Troubleshooting - lost admin password recovery advice- HELP
-
- Power Poster
- Posts: 444
- Joined: Wed Dec 27, 2006 5:15 pm
Troubleshooting - lost admin password recovery advice- HELP
This is probably the wrong Forum but here goes:
I am following the guidance in the above Troubleshooting advice at http://docs.cmsmadesimple.org/troublesh ... d-recovery which states that I should run a query to add an administrator for a hacked site:
The advice states, with my user name & password in ***, that the query should run like this:
<quote>
update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'
</quote>
When I try this I get a MySQL failure message which states:
<quote>
There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem.
ERROR: Unclosed quote @ 185
STR: '
SQL: update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'
SQL query: Documentation
update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'
MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''))) where username = '***'' at line 1
</quote>
I am sorry but I really am not clever enough to translate this. Can someone give me advice please.
Thanks,
Martin
I am following the guidance in the above Troubleshooting advice at http://docs.cmsmadesimple.org/troublesh ... d-recovery which states that I should run a query to add an administrator for a hacked site:
The advice states, with my user name & password in ***, that the query should run like this:
<quote>
update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'
</quote>
When I try this I get a MySQL failure message which states:
<quote>
There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem.
ERROR: Unclosed quote @ 185
STR: '
SQL: update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'
SQL query: Documentation
update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'
MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''))) where username = '***'' at line 1
</quote>
I am sorry but I really am not clever enough to translate this. Can someone give me advice please.
Thanks,
Martin
Re: Troubleshooting - lost admin password recovery advice- H
Query you pasted here seems ok.
Note that it is not used to ADD an user but to set password of an EXISTING user.
Note that it is not used to ADD an user but to set password of an EXISTING user.
Re: Troubleshooting - lost admin password recovery advice- H
It is possible that it is a bug with phpMyAdmin: https://bugzilla.redhat.com/show_bug.cgi?id=725123...
If it is you need to upgrade phpMyAdmin asap.
If it is you need to upgrade phpMyAdmin asap.
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
-
- Power Poster
- Posts: 444
- Joined: Wed Dec 27, 2006 5:15 pm
Re: Troubleshooting - lost admin password recovery advice- H
Thank you Velden. However it is not just the password that has to be created but also a user name. The situation is that the site and/or server were hacked and the 'admin' user was deleted.velden wrote:Query you pasted here seems ok.
Note that it is not used to ADD an user but to set password of an EXISTING user.
Therefore a new 'admin' rights user can't be created because there is no access to the admin part of the system. If you see what I mean!
There is one other user, with 'editor' only rights. I could change her rights in the CMS database to give full 'admin' access if I knew how to do it. I could then, as it were, start again.
How would I go about this please?
Thanks
Martin
-
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
- Location: Fernie British Columbia, Canada
Re: Troubleshooting - lost admin password recovery advice- H
Restore your entire site from a known good backup. If they 'deleted' the admin user account, they probably did other things to corrupt the site.The situation is that the site and/or server were hacked
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
-
- Power Poster
- Posts: 444
- Joined: Wed Dec 27, 2006 5:15 pm
Re: Troubleshooting - lost admin password recovery advice- H
Thanks Calguy
Backups are available of course but I don't know how good they are. Is there NO way I can convert an Editor to full rights or alternatively create a new user with such rights, via the database?
Martin
Backups are available of course but I don't know how good they are. Is there NO way I can convert an Editor to full rights or alternatively create a new user with such rights, via the database?
Martin
- paulbaker
- Dev Team Member
- Posts: 1465
- Joined: Sat Apr 18, 2009 10:09 pm
- Location: Maidenhead, UK
- Contact:
Re: Troubleshooting - lost admin password recovery advice- H
Table cms_user_groups - set group_id to 1 for your one remaining user. Given your situation it's worth a try.burlington wrote:Is there NO way I can convert an Editor to full rights
-
- Power Poster
- Posts: 444
- Joined: Wed Dec 27, 2006 5:15 pm
Re: Troubleshooting - lost admin password recovery advice- H
Thanks Paul,
She is already on 1 but still only has normal editor rights, not admin.
The group ID and the user ID in that table cms_user_groups are both set on 1.
In the table cms_users, she has an ID of 2 but admin_access of 1
Martin
She is already on 1 but still only has normal editor rights, not admin.
The group ID and the user ID in that table cms_user_groups are both set on 1.
In the table cms_users, she has an ID of 2 but admin_access of 1
Martin
- paulbaker
- Dev Team Member
- Posts: 1465
- Joined: Sat Apr 18, 2009 10:09 pm
- Location: Maidenhead, UK
- Contact:
Re: Troubleshooting - lost admin password recovery advice- H
In that case, in table cms_user_groups - set user_id to 2, as she is user 2.burlington wrote:The group ID and the user ID in that table cms_user_groups are both set on 1.
In the table cms_users, she has an ID of 2 but admin_access of 1
-
- Power Poster
- Posts: 444
- Joined: Wed Dec 27, 2006 5:15 pm
Re: Troubleshooting - lost admin password recovery advice- H
At the moment I am getting the MySQL message:
"Current selection does not contain a unique column. Grid edit, checkbox, Edit, Copy and Delete features are not available."
and am now looking for a workaround.
In the meantime I have taken a copy of the DB in case things go wrong!
"Current selection does not contain a unique column. Grid edit, checkbox, Edit, Copy and Delete features are not available."
and am now looking for a workaround.
In the meantime I have taken a copy of the DB in case things go wrong!
- paulbaker
- Dev Team Member
- Posts: 1465
- Joined: Sat Apr 18, 2009 10:09 pm
- Location: Maidenhead, UK
- Contact:
Re: Troubleshooting - lost admin password recovery advice- H
Doesn't say you can't add. Try adding another row with the required numbers.