Lost access to website private login section

Hi - My client has a small website which has a members section which requires a login username and password. They don't have any record of it and their web designer is no longer available. They have asked me whether i can find a way to get the login details reset and access this section. I have full FTP access to the site and can see all the site files but i suspect this requires PHP knowledge for which i have zilch. The site is hosted with 1and1 in France but its not built through their website designer tools so there must be a file somewhere which contains the scripts that need to be edited. I have attached a screen dump of the FTP browser showing the file directory. Could someone give me a steer on whether this is doable with whatever knowledge i can scrap together or whether i need external technical help to sort this out. I would like to avoid additional costs for the client if this is easy enough but don't want to mess around with learning PHP.
This link will take you to the website's private members section: http://www.qajarfamilyassociation.org/imlogin.php?loginstatus=-3

Many thanks
D
Private-PHP.PNG
DominicIT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Black SulfurCommented:
You could try login to the cpanel account if you have the details for that and access the database though phpmyadmin. I have come across websites before where developers don't hash the passwords in the database and so you can see their login details in plain text. If you are lucky enough for this to be the case you could see all usernames and passwords in the database. If the passwords are hashed however, it is going to be more difficult. You would then most likely need a developer to access the code. This is of course assuming the user login details are stored in a database.
1
kenfcampCommented:
Well,

If the authentication is handled through a database (MySQL, etc) and you have access to it, and "IF" the admin password is in plain text (which it shouldn't be) then yes,

If it's encrypted, then no, not without encrypting a new password and replacing the existing. You will need to review your the authentication portion of the login process to determine what's being used.

If the authentication is .htaccess based, then you'll need to locate the files its using
0
Chris StanyonWebDevCommented:
It looks like the login info is POSTed to the same page as the login form, which is called imlogin.php so you should probably start by looking at that file. You'll need to do some detective work to figure out how the authentication system works, but it's probably based on info stored in a database. If the developer has done their job properly, then the passwords in the database will be hashed so there will be no way of getting that password back. What you would need to do is find out the hash method used - use it to hash a new password and insert that value into the database. You would then be able to login using the new password
0
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

DominicIT ConsultantAuthor Commented:
Hi Everyone - thanks for all your comments so far.
Chris, i did work my way round to the imlogin.php file and checked inside. I couldnt find much that i understand and know for sure that there is no reference to any specific passwords in there. Are there any keywords to look for which would give me some indication of it refering back to a database? Is it safe for me to post the script on EE so that maybe on of you could give me a quick pointer? One very last question, if i were to pass this onto to someone who knows what they were doing , they would be able to create/reset the passwords?
Cheers
D
0
Chris StanyonWebDevCommented:
Hey Dominic,

It's not so much about keywords as it is following the logic through. Basically, your form makes a POST request to the imlogin.php page. A POST request in PHP looks something like $_POST['imUname'] or $_POST['imPwd'] - could be $_REQUEST instead of $_POST.

Now your imlogin.php page may not deal with it directly. It may be passed on to another file. These other files are likely to be included in your page, probably using the php functions include(), include_once(), require() or require_once(). If that's the case, then you would refer to that included file and continue to follow the logic.

If it is database driven, then you would probably be looking for a reference to mysqli (mysqli / mysqli / pdo). If you have a decent text editor or IDE, then you can search for information across your entire codebase. May make it easier to find any references you're looking for.

As long as your script doesn't contain any sensitive information such as username or passwords, then it should be OK to post it here (mask them out if it does). Any PHP developer with access to the codebase should be able to sort this out for you pretty easily I would guess.
2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Black SulfurCommented:
Chris has given you good guidance but if you know nothing about PHP it might be a better idea to post some code or hire a developer to check it out for you. The last thing you want to do is tinker with code and not know what you are doing. Then you will have a bigger problem than just not knowing the login details.
1
DominicIT ConsultantAuthor Commented:
Thanks for good advice. I certainly won't be tinkering and will look for external help. I have some contacts but just in case i need more options, could you PM me to let me know if you would be up to helping with this in the potential future on a payment basis?

D
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.