Admin password changed mysteriously

Need help with the Administration of your Joomla! site? Pop your questions in here.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Admin password changed mysteriously

Post by Silver007 » Wed Jul 11, 2007 9:53 am

Hi

I have been working with my Joomla! install locally and quite happily for a couple of weeks. I have the Admin password recorded by Firefox so I don´t even need to change it. However, this morning I try to log in as usual and can´t. I get "Incorrect Username, Password. Please try again".

I read a topic on reseting the passowrd

http://help.joomla.org/component/option ... temid,268/

but don´t understand exactly what to do  :-[

There are 3 "jos_users" files and I don´t know which one to change and it doesn´t seem obvious where to change it.

Can anyone shed any light on how my admin password changed as well???

Thanks in advance
Last edited by Silver007 on Thu Jul 19, 2007 12:36 pm, edited 1 time in total.

User avatar
toubkal
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 18, 2005 4:35 pm
Location: Cheshire, England
Contact:

Re: Admin password changed mysteriously

Post by toubkal » Wed Jul 11, 2007 9:57 am

the easiest way to reset the password if you know the username and email address, is to use the frontend lost password link

Code: Select all

index.php?option=com_registration&task=lostPassword
Do you want the answer to be as vague as your question?

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Wed Jul 11, 2007 10:29 am

Thanks Toubkal

I don´t have the reset password but used the link you provided (thanks) however, it says "Sorry, no corresponding User was found".

Are there any other options?  ??? Any idea how this happened?

Cheers

User avatar
toubkal
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 18, 2005 4:35 pm
Location: Cheshire, England
Contact:

Re: Admin password changed mysteriously

Post by toubkal » Wed Jul 11, 2007 10:43 am

was the user listed in the database in the jos_users table ?

remember you may have changed the username from the default admin to something else

I would not expect it likely that your site was hacked, so it is more likely that you have just overlooked something fundamental

e.g.
mistake with site that you are logging into (if you have more than 1 joomla)
mistake with exact url ( e.g.  http://www.&nbsp; or no www. domain )
you forgot that you did change the username  / password

lets hope it is a simple error ;)
Do you want the answer to be as vague as your question?

User avatar
toubkal
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 18, 2005 4:35 pm
Location: Cheshire, England
Contact:

Re: Admin password changed mysteriously

Post by toubkal » Wed Jul 11, 2007 10:47 am

I have occasionally forgotten a password or the admin username

In this case I go to phpMyAdmin, look at the users table , see the superadministrator and find the username and the email address

I then use the lost password link to resend a password for the superadministrator
Do you want the answer to be as vague as your question?

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Wed Jul 11, 2007 11:09 am

Thanks again,

You know I didn´t change anything this morning. the username and password are already filled out in the log in boxes and I normally just click the log in button. I haven´t changed anything especially not passowrds. My pc had switched off and on but i checked the security log and it was just the automatic updates conflicting with another program I left running.

I have to be honest and say that the phpmyadmin and Mysql in winamp is causing me problemsas I don´t know how to use them. I have looked for guides but nothing so far that can help me get to grips with basic editing. Although I can see tables and options I haven´t been able to edit anything. I can´t see the superadministrator and email for instance.

Sorry to be such a dunce  :-[ again  :-[ ha ha  ;D I won´t kick myself too hard

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Wed Jul 11, 2007 3:04 pm

Well, I managed to get into the jos_user file and changed the password according to instructions but I still can´t login. I have copied the jos_user as below to see if anyone can help me here please  :)  All I get now when I try to log into the admin back end is "You need to login".

Database joomladb
Table structure for table jos_users
Field Type Null Default
id int(11) Yes NULL
name varchar(50) Yes
username varchar(25) Yes
email varchar(100) Yes
password varchar(100) Yes
usertype varchar(25) Yes
block tinyint(4) Yes 0
sendEmail tinyint(4) Yes 0
gid tinyint(3) Yes 1
registerDate datetime Yes 0000-00-00 00:00:00
lastvisitDate datetime Yes 0000-00-00 00:00:00
activation varchar(100) Yes
params text Yes
Dumping data for table jos_users
62 Administrator admin [email protected] 21232f297a57a5a743894a0e4a801fc3 Super Administrator 0 1 25 2007-07-03 17:27:18 2007-07-04 12:39:05 expired= expired_time=

User avatar
toubkal
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 18, 2005 4:35 pm
Location: Cheshire, England
Contact:

Re: Admin password changed mysteriously

Post by toubkal » Wed Jul 11, 2007 3:42 pm

I myself would have assumed:

passwords do not change by themselves

therefore > someone changed it OR something else is wrong

if we assume that you did not change it AND the site is not hacked (is it a local install anyway ?)

