Lost access to website private login section

Hi - My client has a small website which has a members section which requires a login username and password. They don't have any record of it and their web designer is no longer available. They have asked me whether i can find a way to get the login details reset and access this section. I have full FTP access to the site and can see all the site files but i suspect this requires PHP knowledge for which i have zilch. The site is hosted with 1and1 in France but its not built through their website designer tools so there must be a file somewhere which contains the scripts that need to be edited. I have attached a screen dump of the FTP browser showing the file directory. Could someone give me a steer on whether this is doable with whatever knowledge i can scrap together or whether i need external technical help to sort this out. I would like to avoid additional costs for the client if this is easy enough but don't want to mess around with learning PHP.
This link will take you to the website's private members section: http://www.qajarfamilyassociation.org/imlogin.php?loginstatus=-3

Many thanks
D
Private-PHP.PNG
DominicIT ConsultantAsked:
Who is Participating?
 
Chris StanyonCommented:
Hey Dominic,

It's not so much about keywords as it is following the logic through. Basically, your form makes a POST request to the imlogin.php page. A POST request in PHP looks something like $_POST['imUname'] or $_POST['imPwd'] - could be $_REQUEST instead of $_POST.

Now your imlogin.php page may not deal with it directly. It may be passed on to another file. These other files are likely to be included in your page, probably using the php functions include(), include_once(), require() or require_once(). If that's the case, then you would refer to that included file and continue to follow the logic.

If it is database driven, then you would probably be looking for a reference to mysqli (mysqli / mysqli / pdo). If you have a decent text editor or IDE, then you can search for information across your entire codebase. May make it easier to find any references you're looking for.

As long as your script doesn't contain any sensitive information such as username or passwords, then it should be OK to post it here (mask them out if it does). Any PHP developer with access to the codebase should be able to sort this out for you pretty easily I would guess.
2
 
Black SulfurCommented:
You could try login to the cpanel account if you have the details for that and access the database though phpmyadmin. I have come across websites before where developers don't hash the passwords in the database and so you can see their login details in plain text. If you are lucky enough for this to be the case you could see all usernames and passwords in the database. If the passwords are hashed however, it is going to be more difficult. You would then most likely need a developer to access the code. This is of course assuming the user login details are stored in a database.
1
 
kenfcampCommented:
Well,

If the authentication is handled through a database (MySQL, etc) and you have access to it, and "IF" the admin password is in plain text (which it shouldn't be) then yes,

If it's encrypted, then no, not without encrypting a new password and replacing the existing. You will need to review your the authentication portion of the login process to determine what's being used.

If the authentication is .htaccess based, then you'll need to locate the files its using
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Chris StanyonCommented:
It looks like the login info is POSTed to the same page as the login form, which is called imlogin.php so you should probably start by looking at that file. You'll need to do some detective work to figure out how the authentication system works, but it's probably based on info stored in a database. If the developer has done their job properly, then the passwords in the database will be hashed so there will be no way of getting that password back. What you would need to do is find out the hash method used - use it to hash a new password and insert that value into the database. You would then be able to login using the new password
0
 
DominicIT ConsultantAuthor Commented:
Hi Everyone - thanks for all your comments so far.
Chris, i did work my way round to the imlogin.php file and checked inside. I couldnt find much that i understand and know for sure that there is no reference to any specific passwords in there. Are there any keywords to look for which would give me some indication of it refering back to a database? Is it safe for me to post the script on EE so that maybe on of you could give me a quick pointer? One very last question, if i were to pass this onto to someone who knows what they were doing , they would be able to create/reset the passwords?
Cheers
D
0
 
Black SulfurCommented:
Chris has given you good guidance but if you know nothing about PHP it might be a better idea to post some code or hire a developer to check it out for you. The last thing you want to do is tinker with code and not know what you are doing. Then you will have a bigger problem than just not knowing the login details.
1
 
DominicIT ConsultantAuthor Commented:
Thanks for good advice. I certainly won't be tinkering and will look for external help. I have some contacts but just in case i need more options, could you PM me to let me know if you would be up to helping with this in the potential future on a payment basis?

D
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.