SitePoint Sponsor

User Tag List

Results 1 to 18 of 18
  1. #1
    SitePoint Member
    Join Date
    Sep 2013
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Which CMS? How to get in?

    Hi,

    does anyone know which cms this is?
    I do have ftp access to the website but the owner doesn't know the admin login details for the cms.
    Anyone knows how to retrieve them from this particular cms?

    cms.jpg

    Thanks.

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,331
    Mentioned
    463 Post(s)
    Tagged
    8 Thread(s)
    Hi Yatsuba. Welcome to the forums.

    Quote Originally Posted by Yatsuba View Post
    does anyone know which cms this is? ... Anyone knows how to retrieve them from this particular cms?
    Have you spoken to the person who set this up?

    You will probably get a clue what CMS it is by looking at the files via FTP ... assuming it's not a custom CMS.

  3. #3
    SitePoint Member
    Join Date
    Sep 2013
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Hi Yatsuba. Welcome to the forums.



    Have you spoken to the person who set this up?

    You will probably get a clue what CMS it is by looking at the files via FTP ... assuming it's not a custom CMS.
    Hi,

    I looked at the files but haven't had a clue yet. Propably the passwords are somewhere in the database but I don't know what to look for.
    The company does no longer exits.

    I just found the fucntions.php, but where can I find the passwords and how?

    Code:
    <?
    	date_default_timezone_set("Europe/Paris");
    	function login($userName,$userPassword){
    		global $error, $erroruserName, $erroruserPassword;
    		if(empty($userName)){
    			$erroruserName = true;
    			$error = true;
    		}
    		if(empty($userPassword)){
    			$erroruserPassword = true;
    			$error = true;
    		}
    		
    		if(!$error){
    			$query	=	"
    				SELECT		*
    				FROM		users
    				WHERE		userName = '".$userName."'
    				AND			userPassword = '".md5($userPassword)."'
    			";
    			$result = mysql_query($query) or die(mysql_error());
    			if(mysql_num_rows($result)){
    				$row = mysql_fetch_array($result) or die(mysql_error());
    				
    				$_SESSION["loggedin"] = true;
    				$_SESSION["userName"] = $userName;
    				$_SESSION["userLastLoginDate"] = $row["userLastLoginDate"];
    			
    				$updateuser = "
    					UPDATE		users
    					SET			userLastLoginDate = '".$row["userLastLoginTemp"]."'
    					,			userLastLoginTemp = '".date('c')."'
    					WHERE		userName = '".$userName."'
    				";
    				$resultuser = mysql_query($updateuser) or die(mysql_error());
    				
    			}
    			else {
    				$error = true;
    				$erroruserPassword = true;
    				$erroruserName = true;
    			}
    		}
    	}
    	
    	function loguit() {
    		session_destroy();
    		header('Location: index.php');
    	}
    	
    	function addProduct($categoryItemName,$categoryItemCategoryId,$categoryItemInformation,$itemInformationName1,$itemInformationInformation1,$itemInformationName2,$itemInformationInformation3,$itemInformationName3,$itemInformationInformation3,$categoryItemPrice,$itemImageName1,$itemImageName2,$itemImageName3,$itemImageName4){
    	}
    	
    function resizeImage($originalImage,$toWidth,$toHeight){
        
        // Get the original geometry and calculate scales
        list($width, $height) = getimagesize($originalImage);
        $xscale=$width/$toWidth;
        $yscale=$height/$toHeight;
        
        // Recalculate new size with default ratio
        if ($yscale>$xscale){
            $new_width = round($width * (1/$yscale));
            $new_height = round($height * (1/$yscale));
        }
        else {
            $new_width = round($width * (1/$xscale));
            $new_height = round($height * (1/$xscale));
        }
    
        // Resize the original image
        $imageResized = imagecreatetruecolor($new_width, $new_height);
        $imageTmp     = imagecreatefromjpeg ($originalImage);
        imagecopyresampled($imageResized, $imageTmp, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
    
        return $imageResized;
    }
    ?>

  4. #4
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2001
    Location
    Vancouver BC Canada
    Posts
    2,033
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    From the looks of that code, I expect it's a custom built CMS. Have you checked with the builtwith.com website? That often picks up common CMS systems but not always and definitely not if it's a custom built setup.

