Link to home
Start Free TrialLog in
Avatar of Dominic
DominicFlag for Italy

asked on

Lost access to website private login section

Hi - My client has a small website which has a members section which requires a login username and password. They don't have any record of it and their web designer is no longer available. They have asked me whether i can find a way to get the login details reset and access this section. I have full FTP access to the site and can see all the site files but i suspect this requires PHP knowledge for which i have zilch. The site is hosted with 1and1 in France but its not built through their website designer tools so there must be a file somewhere which contains the scripts that need to be edited. I have attached a screen dump of the FTP browser showing the file directory. Could someone give me a steer on whether this is doable with whatever knowledge i can scrap together or whether i need external technical help to sort this out. I would like to avoid additional costs for the client if this is easy enough but don't want to mess around with learning PHP.
This link will take you to the website's private members section: http://www.qajarfamilyassociation.org/imlogin.php?loginstatus=-3

Many thanks
D
Private-PHP.PNG
Avatar of Crazy Horse
Crazy Horse
Flag of South Africa image

You could try login to the cpanel account if you have the details for that and access the database though phpmyadmin. I have come across websites before where developers don't hash the passwords in the database and so you can see their login details in plain text. If you are lucky enough for this to be the case you could see all usernames and passwords in the database. If the passwords are hashed however, it is going to be more difficult. You would then most likely need a developer to access the code. This is of course assuming the user login details are stored in a database.
SOLUTION
Avatar of kenfcamp
kenfcamp
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
It looks like the login info is POSTed to the same page as the login form, which is called imlogin.php so you should probably start by looking at that file. You'll need to do some detective work to figure out how the authentication system works, but it's probably based on info stored in a database. If the developer has done their job properly, then the passwords in the database will be hashed so there will be no way of getting that password back. What you would need to do is find out the hash method used - use it to hash a new password and insert that value into the database. You would then be able to login using the new password
Avatar of Dominic

ASKER

Hi Everyone - thanks for all your comments so far.
Chris, i did work my way round to the imlogin.php file and checked inside. I couldnt find much that i understand and know for sure that there is no reference to any specific passwords in there. Are there any keywords to look for which would give me some indication of it refering back to a database? Is it safe for me to post the script on EE so that maybe on of you could give me a quick pointer? One very last question, if i were to pass this onto to someone who knows what they were doing , they would be able to create/reset the passwords?
Cheers
D
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Dominic

ASKER

Thanks for good advice. I certainly won't be tinkering and will look for external help. I have some contacts but just in case i need more options, could you PM me to let me know if you would be up to helping with this in the potential future on a payment basis?

D