Jump to content

[SOLVED] Locked Out Of Admin, Backdoor For Admin Password?

claybourg
 Share

Recommended Posts

claybourg Newbie

claybourg

Posted
Posted (edited)

I moved my site to a new host and for some reason it won't send me a new password when I enter my email address. Is there a place in the database I can re-enter my email address and a password? When I go into the employee table, my email address is correct and of course the password is encrypted.

Edited by claybourg (see edit history)
Link to comment
Share on other sites
jberezhnoy Newbie

jberezhnoy

Posted
Posted (edited)

try to register as a customer with password 12345678 or any other. then copy hash of this password from your db, and paste to your admin password hash in the db

probably, it will work

 

 

your new host might have different smtp parameters (if you moved mail your email service also)

Edited by jberezhnoy (see edit history)
Link to comment
Share on other sites
claybourg Newbie

claybourg

Posted
  • Author
Posted
Afaik this only works when the cookie keys and/or maybe Rijndael keys in config/settings.inc.php are the same for both shop installations. Regards, trip

 

That would make sense but they are the same, I just changed the db connection setup in settings.inc.php

Link to comment
Share on other sites
Suthichai Newbie

Suthichai

Posted
Posted

Look for _COOKIE_KEY_ in setting.inc.php, and run this in your db:

 

UPDATE ps_employee SET passwd = md5('CookieKeyNewPassword') WHERE email = '[email protected]'

 

ex.

 

UPDATE ps_employee SET passwd = md5('GH4QGsTjH0hY9IXrntPRhbn4RrSsj9BCBzkgnMJRSB55msSwr1H5IxRoABCD')
WHERE email = '[email protected]'

 

in this case, ABCD is going to be my new password

Link to comment
Share on other sites
toninovak66 Newbie

toninovak66

Posted
Posted (edited)

Hey I had the exact same thing happen to me. I moved a site from a windows hosted server with MySQL version 5.2.28 to a Unix server running CentOS 5.9 with Apache 2.2.23 and MySQL version 5.0.92. I did a fresh install with Prestashop 1.5.3.1 onto the new server and used a new DB I set up that was empty. Once I tested the site to make sure everything was working, then I overwrote my template, img and modules directories from the files on the old server so everything was there. Then I dumped the database and imported it using phpMyAdmin, creating the exact same DB as the old server and granted all privileges to the existing user I had created for the new DB. Then I went into the settings.inc.php file and only changed the DB server and DB name.

 

I was already logged into the prestashop admin when I completed these changes so I was able to access the admin obviously. Once I logged out of the admin for the day I was not able to log back in using the new admin account I had set up (due to changing the DB). I then tried logging in with existing usernames and passwords that work on the old site. However, none of them worked. I also tried using the forgot password link and it said an email was sent but I never received it. After reading the posts above, I tried using Suthichai's solution, but received a syntax error so I must have been using a different version of MySQL. Then I tried jberezhnoy's suggestion, creating a new shop customer for myself. Then I logged into phpMyAdmin and found the new customer in the table, and clicked Edit and copied the encrypted password and pasted it into the password field of the admin user I wanted to log in with.

 

It worked. I was able to log into the admin with the user and password I had setup for the customer. So for anyone else having these issues I hope this works for you and my success saves you some headaches and time setting up your shops.

 

Thank you to everyone who posted suggestions for fixes that enabled me to correct the issue.

Edited by toninovak66 (see edit history)
  • Like 1
Link to comment
Share on other sites
  • 2 weeks later...
loroverde Newbie

loroverde

Posted
Posted

Hey I had the exact same thing happen to me. I moved a site from a windows hosted server with MySQL version 5.2.28 to a Unix server running CentOS 5.9 with Apache 2.2.23 and MySQL version 5.0.92. I did a fresh install with Prestashop 1.5.3.1 onto the new server and used a new DB I set up that was empty. Once I tested the site to make sure everything was working, then I overwrote my template, img and modules directories from the files on the old server so everything was there. Then I dumped the database and imported it using phpMyAdmin, creating the exact same DB as the old server and granted all privileges to the existing user I had created for the new DB. Then I went into the settings.inc.php file and only changed the DB server and DB name.

 

I was already logged into the prestashop admin when I completed these changes so I was able to access the admin obviously. Once I logged out of the admin for the day I was not able to log back in using the new admin account I had set up (due to changing the DB). I then tried logging in with existing usernames and passwords that work on the old site. However, none of them worked. I also tried using the forgot password link and it said an email was sent but I never received it. After reading the posts above, I tried using Suthichai's solution, but received a syntax error so I must have been using a different version of MySQL. Then I tried jberezhnoy's suggestion, creating a new shop customer for myself. Then I logged into phpMyAdmin and found the new customer in the table, and clicked Edit and copied the encrypted password and pasted it into the password field of the admin user I wanted to log in with.

 

It worked. I was able to log into the admin with the user and password I had setup for the customer. So for anyone else having these issues I hope this works for you and my success saves you some headaches and time setting up your shops.

 

Thank you to everyone who posted suggestions for fixes that enabled me to correct the issue.

 

It has also worked for me! Many thanks for your help!!

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...