    What does the directory structure look like? Often you can detect the type of CMS based on the way they set up their directory structure.
    Andrew Wasson | www.lunadesign.org
    Principal / Internet Development

  5. #5
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,194
    Mentioned
    17 Post(s)
    Tagged
    4 Thread(s)
    Looking at that code user info is stored in the users table. The password and usernames are in columns userName and userPassword. The password is a md5 string.

    PHP Code:
                $query    =    "
                    SELECT        *
                    FROM        users
                    WHERE        userName = '"
    .$userName."'
                    AND            userPassword = '"
    .md5($userPassword)."'
                "

    The only code I hate more than my own is everyone else's.

  6. #6
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,077
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    When you do a "view source", is there anything in the HTML code that gives a clue as to what the CMS is? Is there a table for user groups and a table for recording what user groups a user is a member of? If the owner is already registered as a user of the CMS you could try to manually add them to whatever usergroup is made up of Administrators.

    In any case I think you should consider migrating the site over to a new CMS because:


    • That CMS is using the mysql_* extension which is now depreceated as of the current version of php, the mysql_* extension will very likely be removed from the next version of PHP. You should now be using either the mysqli_* extension or PDO (PDO is prefereable as it doesn't tie you down so much to a given database server software).
    • It appears that user submitted data is being plugged straight into a query, you should be sanitizing the contents of the user submiited data (in this case the username and possword) before allowing it anywhere near the database (either by use of the mysqli_real_escape_string() string function or more preferably by making use of prepared statements) otherwise your code will be vulnerable to an SQL Injection attack. All user submitted data no matter how it's being submitted (GET, POST or REQUEST arrays or a cookie) must always be considered unsafe untill it has been validated and sanitized.
    • The md5 hashing function is no longer secure, it can be brute forced given enough computer processing power and it has been "rainbow tabled" to death. At the very, very minumum you should be using a strong salt when hashing a password. I'm recoding an app myself atm, and I've gone for sha512 and will have an individual salt for each user and a separate common salt with both salts being used (I need to look up the implications of that).
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  7. #7
    SitePoint Member
    Join Date
    Sep 2013
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by oddz View Post
    Looking at that code user info is stored in the users table. The password and usernames are in columns userName and userPassword. The password is a md5 string.

    PHP Code:
                $query    =    "
                    SELECT        *
                    FROM        users
                    WHERE        userName = '"
    .$userName."'
                    AND            userPassword = '"
    .md5($userPassword)."'
                "

    So I found the Username and MD5 hash (password) in the database, but is it even possible to decrypt in an easy way?
    I think it's a custom cms, I can't find anything that points in the direction of common cms.
    If i can't decrypt it, how can I get access? Or you just can't?

    I am aware that the website should be updated, but the owner doesn't want it at this time.

  8. #8
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,194
    Mentioned
    17 Post(s)
    Tagged
    4 Thread(s)
    You will need to create an account manually. Hopefully that is as simple as creating a new record in the users table though it could be much more complex. The best thing to do is get a local copy and start playing with it. I wouldn't recommend doing anything on the live server.
    The only code I hate more than my own is everyone else's.

  9. #9
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2001
    Location
    Vancouver BC Canada
    Posts
    2,033
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Have you found a reset password function or routine? If so, I would change the email address for the admin account and do a reset password, where if all goes well you should receive the password reset link or instructions.

