Hi, Newbie here- posted in the wrong section yesterday. I got a website created but it does not have a lost password script. I was wondering if I could use a readily available open source script and upload it to my hosting server- would that work? It's not the password to my hosting account, but to the admin section created by the Indian programmer. This guy - Connectix.net also at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it , sold me the script in December of 2006, and I sent him the specification for my website, but instead he created a competing website! He added all the things he told me he could not create for me onto the competing website! Additionally, he purchased and used my expired domain extension, but with the same domain name! He has consistently ignored my request to get a completed site.

I paid him extra to add the missing things, including pages I added to the database- before I bid, his ad stated, and he confirmed that he would help me if I needed help, plus it said that additional pages and changes could be made if I wanted to. After a year of him ignoring my request for assistance I tried to ad subpages, but when I tested the links going to the new subpages it comes up with an error message, example: http://www.(domainname).com/%22links.php?ax=list&sub=72&cat_id=106/%22

So I know now I have to find a way to display the contents of my database from my hosting panel, and then (somehow) add the new subpages?


From my admin section, it comes up with a blank page and error message: "You have entered the wrong password. Click here to Login again". Once I click to try again, the URL goes to: http://www.(domainname).com/siteadmin/index.php

and the URL of the page that asks to enter password says: "http://www.(domainname).com/siteadmin/?login=true"

The problem is when I want to access the- http://(domainname.com)/siteadmin page. I am also a newbie to php- I just started reading on it!

How do I reveal my own password to my own site? Or even better, get a simple 'lost password' code to upload to my hosting account so I won't be locked out of my own site (since March)? Also, how do I reveal the contents of the site's database so I can edit it by adding the new subpages- or is this the right way to do it? I would gladly just pay a few bucks to a programmer who knows how, but I know I should add a few more bucks to that and learn how to do it, so I can add as many subpages as I want, etc. Please help? If there was a place I could report this guy and his 'company' believe me I would, but I just want my site working- I paid for it!

Retrieving the current password is likely not possible, but changing it probably is.

There are 3 basic ways to password protect a portion of a PHP script. Since you can apparently use FTP to browse the files that make up this site, that gives you two methods to change that password.

First method, htaccess.
Look for a file named .htaccess in the protected directory. Temporarily renaming it may allow you to get to the page you want without a password prompt at all. Viewing the contents of the file would at least tell you the user name portion. Your web hosts control panel likely has a link that allows you to re-password protect teh directory with a password of your choosing.

Second method, username and password stored in a configiration file.
Look for a file with a name like config.php, configure.php, settings.php or possible database.php or something similar. Possibly you'll see something like

$admin_user_name = 'admin';
$admin_password = 'adminpassword';

of course it could be anything, but you can edit the php file with a plain text editor like notepad, change the password to something else and upload the edited file back to where it was.

Third method, user name and password stored in a MySQL database.
If you can login to your web host's site control panel, it's likely they have a link to something called PHPMyAdmin there. That will let you browse the databases connected to your site.

Inside databases, are tables, and tables store the actual data. Again the table name with the admin login info may be called anything, configuration, config, settings etc.

If you can locate the table row that contains the admin user name and password, you likely will only see an encrypted password, but you can edit the record, and remove the data from the password field entrirely. (probably best to copy and paste the encrypted password into notepad, in case you need to put it back.)

Possibly you can just enter a plain text password, or leave the password field blank.

If you can login, look for a change admin password function and set it to something you can remember.

If the script won't allow a login with blank, or an unencrypted password, then you will need to set the password manually, using a mysql query. You can do that in PHPMyAddmin too.

Once you have found the database in PHPMyAdmin, select the table from the list on the left that contains the user password information. Then click the brows button.

Take note of the column names, with the data in them. Determine which row of data needs changing, and which column.

Then click the SQL link near the top.

Enter...

Code:

update TABLE_NAME set PASSWORD_COLUMN_NAME=password('newpassword') WHERE USER_COLUMN_NAME='admin_user_name';

Of course you'll need to replace the TABLE_NAME, PASSWORD_COLUMN_NAME, USER_COLUMN_NAME and admin_user_name with the column names and user name found when browsing the table.