Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Deleted admin account while logged into dashboard in PEBKAC incident - how to resolve?

odeclasodeclas
edited September 2010 in Vanilla 2.0 - 2.8
Ok, in a numbnuts attempt to understand why SSO wasn't working, I deleted the admin user account instead of updating the email field like I meant to. So now I can't access any part of the app - what do I need to do (other than CTFO) - delete config.php? manually create the user in some table somewhere?

And I do hope this has given at least some of you a chuckle....
Tagged:

Comments

  • Options
    matt531320matt531320
    edited September 2010
    Did you do this in mySQL? If so, did you back up the database before you went making changes? (always a good idea :D ) I would try recreating the user in the mysql table or wherever you did it (too bad mysql doesn't have an undo button - that I know of).
  • Options
    odeclasodeclas
    No - I did this while logged in to the dashboard. I've never known an application let admin 'commit suicide' before. Anyhoo, I guess I'll just delete the database and reinstall. It's a test system so there's no data in it.
  • Options
    ithcyithcy New
    edited September 2010
    if you manually create a record in mysql, you can use a hack to get in. only do this if the forum is not live, meaning no one has access to it but you. This will let any existing user log in with any password so it's about as big a security hole as you can create for yourself :)

    You can temporarily disable password checking by inserting a return true; at the top of the CheckVanilla function in the file library/core/class.passwordhash.php. (currently line 82 of that file.) This way you can log in with your new username and any password. From there you can change your password from your profile page.

    you also have to set the Admin field to 1 in mysql to give yourself Master Admin privileges. (at least I believe this is how it works.)

    remember to remove that return true when you're done creating the new account.

    So, create a new user with the password "aa", Admin set to 1, insert that return true, log in as the new user with any password, go to your profile page and change your password, and delete that return true.
  • Options
    odeclasodeclas
    Useful to know thanks. In the end as I had no data in there I just deleted the database and wiped config.php and re-installed. This time I remembered to set the admin email to the same one as the admin in the SSO source and that bit's working fine.
Sign In or Register to comment.