Guest Posted July 22, 2005 Share Posted July 22, 2005 Hi, I loaded the required files and edited the sql file, as outlinded in the contribution: "$Id: admin_tabel.sql,v 1.1" But I can not login... Not sure what this part means: INSERT INTO admin VALUES (1, 1, 'AdminFirstname', 'AdminLastname', 'admin@localhost', '351683ea4e19efe34874b501fdbf9792:9b', now(), '0000-00-00 00:00:00', null, 0); Or what exactly the login id and password is... Please Help. Can someone just define the "ID", and I assume the password is admin, as you said, but is it..? I've tried all different combinations Here is the directions : first, and the Code at the bottom ------------------------------------------------------ 1. Backup your files. 2. Database. You must to create three tables into your DB, using the 'admin_tabel.sql' file. 3. Upload the files Uupload all the files of the package on your server, replacing the existing files. 4. Log In and Change of Default Account The default admin is 'admin@localhost' with the password 'admin'. Your first job may well be changing this security hole. --------------------------------------------------------------------------- code: DROP TABLE IF EXISTS admin; CREATE TABLE admin ( admin_id int(11) NOT NULL auto_increment, admin_groups_id int(11) default NULL, admin_firstname varchar(32) NOT NULL default '', admin_lastname varchar(32) default NULL, admin_email_address varchar(96) NOT NULL default '', admin_password varchar(40) NOT NULL default '', admin_created datetime default NULL, admin_modified datetime NOT NULL default '0000-00-00 00:00:00', admin_logdate datetime default NULL, admin_lognum int(11) NOT NULL default '0', PRIMARY KEY (admin_id), UNIQUE KEY admin_email_address (admin_email_address) ); INSERT INTO admin VALUES (1, 1, 'AdminFirstname', 'AdminLastname', 'admin@localhost', '351683ea4e19efe34874b501fdbf9792:9b', now(), '0000-00-00 00:00:00', null, 0); # Table structure for table `admin_files` # --------------------------------------- DROP TABLE IF EXISTS admin_files; CREATE TABLE admin_files ( admin_files_id int(11) NOT NULL auto_increment, admin_files_name varchar(64) NOT NULL default '', admin_files_is_boxes tinyint(5) NOT NULL default '0', admin_files_to_boxes int(11) NOT NULL default '0', admin_groups_id set('1','2') NOT NULL default '1', PRIMARY KEY (admin_files_id) ); INSERT INTO admin_files VALUES (1, 'administrator.php', 1, 0, '1'); INSERT INTO admin_files VALUES (2, 'configuration.php', 1, 0, '1'); INSERT INTO admin_files VALUES (3, 'catalog.php', 1, 0, '1,18'); INSERT INTO admin_files VALUES (4, 'modules.php', 1, 0, '1'); INSERT INTO admin_files VALUES (5, 'customers.php', 1, 0, '1,18'); INSERT INTO admin_files VALUES (6, 'taxes.php', 1, 0, '1'); INSERT INTO admin_files VALUES (7, 'localization.php', 1, 0, '1'); INSERT INTO admin_files VALUES (8, 'reports.php', 1, 0, '1'); INSERT INTO admin_files VALUES (9, 'tools.php', 1, 0, '1,18'); INSERT INTO admin_files VALUES (10, 'admin_members.php', 0, 1, '1'); INSERT INTO admin_files VALUES (11, 'admin_files.php', 0, 1, '1'); INSERT INTO admin_files VALUES (12, 'configuration.php', 0, 2, '1'); INSERT INTO admin_files VALUES (13, 'categories.php', 0, 3, '1'); INSERT INTO admin_files VALUES (14, 'products_attributes.php', 0, 3, '1'); INSERT INTO admin_files VALUES (15, 'manufacturers.php', 0, 3, '1'); INSERT INTO admin_files VALUES (16, 'reviews.php', 