Drupal Password set - drupal-7

I have to reset my password direct through database for that I used query
UPDATE users SET pass = md5('NEWPASSWORD') WHERE name = 'admin'
but still I am not able to login.
Can you please tell me where I am going wrong?

With drupal 7, password are no more encrypted through md5.
There are several way to reset a password in drupal7.
Using drush :
drush upwd admin --password="newpassword"
Without drush, if you have a cli access to the server :
cd <drupal root directory>
php scripts/password-hash.sh 'myPassword'
Now copy the resultant hash and paste it into the query:
update users set name='admin', pass='pasted_big_hash_from_above' where uid=1;
If you are working on a remote environment on which you cannot connect, you can put this specified code in a file such as password.php such as this one:
<?php
if (isset($_GET['p'])) {
require_once dirname(__FILE__) . '/includes/bootstrap.inc';
require_once dirname(__FILE__) . '/includes/password.inc';
print _password_crypt('sha512', $_GET['p'], _password_generate_salt(DRUPAL_HASH_COUNT));
exit();
}
print "No password to hash.";
And then hit your site using: http://domain.tld/password.php?p=MyPassword. The hash will appear on your browser's tab.
Don't forget to remove it once you done it.

Are you locked out of your account? If you've got DB access then try clearing out the "flood" table.

Related

H2 database login issues

I am using a local file based H2 Hibernate database with Grails.
I have two separate file type dBs setup in dataSource.groovy:
dataSource {
logSql = false
pooled = true
dbCreate = "update" // one of 'create', 'create-drop', 'update', 'validate', ''
url = "jdbc:h2:devDb;MVCC=TRUE;LOCK_TIMEOUT=10000"
}
and
dataSource_publish {
logSql = false
pooled = true
dbCreate = "update" // one of 'create', 'create-drop', 'update', 'validate', ''
url = "jdbc:h2:/dbmak/devDb;MVCC=TRUE;LOCK_TIMEOUT=10000;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE"
}
They both produce files in the project root directory:
devDb.h2.db and dbmak.h2.db
The last thing I did in the dB was to modify the 'sa' password - preferring to set it to a non-null value.
I did this by logging into the dbconsole via user 'sa' and then using the command:
set password 'newPassword'
Which seemed to work fine.
However, when I now try and restart the application in the GGTS I get the error:
org.h2.jdbc.JdbcSQLException: Wrong user name or password [28000-173]
I've tried the original null password as well as other login/password combinations that have worked in the past but still get the above error.
One other thing I've done is to replace the h2.db files with recent backed-up copies but still no success. I was wondering if the hibernate system data, containg the 'sa' password, resides elsewhere rather than these individual application databases. If I have a copy of the h2.db files when the system worked I can simply replace it with the modified one that is now failing.
One more thing - when I compare the size of the current (failing - which is 230kb in size) debdb.h2.db file with the backed-up one (which is 1252kb in size) I notice that they are significantly different in size, and when I try and restart the application with the backed-up copy of the db file. After the application fails to start the size goes back to failed size of 230kb.
I have resolved this login issue - as I have two separate Dbs and having set the sa both passwords to a non-null value I have to explicitly define the password for each separate Db.
So, in the DataSource.groovy I now have two sets of login/ password definitions:
dataSource {
username = "sa"
password = "value01"
}
dataSource_publish {
username = "sa"
password = "value02"
}
Without this I believe the login & password is automatically set to 'sa' and "" (i.e: null). And so without the dataSource_publish block on startup the app was attempting, unsuccessfully, to login into the dataSource_publish dB with a null password.
Once you see it it's obvious.

How to upload database using Dropbox?