Then I would have proceeded along the line of > the user / password are most likely the same as before and something else is wrong

using the lost password link is a nice safe way to send a working password for the admin account

did you browse the database for the username and email ? did this not work ?

You now have a more complicated situation in that you may / may not have changed the admin password by editing the database.

My next steps for troubleshooting a login problem would be

do not rely on the saved password in the browser - enter the username / password manually
try a different browser to try to eliminate caching / cookie /session issues
turn off any firewall temporarily
try a different computer if possible
check the configuration.php to see the exact URL specified in mosconfiglivesite url and ensure that you are using the exact same url with the administrator login
back up the database
look in the database sessions table to see if there are old sessions there and delete them
clear browser cache - exit browser completely - restart pc etc etc
try to login again......

a few things for you to try  ;)
Do you want the answer to be as vague as your question?

platty
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Jul 11, 2007 3:58 pm

Re: Admin password changed mysteriously

Post by platty » Wed Jul 11, 2007 4:09 pm

I have a similar problem with my administrator log on. I have tried on two computers, cleared cache and different browsers Firefox and IE. When trying with IE i got a page briefly coming up with function session start permission denied, cannot send session cache limiter among others (which i have a screen print of) before going back to log on.
I changed a password a few days before, always enter the password each time and have not typed it wrong.
If i enter the old password it comes up with wrong password.
Any ideas

User avatar
toubkal
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 18, 2005 4:35 pm
Location: Cheshire, England
Contact:

Re: Admin password changed mysteriously

Post by toubkal » Wed Jul 11, 2007 4:25 pm

after checking browser / pc based issues, I would then be looking at the sessions issues

as mentioned above, you can look in the sessions table and clear out any old sessions directly from the database - back up before messing with the database!

Also the sessions table is one of the most common for getting currupted in the database and it may well be worth checking the table and if necessary repairing it

Also there may be issues with writing to the sessions directory, which is often

/tmp

depending on server setup

With shared hosting you do not normally have access to check this folder and it may be worth asking your hosting company to check the /tmp folder to ensure it is functioning correctly and you have permission to write to it.
Do you want the answer to be as vague as your question?

User avatar
bobthebob01
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 195
Joined: Fri Oct 07, 2005 1:02 am

Re: Admin password changed mysteriously

Post by bobthebob01 » Wed Jul 11, 2007 5:50 pm

hello guys,

if the problem is a super admin password recovery here is the solution thread that saved my life and probably thousands of other ones:
http://forum.joomla.org/index.php/topic ... l#msg73707

if you have a session problem, here is another post that can help as well:
http://forum.joomla.org/index.php/topic,168190.0.html

i had a session problem a couple of month ago. My site is running on a shared server, therefore i do have full control over everything. I send a ticket to my tech support, and what happen was that they actually changed a setting on a server that effected the session path. they fixed it right away and it was up and running like a charm.

i hope that helps

cheers

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Thu Jul 12, 2007 12:35 pm

Hey

OK, I am at a loss here so far. I have tried all that has been suggested and am greatful for all the advice. However, I do remember that the last thing I was doing the night before the passwords went wierd was playing with the language options in Joomfish.

I am working locally on my pc.
Running Joomla! 1.0.12.
Apache version : Apache/2.2.4 (Win32) :
PHP version : 5.2.3
MySQL version : 5.0.41-community-nt

I had instlled
EZRealty components but only had the property search option selected in components/modules.
Community Builder 1.0.2 but nothing selected in components.
Joomfish 1.7 With the language component switched on !!!

I tried to login with a different browser.
I checked the configuration.php and the url shows me my home page (which looks cool  ;) ) and the same beginning as the admin login.
I don´t know if there is any point sending an email to myself as I am running locally I didn´t think it would be able to send? Not sure if I am correct with that thought.

I found the "session" table but don´t know what to do with it.

Is there a way I can paste or attach my jos_users file so that you or someone can have a look to see it isn´t corrupted?

I have tried some of the links suggested by bobthebob as well and no luck although I haven´t tried all yet.

It has been a great learning curve re Phpmyadmin. But any other advice would be great. I would rather figure this out now before I put my site live and then have to learn how to correct the problem.

Would hosting it for other people to view help people figure out the problem? I could FTP it if it helps?