0, 3, '1'); INSERT INTO admin_files VALUES (17, 'specials.php', 0, 3, '1,18'); INSERT INTO admin_files VALUES (18, 'products_expected.php', 0, 3, '1'); INSERT INTO admin_files VALUES (19, 'modules.php', 0, 4, '1'); INSERT INTO admin_files VALUES (20, 'customers.php', 0, 5, '1,18'); INSERT INTO admin_files VALUES (21, 'orders.php', 0, 5, '1'); INSERT INTO admin_files VALUES (22, 'countries.php', 0, 6, '1'); INSERT INTO admin_files VALUES (23, 'zones.php', 0, 6, '1'); INSERT INTO admin_files VALUES (24, 'geo_zones.php', 0, 6, '1'); INSERT INTO admin_files VALUES (25, 'tax_classes.php', 0, 6, '1'); INSERT INTO admin_files VALUES (26, 'tax_rates.php', 0, 6, '1'); INSERT INTO admin_files VALUES (27, 'currencies.php', 0, 7, '1'); INSERT INTO admin_files VALUES (28, 'languages.php', 0, 7, '1'); INSERT INTO admin_files VALUES (29, 'orders_status.php', 0, 7, '1'); INSERT INTO admin_files VALUES (30, 'stats_products_viewed.php', 0, 8, '1'); INSERT INTO admin_files VALUES (31, 'stats_products_purchased.php', 0, 8, '1'); INSERT INTO admin_files VALUES (32, 'stats_customers.php', 0, 8, '1'); INSERT INTO admin_files VALUES (33, 'backup.php', 0, 9, '1'); INSERT INTO admin_files VALUES (34, 'banner_manager.php', 0, 9, '1,18'); INSERT INTO admin_files VALUES (35, 'cache.php', 0, 9, '1'); INSERT INTO admin_files VALUES (36, 'define_language.php', 0, 9, '1'); INSERT INTO admin_files VALUES (37, 'file_manager.php', 0, 9, '1'); INSERT INTO admin_files VALUES (38, 'mail.php', 0, 9, '1,18'); INSERT INTO admin_files VALUES (39, 'newsletters.php', 0, 9, '1,18'); INSERT INTO admin_files VALUES (40, 'server_info.php', 0, 9, '1'); INSERT INTO admin_files VALUES (41, 'whos_online.php', 0, 9, '1,18'); INSERT INTO admin_files VALUES (42, 'banner_statistics.php', 0, 9, '1,18'); # Table structure for table `admin_groups` # ---------------------------------------- DROP TABLE IF EXISTS admin_groups; CREATE TABLE admin_groups ( admin_groups_id int(11) NOT NULL auto_increment, admin_groups_name varchar(64) default NULL, PRIMARY KEY (admin_groups_id), UNIQUE KEY admin_groups_name (admin_groups_name) ); INSERT INTO admin_groups VALUES (1, 'Top Administrator'); INSERT INTO admin_groups VALUES (2, 'Marketing'); Please help Bob Link to comment Share on other sites More sharing options...
strictlypc Posted July 22, 2005 Share Posted July 22, 2005 Hi, Try using this: Username: admin@localhost password: admin StrictlyPC Link to comment Share on other sites More sharing options...
Guest Posted July 22, 2005 Share Posted July 22, 2005 Thanks but it did not work. i tried, " ID: [email protected], PW: admin ", " ID: [email protected], PW: admin " " ID: [email protected], PW: admin " " ID: admin, PW: admin ", " ID: _____ , PW:_____ ". The author WILL NOT respond...I wrote to his direct email This must be an unsupported DEAD END...contribution, that the author put out there untested.... ps. I've reworked ALL my setup work and it still dosen't work. I'm going to try reworking one more time... if nothing then I can it... ! stand by for my Evail.... THIS Contribution may be malicios...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Link to comment Share on other sites More sharing options...
strictlypc Posted July 22, 2005 Share Posted July 22, 2005 Try, username: [email protected] password: admin StrictlyPC Link to comment Share on other sites More sharing options...
