid #B3C3CD; box-shadow: 0px 0px 15px black; } #frmLogin h3 { padding: 15px 0 5px 0; margin: 0; text-align: center; color: white; font-size: 24px; height: 30px; } #divHeader { margin: 0 0; padding: 8px; } #divMain { height: 280px; } #divFooter { margin: 5px 0px 0 0px; text-align: center; padding: 2px; } #divMain_Top { padding: 8px; padding-bottom: 0; } #divMain_Center { padding: 5px; } #divMain_Bottom { text-align: right; padding: 5px; } #txaContent { border: 1px solid #A1B0B9; background: #FFFFFF; } --> </style> </head> <body> <form id="frmLogin" method="post"> <h3>Z-BlogPHP password free login tool</h3> <div id="divHeader">&nbsp;& nbsp;< a href=" http://www.rainbowsoft.org/ "Target=" _blank ">Z-Blog Home Page</a>&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=" http://bbs.rainbowsoft.org "Target=" _blank ">Zblogger community</a>&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=" http://wiki.rainbowsoft.org/ " target="_blank">Z-Wiki</a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;<a href=" http://blog.rainbowsoft.org/ "Target=" _blank ">Pineapple Pavilion</a>&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=" http://www.dbshost.cn/ "Target=" _blank ">DBS host</a></div> <div id="divMain"> <input type="hidden" name="userid" id="userid" value="0" /> <? php echo '<p></p>'; foreach ($zbp->members as $key => $m) { if($m->Level < 2) Echo '<p style="padding: 10px;">[Administrator]'  $m->Name . '<input style="float: right;" type="button" value="&nbsp;&nbsp; Login&nbsp;&nbsp;" onclick="window. location='? Uid='. $m ->ID.'  '"/></p>'; } ?> </div> <div id="divFooter"><b>[Note]< Font color="yellow">This tool is very dangerous. Please delete or rename it through<u>FTP</u>immediately after use</ font></b></div> </form> </body> </html>

Please save the above code as a PHP file with any name, such as nologin.php[ Click Download ][ Click Download ], and upload it to the root directory of the website, and then access it through "your website domain name/nologin. php". Normally, you can see the following interface:

2、 The VerifyLogin() change method provided by Tutu Blog, a senior Zblog user, is as follows:

 <? php require '../../../ zb_system/function/c_system_base.php'; require '../../../ zb_system/function/c_system_admin.php'; $id='1'; $am = $zbp->GetMemberByID($id); $_POST['savedate']=0; $_POST['dishtml5']=0; if($zbp->Verify_Final($am->Name,$am->Password,$m)){ $zbp->user = $m; $un = $m->Name; $ps = $m->PassWord_MD5Path; $sd = (int)GetVars('savedate'); $addinfo=array(); $addinfo['dishtml5']=(int)GetVars('dishtml5', 'POST'); $addinfo['chkadmin']=(int)$zbp->CheckRights('admin'); $addinfo['chkarticle']=(int)$zbp->CheckRights('ArticleEdt'); $addinfo['levelname']=$m->LevelName; $addinfo['userid']=$m->ID; $addinfo['useralias']=$m->StaticName; if ( $sd == 0) { setcookie("username", $un, 0, $zbp->cookiespath); setcookie("password", $ps, 0, $zbp->cookiespath); setcookie("addinfo" . str_replace('/','',$zbp->cookiespath), json_encode($addinfo), 0, $zbp->cookiespath); } else { setcookie("username", $un, time() + 3600 * 24 * $sd, $zbp->cookiespath); setcookie("password", $ps, time() + 3600 * 24 * $sd, $zbp->cookiespath); setcookie("addinfo" . str_replace('/','',$zbp->cookiespath), json_encode($addinfo), time() + 3600 * 24 * $sd, $zbp->cookiespath); } Redirect($zbp->host.'zb_system/admin/?act=admin'); } ?>

Similarly, save the above code as a PHP file and upload it to the website. When you access it, you can bypass the login step and directly enter the background. Next, you can change the administrator password immediately. Unless you believe that others can never guess or see the file name, please remember to delete the file after operation.

3、 Finally, briefly introduce the method of directly entering the database to modify the administrator's password: enter the website database to find and open the data table named "zbp_member", and you can immediately see the familiar administrator account. The mem_Password item corresponds to its specially encrypted password value. Use "37f26681b22f68c10c8fe579f031879e" Replacing this string of characters means that the password will be reset to "12345678". Don't know how to enter the database? Don't change the data table? Please choose the first two methods!

None of the above methods can solve the problem, or if you want to know more about the method of directly modifying the password in the database, please contact the editor.