Posts: 12
Threads: 1
Joined: Jan 2017
A client asked me to make some changes to his website developed using GS by another developer.
The client has no idea about any GS login details.
What would be the most reasonable (time and cost effective) way to proceed?
Posts: 6,266
Threads: 181
Joined: Sep 2011
If you have ftp access you can manually change the password in the user xml files.
There is details in the forums and even a user file available
Posts: 12
Threads: 1
Joined: Jan 2017
(2017-01-24, 23:14:29)shawn_a Wrote: If you have ftp access you can manually change the password in the user xml files.
There is details in the forums and even a user file available
Thank you, Shawn! I do have ftp access. I'll search the forums for the details.
Posts: 12
Threads: 1
Joined: Jan 2017
2017-01-25, 00:09:13
(This post was last modified: 2017-01-25, 00:09:35 by GGrau.)
(2017-01-24, 23:18:37)GGrau Wrote: (2017-01-24, 23:14:29)shawn_a Wrote: If you have ftp access you can manually change the password in the user xml files.
There is details in the forums and even a user file available
Thank you, Shawn! I do have ftp access. I'll search the forums for the details.
Unfortunately, this didn't work for me. I hashed the password (sha1), entered it between <pwd> and </pwd>, saved the file, ftp transferred it back to where it was (overwriting), but when I tried logging into GS, I got the message: " You have entered an invalid username/password combination. " I checked gsconfig for the salted password option - it is not activated.
Posts: 3,491
Threads: 106
Joined: Mar 2010
Posts: 12
Threads: 1
Joined: Jan 2017
(2017-01-25, 00:23:54)Carlos Wrote: See here:
http://get-simple.info/forums/showthread...9#pid14389
Thank you. I tried that, too, but I still get the same message. Is there anything else I could try before giving up?
Posts: 1,922
Threads: 87
Joined: Apr 2010
2017-01-25, 00:49:42
(This post was last modified: 2017-01-25, 00:51:14 by Oleg06.)
perhaps you have installed the plugin kt block login
http://get-simple.info/extend/plugin/kt-...login/486/
Posts: 12
Threads: 1
Joined: Jan 2017
(2017-01-25, 00:49:42)Oleg06 Wrote: perhaps you have installed the plugin kt block login
http://get-simple.info/extend/plugin/kt-...login/486/
There is no such plugin in the plugins folder. Only the usual stuff: bootstrap, i18n...
But, thank you for the idea.
Posts: 6,266
Threads: 181
Joined: Sep 2011
You commented out the hashes in gsconfig
You changed the password in xml file to sha1 of whatever you want?
Hmm
Posts: 12
Threads: 1
Joined: Jan 2017
2017-01-25, 17:53:50
(This post was last modified: 2017-01-25, 18:16:54 by GGrau.)
(2017-01-25, 10:17:24)shawn_a Wrote: You commented out the hashes in gsconfig
You changed the password in xml file to sha1 of whatever you want?
Hmm
Yup (salting already commented out; password changed in xml: first try with my password then hashed with sha1, then this inserted instead of the previous password, and second try with the '1111' solution suggested by Carlos).
My guess is that the former dev replaced the whole user.xml file so I don't have the right user name. Or unregistered the account, if this is possible. Anyway, I will consider this a closed case. The client is informed and is considering the options. In the meantime, I'll try to figure out how GS works with links between pages, styles, etc. The site is way too big to be recreated, it would take forever, but perhaps something can be done 'through the back door'.
I'd like to thank all of you who jumped in with suggestions and offer to help. You've been great!
Posts: 6,266
Threads: 181
Joined: Sep 2011
Posts: 3,491
Threads: 106
Joined: Mar 2010
Is user.xml the name of the user file? Is it stored in data/other, instead of data/users? If so, it's for an old GS version (probably 2.x).
Posts: 12
Threads: 1
Joined: Jan 2017
(2017-01-26, 01:44:27)Carlos Wrote: Is user.xml the name of the user file? Is it stored in data/other, instead of data/users? If so, it's for an old GS version (probably 2.x).
No. The user file is located in data/users and it is named blablasomething.xml and inside the file there is <USR>blablasomething</USR> and some other login/user data. I mean, the regular stuff for a user.xml file.
And data/other folder contains three subfolders (logs, pages_comments, and protected_content) and a number of .xml files, mostly starting with i18n_special_blablabla... Nothing like a user.xml file there.
But, interestingly, after digging around the entire website (server), I found in one of backup folders (I forgot which one), a user file named something-else-more-likely-to-be-the-real-user.xml.bak. Then I got excited, hoping that it would work if I "restore" the file, rename it to delete bak, and place it in the right folder, and change the password according to the "1111" method. But, unfortunately, no. This did not happen. That's why I concluded that the guy planted the fake user.xml, but forgot to delete the previous genuine .bak copy, yet, he probably unregistered later. Or maybe he planted the .bak file, too, on purpose. Who knows what he was thinking. I guess we'll never know. hrug
Posts: 3,491
Threads: 106
Joined: Mar 2010
Upload to data/users the user.xml file that Shawn posted above (github link).
You should be able to login to the admin panel with username "user" and password "1234".
If not, then there may be some plugin blocking access or the GS core could have been modified for this.
