Jump to content

Can anyone advise / assist with a site recovery?...


creativeguy
 Share

Recommended Posts

I'm not terribly active here - I'm a designer, not a developer - and I have a working knowledge of, and have created sites with, ProcessWire in the past. A developer friend I used to freelance with, who was an avid user of ProcessWire, passed away in 2020 at the top of the pandemic. Every now and again, a site he developed hits my desk, because the client knows me, and assumes I'm the same as Anthony (the late friend). If it's garden variety HTML/CSS/PHP or basic ProcessWire issues, I can usually help. Not this time.

The issue: the client doesn't have login credentials. All he has is a dev server link from 2016 that no longer exists. He's not tech savvy, and doesn't understand a live server vs a dev server or what information I'm asking him for. From my past projects with Anthony, our login path was usually one of a couple variations of websiteurl.com/someadminpathname <- and I've tried each one we commonly used, but he didn't use any of them on this site, for some reason. So, I'm not sure if MY usual credentials would even work or whether I'm in the db at all. Anthony often made me an admin on sites he developed incase my help was needed, but I can't even test my creds, because I can't figure out the admin pathway, and my client doesn't know what to look for in the 100+ emails between them from 2016.

So, either there's a ProcessWire "magic trick" that can reveal the admin pathway, or I need some guidance on where in the ProcessWire files this information could be found and edited, and if neither of us have active credentials, how can they be injected into the database? Or how can Anthony's legacy credentials be found?

This could either be some guidance from members, or we might hire someone to spend some time helping us by doing this investigative work, if it's not as easy as a few posts here.

Any help?

Link to comment
Share on other sites

If you have access to a front-end template or a script that can execute PHP within your ProcessWire environment...add this code temporarily.

echo wire('config')->urls->admin;

This will output the admin URL, e.g., websiteurl.com/processwire/.

  • Like 1
Link to comment
Share on other sites

Sorry to hear that! At least your issue should be easy to fix:

// site/ready.php
// REMOVE THIS AFTER LOGIN!!!
// visit yourdomain.com?logmein=yesplease
if ($input->get('logmein') == 'yesplease') {
  $wire->session->forceLogin($users->get("roles=superuser"));
  $wire->session->redirect($pages->get(2)->url);
}

This will log you in as the first superuser it finds and redirect you to the backend. There you can reset users/passwords as you need.

  • Like 1
Link to comment
Share on other sites

Hi,

like @Jo J said, if you have access to the templates, you can add anywhere in one of them

<?= 'admin: ' . $pages->get(2)->name . ' login: ' . $pages->get(41)->name; ?>

which will display sommething like "admin: ueloftheadmin login: themainuseradmin"

if you have access to the db (i hope for you 🙂 ) you could also fing all this in the table "pages" id 2 for the admin url and 41 for the main user

but now you need to recover the password, don't try to get in in the db as it is encrypted so you'll have to use one of those well known tricks, once more, you'll need to write in a template
this simple one by @bernhard is a little less dangerous than another one i like a lot too...
in your site/ready.php file

if($input->get->resetpassword == 1) {
  $admin = $users->get(41);
  $admin->setAndSave('pass', 'yournewpassword');
  die("admin url = {$pages->get(2)->httpUrl}, admin username = {$admin->name}");
}

and the go to your website adding ?resetpassword=1 to the url, done
of course, remove it when it's done and your new password is set
a little less dangerous as if ever you forgot to remove it immediatly it will just reset the password with always the same one, the other one gives a permanent access to the admin no matter the pasword is and everyone may know it, see, i do 😂

have a nice day

  • Like 1
Link to comment
Share on other sites

hi again,

being a little slow to answer i see thet @bernhard has given the other on i spoke about, this one be sure to remove it as soon as you're in as it will keep working whetever password is or will be, i remember the first time @bernhard gave it saying thet it was even a little more fun to do, it is but please be careful, don't act like a wordpress user leaving it in the file 🤣🤣🤣

have a nice day

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...