I forgot my password. I tried multiple times to use the Reset Password function but I never got an e-mail to do so. Because of these problems, I'd like to know if there is a way to manually alter my administrator account's password.
I'd also like to know if there is a way for me to integrate forums as a page in this CMS for my website. I have already installed the forum software onto my website. I am pretty sure that I can do so by making an iFrame component and create a new page template using the component, but I am unsure exactly what I should do to achieve that.
Thanks in advance.
TreadLight Wrote:I forgot my password. I tried multiple times to use the Reset Password function but I never got an e-mail to do so. Because of these problems, I'd like to know if there is a way to manually alter my administrator account's password.
In
/data/other/user.xml you will find your password hash, just overwrite it with a new one. The hash uses SHA1 encryption, so
convert the password you want to use into a hash first.
TreadLight Wrote:I am pretty sure that I can do so by making an iFrame component and create a new page template using the component, but I am unsure exactly what I should do to achieve that.
You could copy the
template.php file of your theme. Edit this copy to contain the IFRAME where ever you want it. Now create a new page called “Forum†(or anything else) through the GetSimple admin panel and choose this new PHP-file as the template.
Hello
This thread may look quite old, but the problem is still actual. At least for me.
I've been trying to find a method of alternate login.
Additional line in user.xml file (with other login, encrypted pass and mail) doesn't work.
Neither temporarily replacing sha1 hash with newly generated one.
I wonder why putting manually generated sha1 hash doesn't want to work.
I've used dozen sh1 online generators. May it be caused by character encoding on websites with sh1 generators ?
user.xml has ansi encoding.
I'm asking, because when I give access to a friend of mine, whose I'm creating a website, I know I'll need to access it at a later time, to make some improvements or changes.
Since (5 hours ago) I started to like getsimple cms, I feel I'm going to use it further.
But I cannot ask in future website owners for login&pass.
Replacing temporary hash would be the easiest method, since there's no user management in getitsimple.
But if getitsimple had the possibility to store multiple users added manually in user.xml, it would be great.
GetSimple might be using a a salt value. This means that the SHA1 hash is not a hash of the password but of a string consisting of password and salt. You can swap the SHA1 values in the file, but for it to work you will need to include the salt string in your replacement hash.
Zegnåt Wrote:GetSimple might be using a a salt value. This means that the SHA1 hash is not a hash of the password but of a string consisting of password and salt. You can swap the SHA1 values in the file, but for it to work you will need to include the salt string in your replacement hash.
Ahhh it might be the solution.
So, how exactly should I create the <PWD></PWD> hash ?
Because combining salt string and new password (creating hash from both or only one value) doesn't want to log me in.
It was late when I was posting the question. Now I thought I'd just have my own user.xml file, and replace it when needed. I forgot that I turned on salt feature, so I suppose replacing the file would work on other getsimple instances with different salt strings :\
btw. there's an <apikey> value in authorization.xml
May I ask what is the meaning of this value ?
edit: I'll have to try turning off temporary salt option in config file to use only password hash.
edit2: yeah, above method is working, but I still wonder how to change the string w/o turning off login salt feature
Looks like newer versions change user.xml location to users folder...
just fyi in case you were looking and couldn't find it.
I just had a same problem - maybe I did some messing with the salt yesterday, and today my login fails and my "forgot password" form didn't send any email (I will check this later).
My server permissions also do not let you do anything in the users folder (I tried even the web-ftp interface, but without success). I think this is generally correct, however, when you need to hack the user files, it's a bit of a problem.
So my solution was to
hack the reset password script so it doesn't send email, but just prints the email text to the screen:
in admin/resetpassword.php
add these lines:
Code:
print_r($message);
die();
right before this (in my version it is line 66)
Code:
$status = sendmail($EMAIL,$subject,$message);
Go to admin login page, follow the "forgot password" link, enter your user name and after pressing the send button, you will get the email text. Now you can login with the new password.
It's a dirty routine, but maybe it's even easier then creating the new hash.. Also probably the only way if your server doesn't let you mess with the users files..
**don't forget to turn the changes in resetpassword.php back afterwards
You should always have access to your files, sounds like a host issue.
Is your gsconfig email set to one that is allowed to send emails on your host?