GetSimple Support Forum

A client asked me to make some changes to his website developed using GS by another developer. 
The client has no idea about any GS login details.
What would be the most reasonable (time and cost effective) way to proceed?

If you have ftp access you can manually change the password in the user xml files.
There is details in the forums and even a user file available

(2017-01-24, 23:14:29)shawn_a Wrote: [ -> ]If you have ftp access you can manually change the password in the user xml files.
There is details in the forums and even a user file available

Thank you, Shawn! I do have ftp access. I'll search the forums for the details.

(2017-01-24, 23:18:37)GGrau Wrote: [ -> ]

(2017-01-24, 23:14:29)shawn_a Wrote: [ -> ]If you have ftp access you can manually change the password in the user xml files.
There is details in the forums and even a user file available

Thank you, Shawn! I do have ftp access. I'll search the forums for the details.

Unfortunately, this didn't work for me. I hashed the password (sha1), entered it between <pwd> and </pwd>, saved the file, ftp transferred it back to where it was (overwriting), but when I tried logging into GS, I got the message: "You have entered an invalid username/password combination. " I checked gsconfig for the salted password option - it is not activated.

See here:
http://get-simple.info/forums/showthread...9#pid14389

(2017-01-25, 00:23:54)Carlos Wrote: [ -> ]See here:
http://get-simple.info/forums/showthread...9#pid14389

Thank you. I tried that, too, but I still get the same message. Is there anything else I could try before giving up?

perhaps you have installed the plugin kt block login
http://get-simple.info/extend/plugin/kt-...login/486/

(2017-01-25, 00:49:42)Oleg06 Wrote: [ -> ]perhaps you have installed the plugin kt block login
http://get-simple.info/extend/plugin/kt-...login/486/

There is no such plugin in the plugins folder. Only the usual stuff: bootstrap, i18n...
But, thank you for the idea.

You commented out the hashes in gsconfig
You changed the password in xml file to sha1 of whatever you want?

Hmm

(2017-01-25, 10:17:24)shawn_a Wrote: [ -> ]You commented out the hashes in gsconfig
You changed the password in xml file to sha1 of whatever you want?

Hmm

Yup (salting already commented out; password changed in xml: first try with my password then hashed with sha1, then this inserted instead of the previous password, and second try with the '1111' solution suggested by Carlos). 

My guess is that the former dev replaced the whole user.xml file so I don't have the right user name. Or unregistered the account, if this is possible. Anyway, I will consider this a closed case. The client is informed and is considering the options. In the meantime, I'll try to figure out how GS works with links between pages, styles, etc. The site is way too big to be recreated, it would take forever, but perhaps something can be done 'through the back door'.
 
I'd like to thank all of you who jumped in with suggestions and offer to help. You've been great!

Is user.xml the name of the user file? Is it stored in data/other, instead of data/users? If so, it's for an old GS version (probably 2.x).

(2017-01-26, 01:44:27)Carlos Wrote: [ -> ]Is user.xml the name of the user file? Is it stored in data/other, instead of data/users? If so, it's for an old GS version (probably 2.x).

No. The user file is located in data/users and it is named blablasomething.xml and inside the file there is <USR>blablasomething</USR> and some other login/user data. I mean, the regular stuff for a user.xml file. 

And data/other folder contains three subfolders (logs, pages_comments, and protected_content) and a number of .xml files, mostly starting with i18n_special_blablabla... Nothing like a user.xml file there.

But, interestingly, after digging around the entire website (server), I found in one of backup folders (I forgot which one), a user file named something-else-more-likely-to-be-the-real-user.xml.bak. Then I got excited, hoping that it would work if I "restore" the file, rename it to delete bak, and place it in the right folder, and change the password according to the "1111" method. But, unfortunately, no. This did not happen. That's why I concluded that the guy planted the fake user.xml, but forgot to delete the previous genuine .bak copy, yet, he probably unregistered later. Or maybe he planted the .bak file, too, on purpose. Who knows what he was thinking. I guess we'll never know. hrug

Upload to data/users the user.xml file that Shawn posted above (github link).
You should be able to login to the admin panel with username "user" and password "1234".
If not, then there may be some plugin blocking access or the GS core could have been modified for this.

