Blamps Posted August 9, 2018 Share Posted August 9, 2018 HI All, Can someone help me, i have forgotten my admin password, is there any way to change or retrieve it please Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 9, 2018 Share Posted August 9, 2018 OSCommerce - Reset a lost admin password To reset the Admin password in newer versions of OSCommerce, you will need to do the following: Login to cPanel, and go to Databases -> phpMyAdmin Click on your OSCommerce database on the right On the next screen, click on the Administrators table Edit the record for the username in this table Replace the contents of the password field with this, then click Go: 6cdd7c57450225fac77427f5962bb726:40 This will reset the password for this user to "pass". Login to the Admin area of your OSCommerce, and then reset your password to something more secure. Also is you have Additional Protection With htaccess/htpasswd then delete that file from admin/ Link to comment Share on other sites More sharing options...
♥Smoky Barnable Posted August 9, 2018 Share Posted August 9, 2018 You can also use this MD5 hash generator to update your password and update your database as previously mentioned. https://www.md5hashgenerator.com/ The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence. - Rabindranath Tagore Link to comment Share on other sites More sharing options...
♥Tsimi Posted August 9, 2018 Share Posted August 9, 2018 Just empty, NOT DELETE, just empty the administrators table. Then access your admin area again and you will be prompted to create a new username and password. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 10, 2018 Share Posted August 10, 2018 The empty admin table is advise given on this forum over and over again! I think this is not a good idea for 2 reasons. 1) if you have more than 1 admin assigned you will lose all the admins! 2) if you empty the table you leave your website vulnerable to hacking unless you immediately log back into admin! even if its only 20-30 seconds its still open to anyone accessing for that short window! Why take the risk! Link to comment Share on other sites More sharing options...
♥Tsimi Posted August 10, 2018 Share Posted August 10, 2018 If you have multiple admins then you're totally right. Then he shouldn't empty the table. Worst case you could ask your fellow admins to quickly recreate the username and psw. Regarding point 2, i do not think that this is an issue. At least it shouldn't be unless you did the stupid mistake of naming the admin folder "admin" and even then why would someone wait to access the admin area after empty the table? Yeah OK a toilet brake maybe but that would be a very big coincidence and very important toilet brake. And getting hacked exactly in those few seconds would be really bad luck. And hopefully a htaccess file already in place should prevent that too. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 10, 2018 Share Posted August 10, 2018 26 minutes ago, Tsimi said: And hopefully a htaccess file already in place should prevent that too 😁 I bet every site ever hacked thought they had every thing secure including htaccess! But hey everyone is free to do what they think best it's all good. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 10, 2018 Share Posted August 10, 2018 It's interesting to read what Apache have to say about the use of .htaccess and website security! " There is a common misconception that you are required to use .htaccess files in order to implement password authentication. " http://httpd.apache.org/docs/2.0/howto/htaccess.html#when The .htaccess file is one of the most common targets for hackers as most people never think to protect the file itself! Even those who do protect the file normally use just this. <Files .htaccess> Order allow,deny Deny from all </Files> This still allows attacks using “HTACCESS”, Yu should go one step further and ensure a strong denial of access to your file using something like this # STRONG HTACCESS PROTECTION <Files ~ "^.*\.([Hh][Tt][Aa])"> Order allow,deny Deny from all </Files> But as always get advice from an "expert like your host support" before making any changes and oh yes backup. Link to comment Share on other sites More sharing options...
Dennisra Posted August 10, 2018 Share Posted August 10, 2018 Best to use the current version tutorial of Apache 2.4 as opposed to 2.0: https://httpd.apache.org/docs/current/howto/htaccess.html Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 10, 2018 Share Posted August 10, 2018 Error in original post as hash had error and would not work if used. This below is the corrected code. Or as @Smoky Barnable says just use a hash generator. OSCommerce - Reset a lost admin password To reset the Admin password in newer versions of OSCommerce, you will need to do the following: Login to cPanel, and go to Databases -> phpMyAdmin Click on your OSCommerce database on the right On the next screen, click on the Administrators table Edit the record for the username in this table Replace the contents of the password field with this, then click Go: 6cdd7c57450225fac77427f5962bb726 This will reset the password for this user to "40pass". Login to the Admin area of your OSCommerce, and then reset your password to something more secure. Also is you have Additional Protection With htaccess/htpasswd then delete that file from admin/ Link to comment Share on other sites More sharing options...
ArtcoInc Posted August 14, 2018 Share Posted August 14, 2018 I would just like to remind people that while we are here to assist one another, let's please do so in a safe way. If I walked up to you and said that I lost the keys to my house/car, and asked you to help me break in, would you? M Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 14, 2018 Share Posted August 14, 2018 😂 A bit late to the game no! 😂 Nothing posted here that has not already been discussed many times and a simple google for anyone! If he has access to the db and phpadmin then the damage is already done, nothing advised here will help anyone get access to a properly secured website. Link to comment Share on other sites More sharing options...
ArtcoInc Posted August 14, 2018 Share Posted August 14, 2018 This was a brand new member, his first post, and posted only minutes after joining. And, this member has not been back here since then. (don't you just love it when people ask a question here and never come back for an answer?) I saw the post when he first posted it, and considered saying something then, but others answered before I could. M Link to comment Share on other sites More sharing options...
zefeena Posted August 23, 2018 Share Posted August 23, 2018 I have just done a new install, and everything seems okay except I cannot log onto the admin. I have not yet set up htaccess. I tried the php admin reset password but not with any joy! Can anyone suggest why its not working? I live in an internet blackspot - could this be causing a problem - i.e not updated the password. If in the likelihood I ever manage to get access by changing my password through these methods how do I change it to a more secure one. Currently security is not an issue the site is New, nothing to see here! lol thank you Running a botched up version of osCommerce Online Merchant v2.3.4 bootstrap with the dresscode theme installed, numerous add-ons, terrible coding, terrible website, but will have to make do until I have made up for my losses and can risk shutting down for a couple of weeks while I start all over again. - I did not install my program but am endeavouring to fix it with your help. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted August 23, 2018 Share Posted August 23, 2018 What if any error's are in your error log? What actualy happens when you go to admin? Post screen grap or pm link. On a fresh install the main causes are 1) You forgot your admin login/password happens all the time. 2) You have a old redirect in you root which is blocking the admin 3) you have not set up the config file properly 4) you dont have correct access set on admin folder or files 5) Check db to see if admin is in it and has password set ( details given above in thread on how to do that) 6) Oh well install messed up remove all onld files and DB and do clean fresh in stall using new download of software. No quick fix just have to do it one step at a time. Link to comment Share on other sites More sharing options...
Guest Posted October 26, 2018 Share Posted October 26, 2018 Hi JcMagpie, I tried the password reset instructions but, I still cannot login to the admin area. Please advise. Thank you, Jeff Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.