Troubleshooting - lost admin password recovery advice- HELP

The place to talk about things that are related to CMS Made simple, but don't fit anywhere else.
Post Reply
burlington
Power Poster
Power Poster
Posts: 444
Joined: Wed Dec 27, 2006 5:15 pm

Troubleshooting - lost admin password recovery advice- HELP

Post by burlington »

This is probably the wrong Forum but here goes:

I am following the guidance in the above Troubleshooting advice at http://docs.cmsmadesimple.org/troublesh ... d-recovery which states that I should run a query to add an administrator for a hacked site:
The advice states, with my user name & password in ***, that the query should run like this:
<quote>
update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'
</quote>

When I try this I get a MySQL failure message which states:

<quote>
There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem.

ERROR: Unclosed quote @ 185
STR: '
SQL: update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'

SQL query: Documentation

update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'

MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''))) where username = '***'' at line 1
</quote>

I am sorry but I really am not clever enough to translate this. Can someone give me advice please.

Thanks,

Martin
User avatar
velden
Dev Team Member
Dev Team Member
Posts: 3483
Joined: Mon Nov 28, 2011 9:29 am
Location: The Netherlands

Re: Troubleshooting - lost admin password recovery advice- H

Post by velden »

Query you pasted here seems ok.

Note that it is not used to ADD an user but to set password of an EXISTING user.
User avatar
Jo Morg
Dev Team Member
Dev Team Member
Posts: 1921
Joined: Mon Jan 29, 2007 4:47 pm

Re: Troubleshooting - lost admin password recovery advice- H

Post by Jo Morg »

It is possible that it is a bug with phpMyAdmin: https://bugzilla.redhat.com/show_bug.cgi?id=725123...
If it is you need to upgrade phpMyAdmin asap.
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
burlington
Power Poster
Power Poster
Posts: 444
Joined: Wed Dec 27, 2006 5:15 pm

Re: Troubleshooting - lost admin password recovery advice- H

Post by burlington »

velden wrote:Query you pasted here seems ok.

Note that it is not used to ADD an user but to set password of an EXISTING user.
Thank you Velden. However it is not just the password that has to be created but also a user name. The situation is that the site and/or server were hacked and the 'admin' user was deleted.

Therefore a new 'admin' rights user can't be created because there is no access to the admin part of the system. If you see what I mean!

There is one other user, with 'editor' only rights. I could change her rights in the CMS database to give full 'admin' access if I knew how to do it. I could then, as it were, start again.

How would I go about this please?

Thanks

Martin
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm
Location: Fernie British Columbia, Canada

Re: Troubleshooting - lost admin password recovery advice- H

Post by calguy1000 »

The situation is that the site and/or server were hacked
Restore your entire site from a known good backup. If they 'deleted' the admin user account, they probably did other things to corrupt the site.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
burlington
Power Poster
Power Poster
Posts: 444
Joined: Wed Dec 27, 2006 5:15 pm

Re: Troubleshooting - lost admin password recovery advice- H

Post by burlington »

Thanks Calguy

Backups are available of course but I don't know how good they are. Is there NO way I can convert an Editor to full rights or alternatively create a new user with such rights, via the database?

Martin
User avatar
paulbaker
Dev Team Member
Dev Team Member
Posts: 1465
Joined: Sat Apr 18, 2009 10:09 pm
Location: Maidenhead, UK
Contact:

Re: Troubleshooting - lost admin password recovery advice- H

Post by paulbaker »

burlington wrote:Is there NO way I can convert an Editor to full rights
Table cms_user_groups - set group_id to 1 for your one remaining user. Given your situation it's worth a try.
burlington
Power Poster
Power Poster
Posts: 444
Joined: Wed Dec 27, 2006 5:15 pm

Re: Troubleshooting - lost admin password recovery advice- H

Post by burlington »

Thanks Paul,

She is already on 1 but still only has normal editor rights, not admin.

The group ID and the user ID in that table cms_user_groups are both set on 1.

In the table cms_users, she has an ID of 2 but admin_access of 1

Martin
User avatar
paulbaker
Dev Team Member
Dev Team Member
Posts: 1465
Joined: Sat Apr 18, 2009 10:09 pm
Location: Maidenhead, UK
Contact:

Re: Troubleshooting - lost admin password recovery advice- H

Post by paulbaker »

burlington wrote:The group ID and the user ID in that table cms_user_groups are both set on 1.

In the table cms_users, she has an ID of 2 but admin_access of 1
In that case, in table cms_user_groups - set user_id to 2, as she is user 2.
burlington
Power Poster
Power Poster
Posts: 444
Joined: Wed Dec 27, 2006 5:15 pm

Re: Troubleshooting - lost admin password recovery advice- H

Post by burlington »

At the moment I am getting the MySQL message:

"Current selection does not contain a unique column. Grid edit, checkbox, Edit, Copy and Delete features are not available."

and am now looking for a workaround.

In the meantime I have taken a copy of the DB in case things go wrong!
User avatar
paulbaker
Dev Team Member
Dev Team Member
Posts: 1465
Joined: Sat Apr 18, 2009 10:09 pm
Location: Maidenhead, UK
Contact:

Re: Troubleshooting - lost admin password recovery advice- H

Post by paulbaker »

Doesn't say you can't add. Try adding another row with the required numbers.
Post Reply

Return to “The Lounge”