Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect user or password #57

Open
wxy545812093 opened this issue Jan 4, 2021 · 3 comments
Open

Incorrect user or password #57

wxy545812093 opened this issue Jan 4, 2021 · 3 comments

Comments

@wxy545812093
Copy link

wxy545812093 commented Jan 4, 2021
edited

`534 <?php

535 // Initializing

536 if (!isset($NO_LOGIN)) $NO_LOGIN = false;

537 if (!isset($ACCOUNTS)) $ACCOUNTS = array();

// ==============================================================
538 if (!isset($PASSWORD_HASH_ALGORITHM)) $PASSWORD_HASH_ALGORITHM = '';

539 if (isset($USER) && isset($PASSWORD) && $USER && $PASSWORD){

540 $ACCOUNTS[$USER] = $PASSWORD_HASH_ALGORITHM ? get_hash($PASSWORD_HASH_ALGORITHM, $PASSWORD) : $PASSWORD;

541 }
// ==============================================================

542 if (!isset($HOME_DIRECTORY)) $HOME_DIRECTORY = '';

543 $IS_CONFIGURED = ($NO_LOGIN || count($ACCOUNTS) >= 1) ? true : false;`
@zombozo12
Copy link

Which file did you use? Please give use more information. Thank you

@wxy545812093
Copy link
Author

// bug line: 538, 539 and 624 in main file "/webconsole.php".
if $PASSWORD_HASH_ALGORITHM (line 24) open with hash type(sha256、md5), $password (line 624) is a string of hash type, but $ACCOUNTS[$user] (line 624) is a normal string only. that means will never return true, because param $password and $ACCOUNTS[$user] are not equal.

120

@zombozo12
Copy link

zombozo12 commented Jan 7, 2021
edited

You should specify your hash algoritm. Example:

<?php
// Web Console v0.9.7 (2016-11-05)
//
// Author: Nickolay Kovalev (http://nickola.ru)
// GitHub: https://github.com/nickola/web-console
// URL: http://web-console.org

// Disable login (don't ask for credentials, be careful)
// Example: $NO_LOGIN = true;
$NO_LOGIN = false; 

// Single-user credentials
// Example: $USER = 'user'; $PASSWORD = 'password';
$USER = 'username';
$PASSWORD = '202cb962ac59075b964b07152d234b70 ';  // Set your password according to your hash choice

// Multi-user credentials
// Example: $ACCOUNTS = array('user1' => 'password1', 'user2' => 'password2');
$ACCOUNTS = array();

// Password hash algorithm (password must be hashed)
// Example: $PASSWORD_HASH_ALGORITHM = 'md5';
//          $PASSWORD_HASH_ALGORITHM = 'sha256';
$PASSWORD_HASH_ALGORITHM = 'md5';

There are only 3 variables you should set manually, which are: $USER, $PASSWORD, and $PASSWORD_HASH_ALGORITHM.

$USER is your username to log into webconsole.
$PASSWORD is your password, not in plain text. Encrypt your password first using MD5 or SHA256 online.
$PASSWORD_HASH_ALGORITHM is hash method that you use. Choose between MD5 and SHA256

After those variables are set, you can freely use webconsole. And don't forget, you can't use webconsole without proc_open enabled in your PHP configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wxy545812093 @zombozo12