Lost Admin Password

[Blamps]

HI All,

 

Can someone help me, i have forgotten my admin password, is there any way to change or retrieve it please

[♥JcMagpie]

OSCommerce - Reset a lost admin password

To reset the Admin password in newer versions of OSCommerce, you will need to do the following:
 

1.  
2. Login to cPanel, and go to Databases -> phpMyAdmin
3. Click on your OSCommerce database on the right
4. On the next screen, click on the Administrators table
5. Edit the record for the username in this table
6. Replace the contents of the password field with this, then click Go: 6cdd7c57450225fac77427f5962bb726:40
   
    

This will reset the password for this user to "pass". Login to the Admin area of your OSCommerce, and then reset your password to something more secure.

 

Also is you have Additional Protection With htaccess/htpasswd  then delete that file from admin/ 

[♥Smoky Barnable]

You can also use this MD5 hash generator to update your password and update your database as previously mentioned.

https://www.md5hashgenerator.com/

[♥Tsimi]

Just empty, NOT DELETE, just empty the administrators table. Then access your admin area again and you will be prompted to create a new username and password.

[♥JcMagpie]

The empty admin table is advise given on this forum over and over again! I think this is not a good idea for 2 reasons.

1) if you have more than 1 admin assigned you will lose all the admins!

2) if you empty the table you leave your website vulnerable to hacking unless you immediately log back into admin! even if its only 20-30 seconds its still open to anyone accessing for that short window! Why take the risk!

 

 

[♥Tsimi]

If you have multiple admins then you're totally right. Then he shouldn't empty the table. Worst case you could ask your fellow admins to quickly recreate the username and psw.

Regarding point 2, i do not think that this is an issue. At least it shouldn't be unless you did the stupid mistake of naming the admin folder "admin" and even then why would someone wait to access the admin area after empty the table? Yeah OK a toilet brake maybe but that would be a very big coincidence and very important toilet brake. And getting hacked exactly in those few seconds would be really bad luck. And hopefully a htaccess file already in place should prevent that too.

[♥JcMagpie]

26 minutes ago, Tsimi said:

And hopefully a htaccess file already in place should prevent that too

😁 I bet every site ever hacked thought they had every thing secure including htaccess! But hey everyone is free to do what they think best it's all good.

[♥JcMagpie]

It's interesting to read what Apache have to say about the use of .htaccess and website security!

" There is a common misconception that you are required to use .htaccess files in order to implement password authentication. "

http://httpd.apache.org/docs/2.0/howto/htaccess.html#when

The .htaccess file is one of the most common targets for hackers as most people never think to protect the file itself!

Even those who do protect the file normally use just this.

<Files .htaccess>
	Order allow,deny
	Deny from all
</Files>

This still allows attacks  using  “HTACCESS”,  Yu should go one step further and ensure a strong denial of access to your file using something like this

# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
	Order allow,deny
	Deny from all
	
</Files>

But as always get advice from an  "expert like your host support" before making any changes and oh yes backup.

[Dennisra]

Best to use the current version tutorial of Apache 2.4 as opposed to 2.0: https://httpd.apache.org/docs/current/howto/htaccess.html

[♥JcMagpie]

Error in original post as hash had error and would not work if used. This below is the corrected code. Or as @Smoky Barnable says just use a hash generator.

OSCommerce - Reset a lost admin password

To reset the Admin password in newer versions of OSCommerce, you will need to do the following:
 

1. Login to cPanel, and go to Databases -> phpMyAdmin
2. Click on your OSCommerce database on the right
3. On the next screen, click on the Administrators table
4. Edit the record for the username in this table
5. Replace the contents of the password field with this, then click Go: 6cdd7c57450225fac77427f5962bb726

This will reset the password for this user to "40pass". Login to the Admin area of your OSCommerce, and then reset your password to something more secure.

Also is you have Additional Protection With htaccess/htpasswd  then delete that file from admin/ 

[ArtcoInc]

I would just like to remind people that while we are here to assist one another, let's please do so in a safe way. If I walked up to you and said that I lost the keys to my house/car, and asked you to help me break in, would you?

M

[♥JcMagpie]

😂 A bit late to the game no! 😂 Nothing posted here that has not already been discussed many times and a simple google for anyone!

If he has access to the db and phpadmin then the damage is already done, nothing advised here will help anyone get access to a properly secured website.  

[ArtcoInc]

This was a brand new member, his first post, and posted only minutes after joining. And, this member has not been back here since then.

(don't you just love it when people ask a question here and never come back for an answer?)

I saw the post when he first posted it, and considered saying something then, but others answered before I could.

M

[zefeena]

I have just done a new install, and everything seems okay except I cannot log onto the admin.  I have not yet set up htaccess.  I tried the php admin reset password but not with any joy!  Can anyone suggest why its not working?

I live in an internet blackspot - could this be causing a problem - i.e not updated the password. 

If in the likelihood I ever manage to get access by changing my password through these methods how do I change it to a more secure one.  Currently security is not an issue the site is New, nothing to see here! lol 

thank you

[♥JcMagpie]

What if any error's are in your error log? What actualy happens when you go to admin? Post screen grap or pm link.

On a fresh install the main causes are

1) You forgot your admin login/password happens all the time.

2) You have a old redirect in you root which is blocking the admin

3) you have not set up the config file properly

4) you dont have correct access set on admin folder or files

5) Check db to see if admin is in it and has password set ( details given above in thread on how to do that)

6) Oh well install messed up remove all onld files and DB and do clean fresh in stall using new download of software.

No quick fix just have to do it one step at a time.

[Guest]

Hi JcMagpie,

I tried the password reset instructions but, I still cannot login to the admin area.  Please advise.

Thank you,

 

Jeff