I need to reset the admin password in a Sitecore 5.3 installation - any ideas how i can do this? Currently i have no access to the backend, as the password has been changed, but no one remembers to what.
There is no info in the security db that can not be overwritten, so any options are open. I have direct access to the database (SQL).
I don't have an instance of 5.3 running so I don't know if this will fully work for 5.3 but here's my suggestion.
One thing you could try is copying the values of the Passowrd and PasswordSalt field of the aspnet_Membership table in the Core database for a user whose password you know and pasting those values into the respective fields for the admin user.
The aspnet_Membership table stores only the ID of the admin user. To get the ID of your admin user you need to query the aspnet_Users table for username admin. Get the ID of the admin user in the aspnet_Users table, then query the aspnet_Membership table for that ID, update the Password and PasswordSalt fields with the values from another user whose password you know and try logging in again with that user's password.
To reset the 'admin' password and change it to 'b'. It is very simple just execute the provided SQL script on the core database:
UPDATE [aspnet_Membership] SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc='
WHERE UserId IN (SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin')
WARNING (Sitecore 6.x)!
After executing following script (thanks to Harsh Baid)
UPDATE [aspnet_Membership] SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc='
WHERE UserId IN (SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin')
don't forget to execute the similar script for salt:
UPDATE [aspnet_Membership] SET PasswordSalt='OM5gu45RQuJ76itRvkSPFw=='
WHERE UserId IN (SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin')
And for user approve
UPDATE [aspnet_Membership] SET IsApproved=1
WHERE UserId IN (SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin')
Related
i have a django application that carries authentication by requesting a token through MSAL. once i have that token, i will check if that username exists the the local django sqlite db and if it exists, he will be logged into the website. if the username doesnt exist, then the username will be recorded in the sqlite db and the user just need to enter his credentials again for authentication and will be logged in.
what i would like to do is to replace the sqlite db with a snowflake table, which should only have a username and email column. how can i go about doing it? i am thinking that i need to write a custom user class and specifying the correct table in the class meta, switch the database in settings.py to the correct snowflake database (should be possible with https://pypi.org/project/django-snowflake/). is there anything else needed?
I have a custom User model with email as username.
I have encrypted the email field to be in conformity with GPDR (I will hold a lot of personal information).
I have added a email_hash field with index on it for the database to be able to retrieve immediately user.
I have modified get_natural_key of my user object manager to use the hash for retrieve.
But now i face a problem I have to disable the uniqueness on field email (username field) but Django don't let me do it when i try to makemigrations.
myuser.MyUser: (auth.E003) 'MyUser.email' must be unique because it is named as the 'USERNAME_FIELD'.
Otherwise, I want the uniqueness error to be fired on email field and not on email_hash field ....
How to have functional encrypted email field as user and stored hash for index ?
edit:
I have disable uniqueness check on email field and added SILENCED_SYSTEM_CHECKS = ["auth.E003"] in settings.
Now my problem is to have uniqueness error of email_hash rendered as email error to have "A user with that email address already exists." message displayed on correct forms and django rest framework serializer field.
I have a login form. Also I have a huge database. One of the tables in DB is 'zusers', where stores information about users: username, password, 'telefon' and some other columns. I learned about user = auth.authenticate(username = 'John', password = 'pass'). And the question: wheredoes this function check if such user exists or no? And how to do it so that this function check for users in my DB table 'zusers'?
You will need to create a custom authentication backend in Django for your exisiting users. You can read more at the Django Docs: https://docs.djangoproject.com/en/dev/topics/auth/customizing/
You should not need to manual check auth.authenticate but just swap out the backend.
You can also substitute a completely customised model for your Django user to support telefon and the other columns you have https://docs.djangoproject.com/en/dev/howto/custom-model-fields/
I am not going to post any example code as you haven't provided any yourself and the Django links above very clearly show you how to achieve this.
I want to update some fields of auth_user table in django. Actually i am migrating some users from one website to another so i want to update the password field in auth_user table.But when i am using the update query it gives me some errors
some things which i have tried
values=User.objects.get(username=request.POST['username'])
values.password=request.POST['password']
values.password.save()
it gives the error of 'unicode' object has no attribute 'save
and if i tried this one
values=User.objects.get(username=request.POST['username']).update(password=request.POST['password'])
then the error is 'User' object has no attribute 'update'
actually i do not want to send emails to users to update their password and redirect them to forgot password page.
But whenever user try to login to site and if his password do not match but he typed the password correctly but due to migration his password do not work in django then the password he enters must be updated in auth_user table(encrypted password).
In between i have ensure that this user is the authenticate user of previous site.
So please suggest me some way so that i can update his password in auth_user table.
Passwords in django are stored as sha256 hashes, so setting
user.password = 'new password'
is not a good idea. Fortunately django has methods that would take care of hashing your password. Second thing:
values.password.save()
Here you are trying to execute save() method on password object which is a string, not a user object. values.save() would be better, but still not correct. What you want to do is this:
values.set_password('new password') # Takes care of hashing
values.save()
More on the topic in django documentation
(On behalf of OP)
I used this and the problem is solved
u = User.objects.get(username__exact='john')
u.set_password('new password')
u.save()
I wrote an script to import user information from my old site database to my new django database. I should be able to import theses fields: user, email and password.
All passwords users on my old database are hashed with "md5". So... I should get this "md5" hashed password and save as they are on my auth_user database. However, I dont know how to do it without hash it again....
How can I do that?
If I do...
u = User.objects.create_user(user_name,email)
u.set_password(old_pass)
u.save()
the password is hashed again... How can I save a "pure" password?
Just directly set the password attribute.
u.password = old_pass
The set_password function is intended as a helper to use because u.password = 'some_pass' will just store the password directly in human-readable form -- it doesn't apply here since you already have the hashed password.