CMS Made Simple Forums

This is probably the wrong Forum but here goes:

I am following the guidance in the above Troubleshooting advice at http://docs.cmsmadesimple.org/troublesh ... d-recovery which states that I should run a query to add an administrator for a hacked site:
The advice states, with my user name & password in ***, that the query should run like this:
<quote>
update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'
</quote>

When I try this I get a MySQL failure message which states:

<quote>
There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem.

ERROR: Unclosed quote @ 185
STR: '
SQL: update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'

SQL query: Documentation

update cms_users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM cms_siteprefs WHERE sitepref_name = 'sitemask'),''),'***'))) where username = '***'

MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''))) where username = '***'' at line 1
</quote>

I am sorry but I really am not clever enough to translate this. Can someone give me advice please.

Thanks,

Martin

Query you pasted here seems ok.

Note that it is not used to ADD an user but to set password of an EXISTING user.

It is possible that it is a bug with phpMyAdmin: https://bugzilla.redhat.com/show_bug.cgi?id=725123...
If it is you need to upgrade phpMyAdmin asap.

velden wrote:Query you pasted here seems ok.

Note that it is not used to ADD an user but to set password of an EXISTING user.

Thank you Velden. However it is not just the password that has to be created but also a user name. The situation is that the site and/or server were hacked and the 'admin' user was deleted.

Therefore a new 'admin' rights user can't be created because there is no access to the admin part of the system. If you see what I mean!

There is one other user, with 'editor' only rights. I could change her rights in the CMS database to give full 'admin' access if I knew how to do it. I could then, as it were, start again.

How would I go about this please?

Thanks

Martin

The situation is that the site and/or server were hacked

Restore your entire site from a known good backup. If they 'deleted' the admin user account, they probably did other things to corrupt the site.

Thanks Calguy

Backups are available of course but I don't know how good they are. Is there NO way I can convert an Editor to full rights or alternatively create a new user with such rights, via the database?

Martin

burlington wrote:Is there NO way I can convert an Editor to full rights

Table cms_user_groups - set group_id to 1 for your one remaining user. Given your situation it's worth a try.

Thanks Paul,

She is already on 1 but still only has normal editor rights, not admin.

The group ID and the user ID in that table cms_user_groups are both set on 1.

In the table cms_users, she has an ID of 2 but admin_access of 1

Martin

burlington wrote:The group ID and the user ID in that table cms_user_groups are both set on 1.

In the table cms_users, she has an ID of 2 but admin_access of 1

In that case, in table cms_user_groups - set user_id to 2, as she is user 2.

At the moment I am getting the MySQL message:

"Current selection does not contain a unique column. Grid edit, checkbox, Edit, Copy and Delete features are not available."

and am now looking for a workaround.

In the meantime I have taken a copy of the DB in case things go wrong!

Doesn't say you can't add. Try adding another row with the required numbers.