Accessing admin Account in Joomla - joomla

Is there any way I can access the admin account of a website built in Joomla,if I dont have the password for the admin account.I do have all the privileges on the server. Please let me know your suggestions and opinions.

The password is stored in the MySQL database jos_users table password field. (change this for your table prefix if different)
Use a MySQL utility such as phpMyAdmin or MySQL Query Browser to edit this field.
Open the table, find your admin username, and then select that row for editing.
The password must be hashed (MD5), you cannot simply enter text into this field.
Set the password to a known value eg:
- admin = 21232f297a57a5a743894a0e4a801fc3
Source: http://forum.joomla.org/viewtopic.php?t=10985

The admin password you can find it in {DB_PREFIX}_users, the password is hashed (MD5) ...
Well it's a little more complicated than that, the hash is formed like {hashedpassword}:{hashedsalt}, the hashedpassword is formed by md5(password.hashedsalt) ...
so you can make a little script to echo a new password ...
<?php
$psw = 'hashedpassword:hashedsalt'; // you copy the entry from the db here
$newpassword = 'newpassword'; // your new password
list($hashedpassword, $hashedsalt) = explode(":", $psw);
$newpsw = md5($newpassword.$hashedsalt);
$output = $newpsw.":".$hashedsalt;
echo $output; // this is what you put in the db
?>

Related

creating new user for joomla in phpmyadmin

I want to create a new user for joomla as Admin in phpmyadmin . How can I create it and grant all privileges to it?
Thanks in advance
You can adjust the values in phpmyadmin with the following query. Please adjust table prefix from jos_ to whatever yours is.
INSERT INTO `jos_users`
(`name`, `username`, `password`, `params`, `registerDate`, `lastvisitDate`, `lastResetTime`)
VALUES ('Administrator2', 'admin2',
'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '', NOW(), NOW(), NOW());
INSERT INTO `jos_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8'); <br/>
At this point, you should be able to log into the back end of Joomla! with the username of "admin2" and password of "secret". After logging in, go to the User Manager and change the password to a new secure value and add a valid e-mail address to the account. https://docs.joomla.org/How_do_you_recover_or_reset_your_admin_password
INSERT INTO `yourprefix_users` (`name`, `username`, `password`, `params`)
yourprefix - In configuration.php in Joomla root folder, you can find prefix for your database. In this case it will be public $dbprefix = 'explain_';
VALUES ('Administrator2', 'admin2', 'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '');
Administrator2 - This is name for your new user account.
admin2 - This is nickname / login name for new user.
d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199 -
This is MD5 hash password. Password is: secret
INSERT INTO `yourprefix_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');
Make sure you match your db table prefix!
Here is some hash password if you want to change
- password = "this is the MD5 and salted hashed password"
------------------------------------------------------
- admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
- secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
- OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm
Warning: The password values shown on this page are public knowledge
and are only for recovery. Your site may be hacked if you do not
change the password to a secure value after logging in. Be sure you
change the password to a secure value after logging in.
Full code for explain is here:
INSERT INTO `yourprefix_users`
(`name`, `username`, `password`, `params`)
VALUES ('Administrator2', 'admin2',
'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '');
INSERT INTO `yourprefix_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');

Clear User password using Sentry in Laravel 4

I'm trying to clear a user's password, so the old password becomes useless and the User must choose a new one, but if I try to set a null or empty password I obtain:
Cartalyst \ Sentry \ Users \ PasswordRequiredException
A password is required for user [mickeymouse], none given.
This is my code, any idea? Thanks
// clearing the user's password
$user->password = null;
$user->save ();
$code = $user->getPasswordResetCode ();
// ...send code by email
You might be able to alter the database and allow it to be nullable() - but I dont think that is a good idea. Pretty much every single password related function is going to assume there is something in the database to compare to.
So rather than try for something complicated - just changed their password to something random - and you have achieved the same outcome:
$user->password = str_random(60);
$user->save ();
Now their password is useless :)

Adding a 'fake' field to grocerycrud add/edit form

On my users table I have a 128 char 'hashed_password' field. In my User_model I have functions to encrypt and decrypt the password. When encrypting I randomly generate a salt and it gets stored in the first 64 chars of hashed_password field. The hashed pw result gets stored in the last 64 chars. When decrypting I do the reverse.
As I guess is almost universal, there is never a plaintext password to display.
So, when my users (through grocery_CRUD) are adding/editing a user I thought it was possible to include fake fields: "password" and "passconf" to the add & edit forms with the following:
$crud->fields('username', ... <other fields> ... 'password', 'passconf');
Just to be crystal clear - the "password" and "passconf" fields DO NOT exist on my users table. I just want my users to input the new password there then deal with it in my own way.
But it doesn't work. By that I mean the add/edit form renders with the two fake fields correctly (validation below works correctly) but if I try to update any other user information then 'Update Changes', that action fails with "Loading" graphic spinning briefly but not updating the database.
I have tried replicating this on a VERY simply grocery_CRUD form with no other complexity and get the same behaviour: the form renders correctly but will not update the db.
Is it even possible to use fake fields? Am I missing something?
Is grocery_CRUD trying to do something with these fields behind the scenes that is causing the db update to fail?
I had then hoped to do the following:
$crud->set_rules('password', 'Password', 'callback_valid_password');
$crud->set_rules('passconf', 'Password Confirmation', 'matches[password]');
$crud->callback_before_insert(array($this,'encrypt_password_callback'));
$crud->callback_before_update(array($this,'encrypt_password_callback'));
function encrypt_password_callback($post_array, $primary_key = null){
if ($post_array['password'] <> '') {
$this->User_model->set_password($post_array['username'], $post_array['password']);
}
}
function valid_password($str) {
//do some pw validation
return TRUE;
}
I have solved this problem using insert and update callbacks then encrypting the password then unset(ing) the offending 'password' & 'passconf' fields before the insert or update db call.

Codeigniter tank auth check user entered password

I'm using Tank Auth for my website.
I've searched for a function that would check if user has entered a valid password, when he tries to update his profile.
I don't understand how to hash password from user input that would match one in database.
Here's my controllers code:
$password = $this->input->post('password');
$hasher = new PasswordHash(
$this->config->item('phpass_hash_strength', 'tank_auth'),
$this->config->item('phpass_hash_portable', 'tank_auth')
);
$hashed_password = $hasher->HashPassword($password);
$hashed_password gives me different hash each time
I dont think that i should enable phpass_hash_portable
Any advices?
You need to use the CheckPassword module of the Tank Auth instead of hashing it by using the PasswordHash of the phpass.
You can check your password by using this function:
$hasher->CheckPassword(password which has to be checked,password from database).
instead of encrypting yourself.
Note: password which has to be checked => is raw data
password from database => password from database.

Facebook API - fql_query, Invalid session

I'm trying to query Facebook with the PHP Library and what I've read it shouldn't required a session key, or rather it shouldn't require one for my case, but my code below gives me the following error: "Session key invalid or no longer valid".
http://wiki.developers.facebook.com/index.php/Fql.query
"For example, querying the user table is like calling users.getInfo without a session key -- you can query only on a few fields."
$fb = new Facebook(FACEBOOK_KEY, FACEBOOK_SECRET);
$query = "SELECT uid,
name,
sex,
pic_square,
profile_url
FROM user WHERE name = 'some name' OR username = 'some name'";
$result = $fb->api_client->fql_query($query);
Any ideas?
/Thanks
I think that policy has changed and you cannot query user table without session.
You can try to query standard_user_info table. Think it doesn't need session.

Resources