Guest Posted July 22, 2005 Share Posted July 22, 2005 strictlypc,Jul 22 2005, 04:11 PM] Again thanks, but still not working. Admin Access: http://www.oscommerce.com/community/contri...ch,admin+access I'm canning this osCommerce Contribution..!!!! They TOOK DOWN BOTH-> discussions for Admin Access: http://www.oscommerce.com/forums/viewtopic.php?p=197787 http://www.oscommerce.com/forums/viewtopic.php?t=41447 <----- both dead This was the OLD one (Discussion ----------- Please don't send me email, just send the comment and question to: http://www.oscommerce.com/forums/viewtopic.php?t=41447 zaenal ) But Zaenal's discussion is DEAD...! I And so is this one is dead..! Oh, well the authors WON'T respond to the posts............. Link to comment Share on other sites More sharing options...
netstep Posted July 23, 2005 Share Posted July 23, 2005 It would suck if Admin Access was some sort of back-door for the developers as claimed at http://www.oscommerce.com/community/contributions,1359 I installed according to instructions, and it worked like a charm. Anyone find any code that may indicate an end-around the security? Sam M. - Seattle Link to comment Share on other sites More sharing options...
Guest Posted July 23, 2005 Share Posted July 23, 2005 It would suck if Admin Access was some sort of back-door for the developers as claimed at http://www.oscommerce.com/community/contributions,1359 I installed according to instructions, and it worked like a charm. Anyone find any code that may indicate an end-around the security? <{POST_SNAPBACK}> the idea is that you delete the default login information after you create your own account. Link to comment Share on other sites More sharing options...
Guest Posted July 23, 2005 Share Posted July 23, 2005 the idea is that you delete the default login information after you create your own account. <{POST_SNAPBACK}> I don't know if YOU are an osCommerces tect support person or what. But I FOLLOWED THE INSTRUCTIONS TO THE "T" or the best I could being a novice (only using osc for a Yr.). The Instructions that were there at the time I downloaded them....., were unclear at best. It would seem Ponce WILL delete ANY contribution added that reflects free speech... Geeeee maybe the osc world IS NOT FREE AT ALL........ AFTER ALL THE FOUNDER IS GERMAN...!!! OLD SCHOOL MAYBE ... IF THEY FEEL THEY NEED TO TAKE DOWN MY CONTRIBUTION OUTLINING A POORLY THE POSSIBILITY.... I asked fro some help and got turned away from "THE MAN HIM SELF".......................................> HERE IS WHAT I WAS TOLD, pasted right from my email: " """""" If you are a beginner in programming, sorry, understand that I haven't time to answer to all your questions. best regards, Piero Trono. " """""""" what kind of support grp. puts out an involved addon contribution like this one, but takes dwon the support discussions for something like Admin Access. And if that was bad... I cleaned it out and uploaded mybackup files.... AND NOW THAT HAS A PROBLEM............. ALL I'M SAYING IS THANKS FOR NOTHING. OSC.............. You really showed me...yes I learned my lesson....about using your addons. so beware out there.... This emoticon in writing mostlikely will be removed by osc staff at some point because they can ..........because they don't like "FREE SPEECH" . so netstep is it a back door...? It could be..... Why else did they take down the contribution discussion..... There were BIG, I MEAN BIG PROBLEMS WITH IT, I WAS TOLD. Also you should know, everyone I collaborated with feels this is a load of "Cra%" . That they refuse to support it. ALSO, IT LOOKS BAD THAT THEY TOOK DOWN MY BEWARE NOTES ADDED TO THE "Admin Access" CONTRIBUTION. But what are ya gona do Bob Link to comment Share on other sites More sharing options...
ccubed_99 Posted July 23, 2005 Share Posted July 23, 2005 getting back to the original problem.... Username: admin@localhost password: admin would be correct. If you log into admin for the first time you should see two fields and the above should get you in. At that point you will not be able to do anything in admin until you edit the user name and password... of course it would be lunacy to leave a password as admin in any scripting language... Did you import the tables into the os data base? if so did you change anything before logging into your admin area? Read, read, read, test, read, read, test, read, implement. Always back up your site and database before changes. Always back up on a regular basis. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.