I've just created a Barcode Scanner app and have a database of barcode. I want to upload/sync this database to the company's server then another programmer can get and build website UI. Unfortunately, our server is not public (but it can connect internet through proxy), so I want to use Dropbox to do that. Could you please give me a useful sample code or tell me the best way to upload/sync database in this case? I am extremely grateful for your help!
Alright, assuming your database is a MySQL DB with a host environment that lets you run cron jobs, access your FTP, etc... here's a possible code snippet for you, I just had to do this myself with the Dropbox API, you can actually read the full post here for a walk-thru (Dropbox API and MySQL DB Dump/Upload
<?php
# Include the Dropbox SDK libraries
require_once __DIR__."/dropbox-sdk/lib/Dropbox/autoload.php";
use \Dropbox as dbx;
//your access token from the Dropbox App Panel
$accessToken = 'NOT-A-REAL-TOKEN-REPLACE-THIS-QM8jS0z1w1t-REPLACE-THIS-TOKEN';
//run the MySQL dump and zip;
// location of your temp directory
$tmpDir = "your_temp_dir";
// username for MySQL
$user = "DB_user";
// password for MySQL
$password = "DB_password";
// database name to backup
$dbName = "DB_name";
// hostname or IP where database resides
$dbHost = "your_hostname";
// the zip file will have this prefix
$prefix = "sql_db_";
// Create the database backup file
$sqlFile = $tmpDir.$prefix.date('Y_m_d_h:i:s').".sql";
$backupFilename = $prefix.date('Y_m_d_h:i:s').".tgz";
$backupFile = $tmpDir.$backupFilename;
$createBackup = "mysqldump -h ".$dbHost." -u ".$user." --password='".$password."' ".$dbName." --> ".$sqlFile;
//echo $createBackup;
$createZip = "tar cvzf $backupFile $sqlFile";
//echo $createZip;
exec($createBackup);
exec($createZip);
//now run the DBox app info and set the client; we are naming the app folder SQL_Backup but CHANGE THAT TO YOUR ACTUAL APP FOLDER NAME;
$appInfo = dbx\AppInfo::loadFromJsonFile(__DIR__."/config.json");
$dbxClient = new dbx\Client($accessToken, "SQL_Backup");
//now the main handling of the zipped file upload;
//this message will send in a system e-mail from your cron job (assuming you set up cron to email you);
echo("Uploading $backupFilename to Dropbox\n");
//this is the actual Dropbox upload method;
$f = fopen($backupFile, "rb");
$result = $dbxClient->uploadFile('/SQL_Backup/'.$backupFilename, dbx\WriteMode::force(), $f);
fclose($f);
// Delete the temporary files
unlink($sqlFile);
unlink($backupFile);
?>
You also need to make a config.json file like so:
{
"key": "YOUR_KEY_FROM_DROPBOX_APP_PANEL",
"secret": "YOUR_SECRET_FROM_DROPBOX_APP_PANEL"
}
You will need to create a new Dropbox app under your Dropbox account to get your key and secret, and to generate the auth code for your username, do that here when logged in: https://www.dropbox.com/developers/apps
You also need to download the Dropbox PHP SDK library to put on your server in the same folder as this PHP code above, find that here: https://www.dropbox.com/developers/core/sdks/php
Hope this helps; if you need more step-by-step or your developer does, go that link at the top for a full walk through.

Problems with accessing private files uploaded via file field in a webform with Varnish running on the server

