TutorialTutorial - Account Recovery [Hacky Way]
20. April, 2020 - 08:36 SamBrishes

It shouldn't happen, but sometimes you just forget the password of your Bludit admin account and you didn't have installed a Recovery Plugin. That's one of these worst case scenarios, but also really easy to handle with just a small change on the core code.

If you're already familiar with using a local webserver and porting your "online" Bludit Website to your local system, you can easily skip the first 2 chapters and directly start with "Nobody needs Passwords".

1. Local Requirements

First, the following "hack" should NEVER be used on your productive website online, because even if you're fast it may happen that someone is a bit faster than you. And if this is the case, your forgotten password should be the least of your problems. So we need to make your computer fit to run Bludit locally.

This can easily be achieved with a web-server solution stack, such as XAMPP. You can also download the portable ZIP version from sourceforge.net (use the file, which starts with xampp-portable) and just unpack it on your desktop. If you're using the portable version, just double-click on setup_xampp.bat first, because this script adapts the paths and file structure to the current XAMPP folder location. Done? Cool, let us start the XAMPP Control Center (xampp-control.exe) and start the Apache WebServer (the first item on the list). If it doesn't want to start, because the port is in use, make sure your Discord, Skype, Teamspeak and other Social Interacting Apps are closed (completely). Try to start the .exe file as Administrator too.

XAMPP and the XAMPP directory

Now it may get a bit tricky, because you need to download your whole Bludit Installation and Website and copy them into the htdocs directory of XAMPP. This can be achieved using a FTP Program, such as FileZilla with using the FTP credentials of your Webspace provider. Many Webhoster also already offer a Browser-Based WebFTP application on their website, where you're able to pack your Bludit Installation and download it directly. Please check the FAQs / Help Section of your provider for more information.

2. Modify the Files

The copied Bludit files within your local web-server stack doesn't work yet, because you need to tell Bludit about the new environment. To do so, we need to change the bl-content/databases/site.php JSON database file, which is minified in the most cases (except you're enabled the Debug Mode on your own before). That shouldn't be an obstacle, because awesome services such as unminify will solve this issue in under a second.

Just open the file mentioned above in a code editor of your choice (or use Windows' Notepad program) and copy and paste the weird looking text, WITHOUT the first <?php line, in the textarea field of unminify.com:

Unminify your site.php JSON file

The result may looks a bit strange, but this is how Bludit keeps your data stored. We can directly use the textarea field, to adapt our Bludit Installation and prepare it for the local use. Just search for the "url" key, which is the 18th line on the picture above. This URL must point to your local Bludit Website, while "localhost" points directly to the - already mentioned htdocs directory of XAMPP. For example: If you've copied your Bludit Website to htdocs/my-bludit you URL need to be http:\/\/localhost\/my-bludit\/.

The additional \ (backslash) characters above each / slash are required, because this character must be escaped to prevent parser errors. Done? Perfect, copy and paste the changed text back to your site.php database file and save it.

3. Nobody needs Passwords

You may wonder how this should help you, but keep in mind, that both steps above should only prepare the local use. Now the "hacky" part will finally solve your issue. Open the bl-kernel/login.class.php file in your code editor and scroll down (or search for) the public method verifyUser, which should be at line 92.

This method contains a few lines of code, which checks a little stuff and signs you in, if everything is cool. The important function for this is located on line 115, starting with $this->setLogin, which is surrounded by a so-called if-statement. The content of this statement is only processed, if the condition is calculated to true. In this case, it checks the hashed version of the entered password with this one stored in the database.

I guess you should already know what you may need to do... Move the $this->setLogin() line just above this condition, save the file, visit the changed URL from above in your browser and try to Log in with any password (at least 6 characters) you want!

Move line 115 up to 114 and save the file.

If you're in, thank me later, first you should change your password on the common Bludit way (Visit your Profile under "Users", switch to the "Security" tab and press the blue "Change Password" button). Done? Good, now follow this tutorial backward to reset all done changes and upload the files back to the server...

... or use the easy way and just upload the bl-content/databases/users.php JSON database, which contains all registered users as well as all "set" password hashes. Now you can log in again as normal, but you should take care of your passwords... Maybe a password manager would be a great tool for you.

Thanks for reading.

Stay 200,
Sam.

Rate this Post

∅ 5 out of 2 Votes

Currently there are no comments, so be the first!