(2017-01-26, 09:09:11)Carlos Wrote: [ -> ]Upload to data/users the user.xml file that Shawn posted above (github link).
You should be able to login to the admin panel with username "user" and password "1234".
If not, then there may be some plugin blocking access or the GS core could have been modified for this.

Hey! I've been doing things all wrong! I've been actually trying to login to GS.

Ok,  now I've tried getting to the admin panel (website.com/admin) but I get redirected back to website.com.

Does admin folder exist?
It can be renamed so check gsconfig for alternate names
Also could be a very custom version of gs by someone.

Check htaccess for rewrites that are not standard

(2017-01-26, 10:26:15)shawn_a Wrote: [ -> ]Does admin folder exist?
It can be renamed so check gsconfig for alternate names
Also could be a very custom version of gs by someone.

Check htaccess for rewrites that are not standard

gsconfig
I compared my client's gsconfig.php with a new fresh copy of gsconfig.php and they are identical apart from the last (two) paragraphs, but these are commented (probably my version is newer - the paragraphs are on clickjacking prevention and xml file formatting options).

htaccess 
Bingo! There is a line:
redirect 301 /admin/ website.com

I commented it, but now I have the problem to upload the file through ftp. I get the message (in filezilla)

Command: STOR .htaccess
Response: 553 Can't open that file: Permission denied
Error: Critical file transfer error

Should I try the solution suggested here: 
http://stackoverflow.com/questions/55834...ccess-file
---
I had the same issue recently and what ultimately did the fix was to simply rename the file for the purpose of uploading (for example .htaccess-new), then rename it back to .htaccess on the live server.
Be sure to save a back up of the original file, and make certain the file permissions match the original (or are set to whatever you might need.)
---

Or would you suggest something else?

And yes, the admin folder does exist in the web root (public_html folder).

I tried to upload the new .htaccess under another name, then renamed it back to .htaccess and changed permissions back to 400 (as they were before), but when I tried logging into website.com/admin, I got redirected to website.com again.

Hm... Now this is frustrating, when I feel the solution is right around the corner. But which one?

I'll make a copy of the critical (suspicious) files and folders and will start grepping for anything that may be related to admin.

Am I right to think you could do this?

1. Make a new site with a fresh install of GS and new login
   
2. Copy from the old site /data but not /data/users
   
3. add /theme 
   
4. log in and add plugins as required
   

Would that work?

(2017-01-26, 20:37:36)Timbow Wrote: [ -> ]Am I right to think you could do this?

1. Make a new site with a fresh install of GS and new login
   
2. Copy from the old site /data but not /data/users
   
3. add /theme 
   
4. log in and add plugins as required
   

Would that work?

I'm neither a pro nor experienced, just an enthusiastic and responsible amateur , yet, this seems to be logical and I'm ready to try this. But I'll have to stage this new site on another web server, first. Then, if this is successful, I'll have to repeat this on the right server, but at the right time, and I'll have to announce the downtime. And this is what I have no experience with, so I'll have to google this, read and learn. And test, of course.

But first I would like to try to find the cause of this redirecting by grepping. I have a good feeling about this.

You could do it on the same server in a subfolder, or on a vitual server.

I would also install a new install and move data folder and plugins and themes at this point.

I apologize for not coming back to you sooner, I was on a business trip for a day.
I quit the grepping idea and made a new installation on my wamp server. Then I moved the following folders: admin, backups, data, theme. And everything looked promising: the flavicon and title, the header, the menu, and the first slider photo. But no content, no footer.

Then I first copied all the plugins and the website became unavailable.
Then I restored fresh plugins, and installed all those that were previously installed. And when I activated them (I just clicked on activate button from the bottom up, and the first two on the list could not be activated), and then everything became unavailable.

Once again, I restored fresh plugins, and left the plugins issue for later, and switched to solving the missing content on the front page - obviously the links issue.
So now I started replacing found index.xml in www/data/pages and replaced http://www.website.com with localhost. And now I have the menu as a list, and slider photos one after another. So now I would proceed in this manner.

But, is there an easy way for find/replace?
Now I do this manually: I first grep with Windows Grep, then I go file by file and do the replacing in Notepad++.

With Notepad++ you can search/replace in multiple files in a folder (but backup first, just in case)

Also Sublime Text 3 has that.