In a self-hosted C1-CMS (formerly Composite C1), how can I reset or recover the password? Can the password be viewed or reset somewhere on the server?
(Composite C1 4.3, Build 4.3.5555.25838)
If you are using the default XML data store, the users and encrypted passwords are stored in: /App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
If you have another user with a password you know, you can replace the encrypted password string on the account you are trying to access, with the encrypted password from the account you know. Then login and change the password.
I received this answer from the official Orckestra support team (very helpful, although I am not a paying customer, thumbs up!):
You cannot recover the password, but if you have access to the files (or SQL Database, if you migrated data to SQL) you can reset the password:
This should work for sites running on XML data store (default):
Edit the file ~/App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
Locate the xml element for the user you want to reset the password for
Change the following two attributes to the shown values:
EncryptedPassword="hsfIeqkVA5yoMIwzYIx4fWny5GjwNwiM3wA5K+9qCug="
PasswordHashSalt="/zgEhlwBe6Vl0HHqMFPxafrtwqlRIGVS"
Save the file.
If your site is on SQL, locate the table Composite_Data_Types_IUser_Published and put the above shown values into the corresponding columns (EncryptedPassword and PasswordHashSalt).
You should now be able to log in using the password "123456" for the user you changed above. Once in the CMS Console, you can set a new password using the top Tools menu (top right user menu n V5 and later).
I recently had a scenario where neither of the suggested methods would work for me. I was able to remedy this by creating a c1 instance locally, creating a user with the same username and the desired password, and then overwriting the password salt and hash from the local site to the one you're locked out of.
Related
I should note, this user had existed in the past, left, and then came back to be reactivated.
I inherited this Redmine system in the interim, so I don't know all of tis details (read: quirks)
===
When attempting to create the user name.last#student.email.edu, Redmine fails the user add saying The email is already in use.
However a search of Redmine users shows no such user, and can find no such email.
When searching in Redmine for both MY username and my email - both come up, so I think I'm doing the search correctly.
Redmine users are validated against an Samba Active Directory domain (not locally).
The user account seems to be fine in Samba Active Directory.
One user can have multiple e-mail addresses, best way to resolve that situation is to either seek for that user via ruby console or with some SQL database query tool.
Console approach:
To activate ruby console, just on your Redmine server, navigate via terminal or cmd on windows to Redmine install folder and type rails console, you might need to add RAILS_ENV=production if required.
EmailAddress.find_by(address: "my#address.com")
Replace my#address.com with address you are looking for, or
That would return result like:
#<EmailAddress id: 3, user_id: 1, address: "my#address.com"...
Than in following query, you can get exact user id, by using user_id from previous query:
User.find_by(id:id_from_previous_query)
Just replace id_from_previous_query, with proper id, retruned in previous query.
Database approach:
E-mail addresses are located in email_addresses database table.
Below is sql code that you can run if you installed Redmine with MySql/MariaDb,
just replace %search% with email or part of email that you are searching for
select login,firstname,lastname,address from users left join email_addresses on users.id=email_addresses.user_id where email_addresses.address like '%search%'
I have also created feature proposal, based upon your inquiry here: https://www.redmine.org/issues/31043
I am developing a desktop application. Multiple users shall be using it to insert, delete and select data from database. As users shall be using it so they would not have to login to database.
I know how to use JDBC (for Java Applications), I need suggestions that I don't want to hard code the credentials of database like host address, username, password ... etc. So if change of credential is needed I can change it without changing the code. Also, I cannot just put database credentials in a text file and read every time when the application need to interact with database.
You can create a ApplicationConstants file which will store the host address, username and password.
If you need to change it you'll have to change it only in one location.
But this will require you to compile the code everytime you make changes.
The alternative is to encrypt the values and store the encrypted values in a text file.
You can use the javax.crypto for encryption/decryption. You can find an example on the following link :
Simple java AES encrypt/decrypt example
I have a CI project and want to migrate its database to the Laravel's one.
The only problem is that they have different ways of hashing user passwords and so I cannot find a way to move them from one database to another.
I have already googled for the answer but nobody I found speaks about migrating passwords.
Thanks in advance.
I have no experience with CodeIgniter and don't know how it does password hashing, but here's how I would approach the problem.
To make something clear: You can only "convert" the password to a Laravel hash if you have the actual password (in plain text). As you don't store the plain password you only have it at the moment the user logs in our enters the password somewhere.
Therefore you have to realize that this migration isn't done in a few hours. It will take some time for all your users to enter their passwords.
So what I'm getting at is you should add a field to your users table for the CodeIgniter password. Let's call it ci_password. (Or probably you just have to rename the old password column to this and create a new one for the Laravel password).
Now every time a user logs in, you first check if a Laravel password is stored in the database and attempt a log in. If there is no Laravel hash stored, check with the ci_password. (For this you will have to make CodeIgniters hashing work inside your Laravel application. Sorry can't help you with that)
If the ci_password is valid use the password input from the user and generate the Laravel hash (using Hash::make('secret')). Store the new hash in the database and delete (set to NULL) the ci_password.
This way the passwords will be migrated one by one and you have to do nothing. And maybe, on one lucky day, all old hashes will be migrated and you can remove this logic and the column in the database.
I have created a new Joomla database (different from the main database of the website but that will be having its I/O from the same website nonetheless) and added a user to it. It seems that the database password was generated automatically and now Fabrik is asking me to confirm the database password but I can't find it in the configuration.php file (presumably because it is new) or anywhere else. Is there anything I am missing? Where can I find that password or change it?
The only location in joomla where you will find the database password is in the configuration file assigned to the $password variable.
If it is not there then you will need to look in the backend (cpanel?) where you will be able to set a new one.
While developing my app, I suddenly can't login using Auth anymore, according to Cake, the password or username is not correct.
When I track the query, the password (hashed) that Cake is looking for is not the one that the user has. I matched the query password to the User table in MAMP.
What can be the reason of this sudden error? What can Cake make looking for another password that not exists in the user table.
all error logs are clear
I can register a user without any issue
I use everything the standard Cake way (Auth, register process etc)
Many thanks!
well, most likely, you changed the salt value in core.php or hash mehod, or both. That's the only 2 reasons the hash is different for the same password.