One of my ZenPhoto sites was hacked a few weeks ago. I have cleaned the site and updated to 1.4.1.5. The site is working OK except for 1 issue: I cannot login as the administrator. I can log in as another user with much lower rights.
I maintain a spreadsheet of the passwords and MD5 hashes for this site so I went in and checked the database and the hash looks OK. I tried changing it to another hash that I have the password for and still cannot login. I created a new user with the same rights as the admin account and created a new password, generated the hash for it and inserted it for that user. I still cannot login as an admin.
In the database, the rights are listed as 1955052533. Is this correct or did something get changed in the hack to block admin access?
Zenphoto
Comments
I am not sure changing hashes is of any use. Unless it was an old hash for the same user with different password there is no way it would work.
One thing you can try is to remove the admin from the database. This will promote one of the lessor rights users to full admin. So if this is the one you can log in as, you can then re-create the full admin user.
I really do not know what could have gone wrong that some users work and others do not. The algorythm for hashing would be the same in all cases.