    Sadly, I've run into this issue numerous times and more and more often over the past 5 - 6 years. In most cases, I've found it most economical to whip together a duplicate of the site using a well supported CMS like Drupal and importing the content. If it's a very complex site, you end up looking at a fairly involved build though. I just quoted on a pair of related websites that require this type of treatment and it's not going to be cheap. On the upside, they'll have a spanky new site in a fully documented CMS.
    Andrew Wasson | www.lunadesign.org
    Principal / Internet Development

  10. #10
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2001
    Location
    Vancouver BC Canada
    Posts
    2,033
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by oddz View Post
    You will need to create an account manually. Hopefully that is as simple as creating a new record in the users table though it could be much more complex. The best thing to do is get a local copy and start playing with it. I wouldn't recommend doing anything on the live server.
    I agree, you should be able to create an account and hash the password using md5 and get access to the internals. You'll want to see if there are any roles that provide you with more or less access and make sure you have a top level account but that should be quite doable.
    Andrew Wasson | www.lunadesign.org
    Principal / Internet Development

  11. #11
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,077
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Yatsuba View Post
    I am aware that the website should be updated, but the owner doesn't want it at this time.
    How much control does the owner have over the configuration of the server? If they don't any control over what version of PHP is installed you should explain to them that if however controls what version of PHP is on the server, installs the next version of PHP, there's a strong possibility that the site could completely break if that version of PHP is one where the mysql_* extension has been removed.

    With that screenshot in post #1 (login-screen?), can you please copy and paste the output of a view source into this thread? There might be something there that would give someone a clue as to what CMS it is.

    What's the general purpose of the CMS (eg; a blog, a forum, a wiki, etc)?
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  12. #12
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,194
    Mentioned
    17 Post(s)
    Tagged
    4 Thread(s)
    On the upside, they'll have a spanky new site in a fully documented CMS.
    You must not be talking about Drupal than. More than 50% of the time I find myself needing to crawl code to figure things out. Especially with contributed modules. Most contributed modules lack any form of documentation besides a worthless readme file. The Drupal ecosystem as a whole is pretty powerful for being free so it is a trade off. No developers enjoy writing documentation.

    However, I will concur with what your saying if redevelopment of the site is practical given the clients budget.
    The only code I hate more than my own is everyone else's.

  13. #13
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,194
    Mentioned
    17 Post(s)
    Tagged
    4 Thread(s)
    Quote Originally Posted by SpacePhoenix View Post
    How much control does the owner have over the configuration of the server? If they don't any control over what version of PHP is installed you should explain to them that if however controls what version of PHP is on the server, installs the next version of PHP, there's a strong possibility that the site could completely break if that version of PHP is one where the mysql_* extension has been removed.

    With that screenshot in post #1 (login-screen?), can you please copy and paste the output of a view source into this thread? There might be something there that would give someone a clue as to what CMS it is.

    What's the general purpose of the CMS (eg; a blog, a forum, a wiki, etc)?
    If someone can't even find the authentication credentials for a site what makes you think that they are interested or qualified to re-engineer a CMS. I completely agree that there are issues just looking at the code but it doesn't sound like the client is interested nor service provider has the capabilities to redevelop/secure the system. So I don't think it is worth dwelling on. Sounds like this is a case of letting the owner learn best through failure.
    The only code I hate more than my own is everyone else's.

  14. #14
    SitePoint Member
    Join Date
    Aug 2013
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I saw some kind of CMS before, the one from the Vietnam, but I do not know what CMS it is.

  15. #15
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,269
    Mentioned
    196 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by gracerivas View Post
    I saw some kind of CMS before, the one from the Vietnam, but I do not know what CMS it is.
    Seeing "Gebruikersnaam" and "Wachwoord" on the log in image I would have guessed that if not a Localized English CMS it might be Dutch or German, but I certainly would never have quessed it was Vietnamese!

  16. #16
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,509
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    That's dutch

    Anyway, instead of creating a new account, you might also just update the password with a md5('new password') for the admin through PHPMyAdmin (for example).

  17. #17
    SitePoint Member
    Join Date
    Aug 2013
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think this Cms is wordpress.Sorry i don't have idea how to acess other user.

  18. #18
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,269
    Mentioned
    196 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by anupam27 View Post
    I think this Cms is wordpress.Sorry i don't have idea how to acess other user.
    Why do you think it's WordPress?
    Is there some telltale sign visible in the screenshot that clues you in?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •