web-console icon indicating copy to clipboard operation
web-console copied to clipboard

Published 20 hours ago verified publisher icon nickola

Incorrect user or password

Open wxy545812093 opened this issue 4 years ago • 3 comments

`534 <?php

535 // Initializing

536 if (!isset($NO_LOGIN)) $NO_LOGIN = false;

537 if (!isset($ACCOUNTS)) $ACCOUNTS = array();

// ============================================================== 538 if (!isset($PASSWORD_HASH_ALGORITHM)) $PASSWORD_HASH_ALGORITHM = '';

539 if (isset($USER) && isset($PASSWORD) && $USER && $PASSWORD){

540 $ACCOUNTS[$USER] = $PASSWORD_HASH_ALGORITHM ? get_hash($PASSWORD_HASH_ALGORITHM, $PASSWORD) : $PASSWORD;

541 } // ==============================================================

542 if (!isset($HOME_DIRECTORY)) $HOME_DIRECTORY = '';

543 $IS_CONFIGURED = ($NO_LOGIN || count($ACCOUNTS) >= 1) ? true : false;`

wxy545812093 avatar Jan 04 '21 19:01 wxy545812093

Which file did you use? Please give use more information. Thank you

zombozo12 avatar Jan 05 '21 05:01 zombozo12

// bug line: 538, 539 and 624 in main file "/webconsole.php". if $PASSWORD_HASH_ALGORITHM (line 24) open with hash type(sha256、md5), $password (line 624) is a string of hash type, but $ACCOUNTS[$user] (line 624) is a normal string only. that means will never return true, because param $password and $ACCOUNTS[$user] are not equal.

120

wxy545812093 avatar Jan 06 '21 09:01 wxy545812093

You should specify your hash algoritm. Example:

<?php
// Web Console v0.9.7 (2016-11-05)
//
// Author: Nickolay Kovalev (http://nickola.ru)
// GitHub: https://github.com/nickola/web-console
// URL: http://web-console.org

// Disable login (don't ask for credentials, be careful)
// Example: $NO_LOGIN = true;
$NO_LOGIN = false; 

// Single-user credentials
// Example: $USER = 'user'; $PASSWORD = 'password';
$USER = 'username';
$PASSWORD = '202cb962ac59075b964b07152d234b70 ';  // Set your password according to your hash choice

// Multi-user credentials
// Example: $ACCOUNTS = array('user1' => 'password1', 'user2' => 'password2');
$ACCOUNTS = array();

// Password hash algorithm (password must be hashed)
// Example: $PASSWORD_HASH_ALGORITHM = 'md5';
//          $PASSWORD_HASH_ALGORITHM = 'sha256';
$PASSWORD_HASH_ALGORITHM = 'md5';

There are only 3 variables you should set manually, which are: $USER, $PASSWORD, and $PASSWORD_HASH_ALGORITHM.

$USER is your username to log into webconsole. $PASSWORD is your password, not in plain text. Encrypt your password first using MD5 or SHA256 online. $PASSWORD_HASH_ALGORITHM is hash method that you use. Choose between MD5 and SHA256

After those variables are set, you can freely use webconsole. And don't forget, you can't use webconsole without proc_open enabled in your PHP configuration.

zombozo12 avatar Jan 07 '21 02:01 zombozo12