Cheers

User avatar
bobthebob01
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 195
Joined: Fri Oct 07, 2005 1:02 am

Re: Admin password changed mysteriously

Post by bobthebob01 » Thu Jul 12, 2007 12:55 pm

hi Silver007

i don't having a look to your file but have you try the link to change the super admin password to see if it's solve you problem.
from what you are describing i would try that.

if you want you can zip the all thing with the sql dump file in it and upload it on your server. i'll fetch it, install on my local machine and check if something can be done.
up to you.

regarding sending yourself an email from a local machine, i don't think it can be done, maybe if you use the SMTP setting but not through PHP Mail Function or Sendmail. since you are running locally you would need to change some settings some where. But i could be wrong on this one.

but since you are running locally, why don't use a simple userID/password like admin/admin; and then change it for a good one once live on a hosting server. that simplify the problem.

let me know

bob

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Thu Jul 12, 2007 2:18 pm

Hi Bob

I have changed the Admin Password according to those instructions you gave me a link to and it doesn´t work for me.

When I go into the jos_user file all the words on the right side of the MD5 hashes all  seem jumbled up. Now I dodn´t know if they are supposed to look like that or are supposed to have clear readable words, or passwords, there., my old one for instance that was Username: admin Password: admin?

I have now installed another Joomla! on my pc and the first time I went to login it gave me the same problem! I tried the second time and it worked. I didn´t need to but a password in as Firefox filled it in automatically both times. The second time I logged in successfully.

I then copied my jos_user files one at a time to the Joomla! version I am running with the admin problem and it still doesn´t work. They look the same when I opened them up, but them I didn´t check every line as it hasn´t changed anything anyway.

Cheers
Last edited by Silver007 on Thu Jul 12, 2007 2:47 pm, edited 1 time in total.

User avatar
bobthebob01
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 195
Joined: Fri Oct 07, 2005 1:02 am

Re: Admin password changed mysteriously

Post by bobthebob01 » Thu Jul 12, 2007 3:53 pm

to make sure, you simply delete or "drop" the jos_user table completely.
then make sure you haev the right db selected on the right and click the little icon that says "sql" and show "Query window" when you "mouse over" it.

copy the following in the window and click "GO":
CREATE TABLE `jos_users` (
  `id` int(11) NOT NULL auto_increment,
  `name` varchar(50) NOT NULL default '',
  `username` varchar(25) NOT NULL default '',
  `email` varchar(100) NOT NULL default '',
  `password` varchar(100) NOT NULL default '',
  `usertype` varchar(25) NOT NULL default '',
  `block` tinyint(4) NOT NULL default '0',
  `sendEmail` tinyint(4) default '0',
  `gid` tinyint(3) unsigned NOT NULL default '1',
  `registerDate` datetime NOT NULL default '0000-00-00 00:00:00',
  `lastvisitDate` datetime NOT NULL default '0000-00-00 00:00:00',
  `activation` varchar(100) NOT NULL default '',
  `params` text NOT NULL,
  PRIMARY KEY  (`id`),
  KEY `usertype` (`usertype`),
  KEY `idx_name` (`name`),
  KEY `user_pass_id` (`username`,`password`,`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=63 ;

--
-- Dumping data for table `jos_users`
--

INSERT INTO `jos_users` VALUES (62, 'Administrator', 'admin', '[email protected]', '21232f297a57a5a743894a0e4a801fc3', 'Super Administrator', 0, 1, 25, '2007-05-07 23:09:20', '2007-07-12 19:53:11', '', 'expired=\nexpired_time=');

make sure you have the same charset. mine shows latin1 but you can replace it with the one you use.

now you should have only one super admin user and the password and user ID for now is admin/admin

the only solution left to me, is to just start from scratch if you do not have too much content in it and are in a rush. Some times it's faster to start over than finding a solution when you are not a php/Mysql guru

let me know if it worked for you

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Thu Jul 12, 2007 4:06 pm

Thanks Bobthebob

I did a second install which works fine and transfered the "healthy" jos_users files from my new install to the old install and still nothing, which I guess is the same as copying your info accross.

Cheers Bobthebob, if you have any other ideas i would be greatful to hear them.

