search

prashants / webzash

Easy to use web based double entry accounting software in PHP - MySQL under MIT License
http://webzash.org
Other
211 stars 108 forks source link

User account is disabled. Please contact your administrator. #webzash #151

Closed jessicana closed 3 years ago

jessicana commented 3 years ago

After a fresh install, I cannot remember the password, and my user account is disabled. The software does not send emails because it did not accept the email configuration that worked on other applications. While we can discuss the email configuration later, I want to know if there is any way I can access the software.

prashants commented 3 years ago

https://github.com/prashants/webzash/wiki/General-FAQ#q3-what-to-do-if-i-forget-my-administrator-password

On Thu, Aug 19, 2021 at 5:41 AM jessicana @.***> wrote:

After a fresh install, I cannot remember the password, and my user account is disabled. The software does not send emails because it did not accept the email configuration that worked on other applications. While we can discuss the email configuration later, I want to know if there is any way I can access the software.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/prashants/webzash/issues/151, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQULD3SZIQSCGQO7DHGY3T5RD2DANCNFSM5CNCVY5A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .

jessicana commented 3 years ago

Awesome, as usual!

jessicana commented 2 years ago

After I uncomment the line: // Configure::write('Webzash.ResetAdminPassword', 'YES PLEASE') My password get reset. How should I access the system? Using admin as my username and password?

prashants commented 2 years ago

Yes

On Wed, Oct 13, 2021 at 4:29 PM jessicana @.***> wrote:

After I uncomment the line: // Configure::write('Webzash.ResetAdminPassword', 'YES PLEASE') My password get reset. How should I access the system? Using admin as my username and password?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/prashants/webzash/issues/151#issuecomment-942180065, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQULDOZLJSPZ2MA2GIMDTUGVRAHANCNFSM5CNCVY5A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

jessicana commented 2 years ago

I am doing this but I cannot access the system. I try admin twice and I get this:

Login failed. Please, try again.

prashants commented 2 years ago

One trick is

https://github.com/prashants/webzash/blob/e3a011aa93af2c57438d663769f5d17b3bb12423/Controller/WzusersController.php#L371

add this two code lines in the above file at this place, just after "public function login() {". Just replace the "REPLACE WITH YOUR PASSWORD" with the password that you want.

$password = Security::hash("REPLACE WITH YOUR PASSWORD", 'sha1', true); $this->Session->setFlash($password, 'danger');

This will print the hash version of the password. Copy paste the password in the MySQL wzuser table password field.

Regards.

On Wed, Oct 13, 2021 at 4:36 PM jessicana @.***> wrote:

I am doing this but I cannot access the system. I try admin twice and I get this:

Login failed. Please, try again.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/prashants/webzash/issues/151#issuecomment-942185710, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQULCAEGS4W6NCUNXTFWTUGVRZTANCNFSM5CNCVY5A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

jessicana commented 2 years ago

Ok, great. So here is the status and I need your help with this. This will also help others, therefore, I will describe it in detail:

  1. I went to /var/www/example.com/html/pages/webzash/app/Plugin/Webzash/Controller
  2. I added: 
    $password = Security::hash("admin", 'sha1', true);
$this->Session->setFlash($password, 'danger');

    under:

    /**
* login method
*/
public function login() {

    The whole block is now:

    
/**
* login method
*/
public function login() {

$password = Security::hash("admin", 'sha1', true); $this->Session->setFlash($password, 'danger');


When I go to webzash login page:
`https://example.com/webzash/wzusers/login`

I am able to see the hash for admin. Say that is: `0298fba12354faae06791ceb26c754dafb0`

3. I went to my SSH and I executed these commands:
`mysql -u root -p `
Enter your password: `***`
Then:
`show databases;`
`use webzash_database;`
`show tables;`
Show all data in a table.
`SELECT * FROM wzusers;`
I see this:
![image](https://user-images.githubusercontent.com/7415824/137232167-67e3ce8e-34bf-4be9-89a9-42d385dd514d.png)

I tried to change the password many times, I used:
`mysql> update wzusers set password = MD5('0298fba12354faae06791ceb26c754dafb0') where ID = 1;` --> This is the hash I see on the login page.
and
`mysql> update wzusers set password = MD5('admin') where ID = 1;`

but none of them work. 

whatever combination I use, it does not work. For example:
username: `admin`
password: `admin`

I get: Login failed. Please, try again.

When I try:
username: `jessicana`
password: `admin`

I get: `Login failed. You still have 2 attempts left out of 5 before the account is disabled.`

I am not sure if the difference between the password hash and the verification_key has anything to do with this, but I suggest that I run a command to add a new administrator. Any insights on how I can achieve that?
prashants commented 2 years ago

I just tried doing the original method of uncommenting the config file and it worked.

Why are you using the MD5() method ? just paste the string as it is since cakephp uses its own seed for the hashing function and normal MD5() will not work

This is what you should do doing :-

update wzusers set password = "this is where the password string goes without any changes" where ID = 1;

You can refer the app/Config/core.php to see the seed

/**

/**

On Thu, Oct 14, 2021 at 6:27 AM jessicana @.***> wrote:

Ok, great. So here is the status and I need your help with this. This will also help others, therefore, I will describe it in detail:

  1. I went to /var/www/ example.com/html/pages/webzash/app/Plugin/Webzash/Controller
  2. I added:

$password = Security::hash("admin", 'sha1', true); $this->Session->setFlash($password, 'danger');

under:

/**

  • login method */ public function login() {

The whole block is now:

/**

  • login method */ public function login() {

$password = Security::hash("admin", 'sha1', true); $this->Session->setFlash($password, 'danger');

When I go to webzash login page: https://example.com/webzash/wzusers/login

I am able to see the hash for admin. Say that is: 0298fba12354faae06791ceb26c754dafb0

  1. I went to my SSH and I executed these commands: mysql -u root -p Enter your password: ** Then: show databases; use webzash_database; show tables; Show all data in a table. SELECT FROM wzusers; I see this: [image: image] https://user-images.githubusercontent.com/7415824/137232167-67e3ce8e-34bf-4be9-89a9-42d385dd514d.png

whatever combination I use, it does not work. For example: username: admin password: admin

I get: Login failed. Please, try again.

When I try: username: jessicana password: admin

I get: Login failed. You still have 2 attempts left out of 5 before the account is disabled.

I tried to change the password many times, I used: mysql> update wzusers set password = MD5('0298fba12354faae06791ceb26c754dafb0') where ID = 1; --> This is the hash I see on the login page. and mysql> update wzusers set password = MD5('admin') where ID = 1;

but none of them work. I am not sure if the difference between the password hash and the verification_key has anything to do with this, but I suggest that I run a command to add a new administrator. Any insights on how I can achieve that?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/prashants/webzash/issues/151#issuecomment-942838109, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAQULC3ICEYMGHZAAYKVLDUGYTHXANCNFSM5CNCVY5A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.