Seems like such a basic feature but even their friendly support folks confirmed that there was no addon or plan to release the feature in a future version. Weird!

No matter though, let’s make our own.

Investigation

I spent untold amounts of time clawing through unfamiliar Java code. A occasional scrap was enough to forge my determination but nothing really made sense yet. Too many files, too many directories but maybe if I just kept trying…

A-ha!

Hidden deep within the lair of <Tomcat>\webapps\Halogen\WEB-INF\classes\com\halogensoftware\common\security\ is a file called ‘Utility.class’. Inside, a string that resembles the worst regular expression ever created.

^a`Z{b1Y}c2X[d3W]e4V|f5U\g6T:h7S;i8R”j9Q’k0P<l-O>m=N?n~M,o!L.p@K/q#Jr$Is%Ht^Gu&Fv*Ew(Dx)Cy_Bz+A

I was sure this string was used to encrypt the passwords stored in the database but I needed a way to confirm that so…

Using a test account I set the password to the number 1 which was encrypted as the letter Y. Password 11 became Y}. Password 111 became Y}c.

Ah, so simple!

If your password was the ^ symbol it would find it in the string above and then move right one space and choose the letter “a” as your encrypted password. If your password was ^^ then the the first encrypted character would be “a” again but the second one would shift two places to the right and store the ` symbol

Here are a few more example conversions.

• ^^^ becomes a`Z
• wT7w becomes (hi)
• A+z becomes ^^^

Notice that in the last example we’ve simply looped around once we hit the right side of the hash string.

Now that we know how it works let’s build our own utility in ASP that we can use to reset anyone’s password.

The Solution

Besides the obvious DSN string, you’ll want to carefully consider how you validate your users.

The setup I used at work talked to a Human Resources database and would validate no less than three pieces of information before even attempting a reset. I urge you dear reader to do the same.

sID = Request.Form("id")
sPassword = Request.Form("password")

Set oConn = Server.CreateObject("ADODB.Connection")
oConn.Open "DSN String for the Halogen eAppraisal Database"

Set oRS = Server.CreateObject("ADODB.Recordset")
oRS.Open "SELECT TOP 1 * FROM [view-user_info] WHERE username = '" & sID & "'", oConn, 0, 3 'adOpenForwardOnly, adLockOptimistic

If not oRS.EOF then
	sKeyCode = "a`Z{b1Y}c2X[d3W]e4V|f5U\g6T:h7S;i8R""j9Q'k0P<l-O>m=N?n~M,o!L.p@K/q#Jr$Is%Ht^Gu&Fv*Ew(Dx)Cy_Bz+A"
	sKeyCodeLength = Len(sKeyCode)
	x = 1
	sBadChar = 0
	Do until x > Len(sPassword)
		sChar = Mid(sPassword, x, 1)

		If InStr(sKeyCode, sChar) then
			sKeyCodePos = InStr(sKeyCode, sChar) + x
			If sKeyCodePos > sKeyCodeLength then
				'Need to loop around the beginning
				Do until sKeyCodePos <= sKeyCodeLength
					sKeyCodePos = sKeyCodePos - sKeyCodeLength
				loop
			End If
			sEncodeChar = Mid(sKeyCode, sKeyCodePos, 1)
			sEncodePassword = sEncodePassword + sEncodeChar
		Else
			'Could not find a character in sKeyCode
			sBadChar = sBadChar + 1
		End If
		x = x + 1
	loop

	If sBadChar > 0 then
		Response.Write "<p><strong>Unsupported characters were used to try to set the encrypted password. New password was not saved.</strong></p>"
	Else
		oRS("password") = sEncodePassword
		oRS("password_change_date") = NULL
		oRS.Update
		Response.Write "<p>The password for your account " & sID & " has been reset.</p>"
	End If
Else
	Response.Write "<p><strong>A corresponding account for the user " & sID & " does not exist. Please contact support.</strong></p>"
End If

oRS.Close
oConn.Close
Set oRS = nothing
Set oConn = nothing

Questions welcome so feel free to comment below.

See ya later, space cowboy.