Posts: 12
Threads: 1
Joined: Jan 2017
(2017-01-26, 09:09:11)Carlos Wrote: Upload to data/users the user.xml file that Shawn posted above (github link).
You should be able to login to the admin panel with username "user" and password "1234".
If not, then there may be some plugin blocking access or the GS core could have been modified for this.
Hey! I've been doing things all wrong! I've been actually trying to login to GS.
Ok, now I've tried getting to the admin panel (website.com/admin) but I get redirected back to website.com.
Posts: 6,266
Threads: 181
Joined: Sep 2011
Does admin folder exist?
It can be renamed so check gsconfig for alternate names
Also could be a very custom version of gs by someone.
Check htaccess for rewrites that are not standard
Posts: 12
Threads: 1
Joined: Jan 2017
2017-01-26, 17:45:14
(This post was last modified: 2017-01-26, 18:21:57 by GGrau.)
(2017-01-26, 10:26:15)shawn_a Wrote: Does admin folder exist?
It can be renamed so check gsconfig for alternate names
Also could be a very custom version of gs by someone.
Check htaccess for rewrites that are not standard
gsconfig
I compared my client's gsconfig.php with a new fresh copy of gsconfig.php and they are identical apart from the last (two) paragraphs, but these are commented (probably my version is newer - the paragraphs are on clickjacking prevention and xml file formatting options).
htaccess
Bingo! There is a line:
redirect 301 /admin/ website.com
I commented it, but now I have the problem to upload the file through ftp. I get the message (in filezilla)
Command: STOR .htaccess
Response: 553 Can't open that file: Permission denied
Error: Critical file transfer error
Should I try the solution suggested here:
http://stackoverflow.com/questions/55834...ccess-file
---
I had the same issue recently and what ultimately did the fix was to simply rename the file for the purpose of uploading (for example .htaccess-new), then rename it back to .htaccess on the live server.
Be sure to save a back up of the original file, and make certain the file permissions match the original (or are set to whatever you might need.)
---
Or would you suggest something else?
And yes, the admin folder does exist in the web root (public_html folder).
Posts: 12
Threads: 1
Joined: Jan 2017
2017-01-26, 20:22:22
(This post was last modified: 2017-01-26, 20:34:06 by GGrau.)
I tried to upload the new .htaccess under another name, then renamed it back to .htaccess and changed permissions back to 400 (as they were before), but when I tried logging into website.com/admin, I got redirected to website.com again.
Hm... Now this is frustrating, when I feel the solution is right around the corner. But which one?
I'll make a copy of the critical (suspicious) files and folders and will start grepping for anything that may be related to admin.
Posts: 1,127
Threads: 136
Joined: Feb 2012
Am I right to think you could do this?
- Make a new site with a fresh install of GS and new login
- Copy from the old site /data but not /data/users
- add /theme
- log in and add plugins as required
Would that work?
Posts: 12
Threads: 1
Joined: Jan 2017
(2017-01-26, 20:37:36)Timbow Wrote: Am I right to think you could do this?
- Make a new site with a fresh install of GS and new login
- Copy from the old site /data but not /data/users
- add /theme
- log in and add plugins as required
Would that work?
I'm neither a pro nor experienced, just an enthusiastic and responsible amateur , yet, this seems to be logical and I'm ready to try this. But I'll have to stage this new site on another web server, first. Then, if this is successful, I'll have to repeat this on the right server, but at the right time, and I'll have to announce the downtime. And this is what I have no experience with, so I'll have to google this, read and learn. And test, of course.
But first I would like to try to find the cause of this redirecting by grepping. I have a good feeling about this.
Posts: 1,247
Threads: 82
Joined: Feb 2011
You could do it on the same server in a subfolder, or on a vitual server.
Posts: 6,266
Threads: 181
Joined: Sep 2011
I would also install a new install and move data folder and plugins and themes at this point.
Posts: 12
Threads: 1
Joined: Jan 2017
I apologize for not coming back to you sooner, I was on a business trip for a day.
I quit the grepping idea and made a new installation on my wamp server. Then I moved the following folders: admin, backups, data, theme. And everything looked promising: the flavicon and title, the header, the menu, and the first slider photo. But no content, no footer.
Then I first copied all the plugins and the website became unavailable.
Then I restored fresh plugins, and installed all those that were previously installed. And when I activated them (I just clicked on activate button from the bottom up, and the first two on the list could not be activated), and then everything became unavailable.
Once again, I restored fresh plugins, and left the plugins issue for later, and switched to solving the missing content on the front page - obviously the links issue.
So now I started replacing found index.xml in www/data/pages and replaced http://www.website.com with localhost. And now I have the menu as a list, and slider photos one after another. So now I would proceed in this manner.
But, is there an easy way for find/replace?
Now I do this manually: I first grep with Windows Grep, then I go file by file and do the replacing in Notepad++.
Posts: 3,491
Threads: 106
Joined: Mar 2010
With Notepad++ you can search/replace in multiple files in a folder (but backup first, just in case)
Posts: 100
Threads: 26
Joined: Dec 2012
Also Sublime Text 3 has that.
Glowczynski.pl - webmaster, graphic designer, translator.
For any job offers contact me via artur@glowczynski.pl.
|