User avatar
bobthebob01
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 195
Joined: Fri Oct 07, 2005 1:02 am

Re: Admin password changed mysteriously

Post by bobthebob01 » Thu Jul 12, 2007 4:30 pm

here is one last thing i would try.
in another thread some one pointed at this thread: http://help.joomla.org/component/option ... temid,268/

which is fairly similar to the one i gave you earlier but with one extra step:

Q.: how do I manually add an administrator user

First make a backup of your database! After that you can check the jos_users table for your admin account with Phpmyadmin. If not there, or it is but incorrect, you could remove it and try running this:

INSERT INTO `jos_users` VALUES (62, 'Administrator', 'admin', '[email protected]', '21232f297a57a5a743894a0e4a801fc3', 'Super Administrator', 0, 1, 25, '2005-09-28 00:00:00', '2005-09-28 00:00:00', '', '');
INSERT INTO `jos_core_acl_aro` VALUES (10,'users','62',0,'Administrator',0);
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25,'',10);

it's worth the try as it's very simple and quick to do.

i'll monitor this thread as i am curious to know the solution and especially what created your problem.

unfortunately i have no more trick left in my hat. not that i am a guru but i have been through many problem as well.

experience is the sum of our errors!

good luck.

cheers

User avatar
toubkal
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 18, 2005 4:35 pm
Location: Cheshire, England
Contact:

Re: Admin password changed mysteriously

Post by toubkal » Thu Jul 12, 2007 6:55 pm

Silver007 wrote: I have now installed another Joomla! on my pc and the first time I went to login it gave me the same problem! I tried the second time and it worked. I didn´t need to but a password in as Firefox filled it in automatically both times. The second time I logged in successfully.
This indicates what I mentioned earlier about this not being a password issue

If you now have a fresh install that consistently works, I would next try to use the database from your first site in this new site. This will then indicate if the problem is isolated to the database in the first site or the files in the first site.

You can just temporarily change the database access in the second site's configuration.php to use the first site's database and see if you can login

After that, because on a local install there can be so much that could be wrong with the php / databse / file permissions, I would probably do a fresh install on a hosted web server and then import your local database (keep it separate from the working one) and again try to swap the working install to use your original database.

you may also get the ability to use the email new password on a hosted server and at least you would then know for sure that you had a password that should work.
Do you want the answer to be as vague as your question?

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Thu Jul 12, 2007 8:27 pm

Whew, that was interesting.

Did the database thing and it all went off line again. Strange though, It seems to let me log in the first time and then not the second. Got the same error message. Then I forgot I had the "old" Joomla! admin URL saved as a favourite and panicked coz I couldn´t login again. But it is all ok now.

So, the "old" DB doesn´t seem to work. I don´t know what to do with this now, so if there are any hints or tips just to see what it was that would be great.

It was the Joomfish Installer that I installed or adding Spanish language to EZ Realty that may have caused some problems. If there are any files that anyone would like to see that would help, let me know.

Cheers all

User avatar
toubkal
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 18, 2005 4:35 pm
Location: Cheshire, England
Contact:

Re: Admin password changed mysteriously

Post by toubkal » Thu Jul 12, 2007 8:51 pm

did you try the hosted install + db import that I mentioned above to eliminate any of your local server environment issues?

if you export the whole db, I can test it on a hosted joomla if you like.
Do you want the answer to be as vague as your question?

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Fri Jul 13, 2007 7:44 pm

What I did was change the line-

$mosConfig_db = 'joomla1db';

To point to the old DB. I think that was what you said to do??? It didn´t work when I changed that line but when I changed it back to the new DB works fine again.

Silver007
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 183
Joined: Tue Jul 10, 2007 8:02 pm
Contact:

Re: Admin password changed mysteriously

Post by Silver007 » Sat Jul 14, 2007 7:40 am

Hi

This looks like the source of the problem as far as I can tell.

http://forum.joomla.org/index.php/topic,158185.0.html

Thanks for all your help  :)

rhodz
Joomla! Intern
Joomla! Intern
Posts: 66
Joined: Mon Apr 23, 2007 4:30 am

Re: Admin password changed mysteriously

Post by rhodz » Fri May 30, 2008 2:09 pm

i have also this problem..
i followed your suggestions only to found out that gavick.com was the one replacing the passwords or hijacking my site,..

the story is this.. my friend gave me one of their premium themes.. then i just uploaded the site and put on content on it ..for indexing.. (seo efforts) until i can't log in after a few weeks on not working on it...

i think i have to suffer the consequences of not paying to them their themes.. anyway, a learned lesson..but what they did was very wrong!!!!!

User avatar
bobthebob01
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 195
Joined: Fri Oct 07, 2005 1:02 am

Re: Admin password changed mysteriously

Post by bobthebob01 » Sat May 31, 2008 4:15 am

woa, now that is not right at all.

what you've done is obviously wrong also and you admit it. But hijacking a site is definitely not the right way also.
they should have simply warn you by email.

I'm not sure where they are located and under what law they are falling into but whether you paid or not their theme, they have no right what so ever to hijack your site.

but i'm just wondering how they did that. did they have access to it. do they have a code in their template that gives them access to a site using their theme?


Locked

Return to “Administration - 1.0.x”