I have a webform with a file field configured to private files. When I'm logged in as a superuser (uid=1) and trying to download the file, I get access denied.
I was trying to debug this, and this is what I noticed.
All private files served by the file_download() function that is called in the system.module. This function validates if the file exists and request the file headers using file_download_headers() function that triggers hook_file_download().
In the webform_file_download() function the module determines whether the file was a webform upload and grant or deny file access based on access to the submission. It validates access permission by calling webform_submission_access(). When I run dpm($account) in this function, I get an anonymous user when I'm trying to access the private file. When I browse recent log messages I have the entry below:
access denied 06/02/2015 - 11:23 system/files/webform/cv-uploads/cv.pdf Anonymous
When I change the URL to file that doesn't exist, I get this:
page not found 06/02/2015 - 11:26 system/files/webform/cv-uploads/cv.FDP admin
As you can see for some reasons when the module is trying to get access to the file that does exist, I get access denied and the user is anonymous. When the file doesn't exist, I get page not found and the user is a logged in user.
Any ideas why this happens?
UPDATE
I've added the following code to my index.php but I still get anonymous user when I'm trying to access the file.
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
+ global $user;
+ watchdog('user', '<pre>'. print_r($user, TRUE) . '</pre>');
menu_execute_active_handler();
I've copied over the whole site including database and files to my local machine, and I'm not experiencing this issue. There's should be some settings that does this on the live site.
UPDATE 2
I've noticed that on the live site we have a list of disabled functions that I'm not aware of. Maybe it will help somehow.
disable_functions = apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, system, xmlrpc_entity_decode, parse_ini_file,show_source,shell_exec
The problem was caused by the Varnish on the server. Below is the settings for Varnish.
# Always cache the following file types for all users. This list of extensions
# appears twice, once here and again in vcl_fetch so make sure you edit both
# and keep them equal.
if (req.url ~ "(?i)\.(pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") {
unset req.http.Cookie;
}

How to set the password for Ldap user account?

I am using this in ldif file to set the password.
dn:cn=krisv,ou=People,dc=jbpm,dc=org
changetype:modify
replace:unicodePwd
unicodePwd:Krisv
-
This is the log
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "MS-Sample.LDF"
Loading entries
1: cn=krisv,ou=People,dc=jbpm,dc=org
Entry DN: cn=krisv,ou=People,dc=jbpm,dc=org
changetype: modify
Attribute 0) unicodePwd:IgA3ACQANQBNAHMAIwA0AEQAaQBHACIA
Add error on entry starting on line 2: Constraint Violation
The server side error is: 0x52c Unable to update the password. The value provided for the new password contains values that are not allowed in passwords.
The extended server error is:
0000052C: AtrErr: DSID-033805E9, #1:
0: 0000052C: DSID-033805E9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
0 entries modified successfully.
An error has occurred in the program
I suggest using Apache Directory Studio to manage your LDAP directory. It should help avoiding that sort of problem.
In Apache Directory Studio, you can change a user password by double clicking the userPassword attribute description. This will open the Password Editor, where you can verify the current password or enter a new password.
Using Apache Directory Studio:
Open Directory Studio and connect to your repository.
Search/navigate to the user you want to modify.
To add a password, click the New Attribute button or menu LDAP > New Attribute (or SHIFT-CMD-+).
Enter Attribute type userPassword then click Next if you want to enter optional language tags, otherwise click Finish.
Password Editor opens. Enter and Confirm the new password, and select your hash method (don't leave it at the default plaintext!) then click OK.
You should now see a userPassword attribute in the list of user attributes.
If you want to change a password attached to an entity, locate the entity in Directory Studio, right-click and select Extended Operations > Password Modify. Or, locate the userPassword attribute for the entity and double-click it, or select and press F7. The Password Editor will be invoked and you can enter previous/new passwords. Note that modifying the password will require authentication using the bind DN.

If the salt is blank from config.php then what mechanism cakephp used to store password?

In CakePHP config.php the salt is blank '' , so during saving password which mechanism cakephp use to produce password?
Which core file contains that procedure to generate hashed/md5 password?
I think it uses something like Security::hash(password);
If you search for ".salt" in the core files you should be able to find out that it is used in several places like so:
$check = Security::hash(serialize($fieldList) . $unlocked . Configure::read('Security.salt'));
(SecurityComponent)
and so:
$this->key = Configure::read('Security.salt');
(CookieComponent)
So an empty salt would simply have the affect of "no salt" for saving passwords.
although this can have sideeffects with cookies. An empty key might cause trouble.
Why would you want to omit the salt here, anyway?

Resources