Page 1 of 1

Unknown administrator password and cannot find via my phpMyAdmin

Posted: Mon Jun 01, 2020 7:06 pm
by Caspar99
So we all have to start somewhere and I do hope you can help me, please.

I have a client with a website built by somebody else (long gone) and thanks to this website (joomla.org) I have worked out that it is Joomla v1.5.15 (by looking at http://www.[thejoomlawebsite].com/language/en-GB/en-GB.xml), but I do not know the Joomla login credentials. I need to get in to upgrade the Joomla and disable any contact forms as he is being bombarded by spam and the Hosting company ensure me that the problem is coming from Joomla.

So I looked at this https://docs.joomla.org/J1.5:How_do_you ... assword%3F and I have access to the Control Panel and phpMyAdmin. I have found a table called jos_k2_users, but there is no password field in that table. The fields in that table are:

id (Primary Key) - int(11)
userID (keyed) - int(11)
userName - varchar(255)
gender - enum('m', 'f')
description - text
image - varchar(255)
url - varchar(255)
group (keyed) - int(11)
plugins - text

So when I try and add a new admin2 user using the code from https://docs.joomla.org/J1.5:How_do_you ... assword%3F (section called "Add a New Super Administrator User") I get:

#1054 - Unknown column 'name' in 'field list'

- this makes sense to me (I am better at SQL than at Joomla), but I honestly don't know where to turn now.

I can see the tables called jos_core_acl_aro & jos_core_acl_groups_aro_map mentioned on https://docs.joomla.org/J1.5:How_do_you ... assword%3F but despite hunting I can find no field called password anywhere. I can also see a user called Administrator in the table called jos_k2_users.

Does this make enough sense for anyone to give me a steer in the right directions, please?

My challenge is how can I find the administrator login credentials from phpMyAdmin? Or create a new super user that will get me in? Or can I use FTP or any other cunning approach?

Many thanks,
Caspar

Re: Unknown administrator password and cannot find via my phpMyAdmin

Posted: Mon Jun 01, 2020 7:20 pm
by sozzled
Caspar99 wrote:
Mon Jun 01, 2020 7:06 pm
I have found a table called jos_k2_users ...
Wrong table!

Caspar99 wrote:
Mon Jun 01, 2020 7:06 pm
I can see the tables called jos_core_acl_aro & jos_core_acl_groups_aro_map
Wrong tables!

Caspar99 wrote:
Mon Jun 01, 2020 7:06 pm
Can I use FTP or any other cunning approach?
No, you can't.

See the discussion viewtopic.php?f=708&t=980310

Re: Unknown administrator password and cannot find via my phpMyAdmin

Posted: Mon Jun 01, 2020 7:37 pm
by Per Yngve Berg
The table to look in is jos_users.

Re: Unknown administrator password and cannot find via my phpMyAdmin

Posted: Mon Jun 01, 2020 7:58 pm
by Caspar99
Thank you for your responses. The link supplied by @sozzled was for Joomla v2.5 and above, but it did include the clue that I needed being such a newbie which is simply that there is a second page of tables and hiding there (from me, anyway) is indeed the table called jos_users.

So the code from the hyperlink I originally used worked in the end, it was just that I had thought that "NOTE: The following code uses jos_ as the table name prefix which is the Joomla default table prefix If you elected to change this prefix when you first installed Joomla, you will need to change jos_ to the prefix you used" meant that someone had changed it to jos_k2_users ! You will doubtless say that this is an obvious newbie error and I must hang my head in shame, but the important thing (for me) is that you have now got me in - hurrah!

Now my Hosting company has said: "It looks like even though you may not be actively employing any web forms for your website, the Joomla functionality is allowing specially crafted POST requests to one of its php files, and this will be something you will need to either disable in the Joomla settings, or perhaps upgrade if there is a recent security patch etc." and then more recently "Please can you login to your Joomla back end and select the option to update your Joomla installation now. The latest stable release version of Joomla should be 3.9.18. Thank you for your prompt cooperation."

So now I have a fresh challenge (please tell me if I should raise a new thread for this) which is how to do either of those. I thought there would be an upgrade button when I got in there, but clearly there is still lots to learn. However I don't need to become a Joomla expert, I just need to stop all this wretched spam.

Your further assistance would be greatly appreciated.

Many thanks,
Caspar

Re: Unknown administrator password and cannot find via my phpMyAdmin

Posted: Mon Jun 01, 2020 8:13 pm
by sozzled
Quick explanation about what "jos_" means: In the old days, in the days before people realised that having all the database tables default to using "jos_" prefixes was a potential security flaw, everyone's tables looked like this:

jos_extensions
jos_menu
jos_users

Eight years ago (before J! 2.5 was released), the default table prefixes were randomised (to make things more difficult for would-be hackers to guess) and they now look like

xxxxx_extensions
xxxxx_menu
xxxxx_users

Everyone's "xxxxx" is different! :)

If you want your database tables to use "jos_", that's your business. I don't use that; everyone I know doesn't use that. If you use it then you use it (and, now, everyone knows that you use it, too). ;)

Caspar99 wrote:
Mon Jun 01, 2020 7:58 pm
I just need to stop all this wretched spam.
What "wretched spam" are you talking about? Are you talking about communications from your webhosting provider to do something? Do you consider that your webhosting provider is communicating with you for the mere pleasure of watching you suffer?

I assume that, now you are able to login to the backend of your website, your original question has been resolved. :)

Re: Unknown administrator password and cannot find via my phpMyAdmin

Posted: Mon Jun 01, 2020 8:30 pm
by Caspar99
Yes you are quite correct that I can now login successfully and therefore my original question is fully answered, thank you.

I see what you mean about table names having randomised prefixes, but I have inherited this mess, not asked for it.

The spam I mean is definitely not from the Hosting company who are trying to help, but don't know enough about Joomla (hence coming here). The spam I mean is emails from Germany and Scandinavia that come in at the rate of 100's per day which say things like: "Top burny busty busty chicks nur auf dieser Seite! Folge dem Link, und es wird dir nicht leid tun..."

Having read https://docs.joomla.org/Joomla_1.5_to_3 ... _Migration I am now feeling severely out of my depth and lack the confidence for this change. In the short term do you perhaps know, please, how/if I can achieve "It looks like even though you may not be actively employing any web forms for your website, the Joomla functionality is allowing specially crafted POST requests to one of its php files, and this will be something you will need to either disable in the Joomla settings" ?

Many thanks for you help,
Caspar

Re: Unknown administrator password and cannot find via my phpMyAdmin

Posted: Mon Jun 01, 2020 9:09 pm
by sozzled
Let's mark this discussion as resolved.

Let's address your other questions separately (as individual topics).

Spam? Yeah ... so what? You're running J! 1.5, right? And you know that support for J! 1.5 expired eight years ago, right? If you feel out of your depth in managing the migration from J! 1.5 to J! 3.x, there are dozens of professionals who can deal with this matter (if you pay them for their services, of course). ;)

What you decide to do next is your business.

Re: Unknown administrator password and cannot find via my phpMyAdmin

Posted: Mon Jun 01, 2020 9:16 pm
by Caspar99
Thank you so much for getting me this far. I hope I have correctly marked your above answer as ticked and solved.

Many thanks,
Caspar