I've encountered an issue while assisting someone with their legacy web application that's being hosted on Apache Tomcat with a SQL DB. Most of the user accounts on the DB that has access to the web application has been locked out due to max login attempts. To make things worse, they do not remember the passwords; including the admin accounts access that is able to make resets via the web app. I'm trying to either A) Create a new admin account in the table to get admin access back to the webapp for them or B) Recover their passwords and reduce the login attempt limits that have cause majority of them to be locked out. Really stuck from here and not sure where to progress.
This is what I've done:
I've looked up the SQL User Tables to ascertain if I can see their passwords in plain text. However, the password columns are ciphered in someway. From the only user that has access to the web app. We confirmed that passwords are alphanumerical - but on the tables the register as numericals like:
-1662545724
I had also checked if the table creation has some sort of hashing or salt did not show anything. This was the output:
CREATE TABLE user (
userID int(10) unsigned NOT NULL auto_increment,
userName varchar(100) NOT NULL,
password varchar(100) NOT NULL,
name varchar(255) NOT NULL,
initials varchar(20) NOT NULL,
tries int(10) unsigned NOT NULL,
firstLogin tinyint(1) NOT NULL,
roleID int(10) unsigned NOT NULL,
createdBy varchar(100) NOT NULL,
createdDate date NOT NULL,
createdTime time NOT NULL,
modifiedBy varchar(100) NOT NULL,
modifiedDate date NOT NULL,
modifiedTime time NOT NULL,
PRIMARY KEY (userID),
KEY FK_user_roleID (roleID),
CONSTRAINT FK_user_roleID FOREIGN KEY (roleID) REFERENCES role (roleID)
) ENGINE=InnoDB AUTO_INCREMENT=142 DEFAULT CHARSET=latin1;
The user table insert is as shown below. Only 1 singular account is currently active amongst about a 100. We have a plaintext password for it and this password is reflected as its ciphered text in point 1 - Will it be possible to simply duplicate the line, change the username and elevate the roleID to get a new admin user to the web app?
(userID,userName,password,name,initials,tries,firstLogin,roleID,createdBy,createdDate,createdTime,modifiedBy,modifiedDate,modifiedTime)
Will only get access to the server again tomorrow. In the mean time i do have a complete backup of the SQL file only. Seek your kind advices on how i can solve this issue.
Related
I am new to MySQL, so I'll explain by example.
I have 2 tables:
Admins(
id int auto_increment not null,
primary key(id)
);
Users(
admin_id int not null,
id varchar(255) not null,
password varchar(255) not null
);
I basically create an entry for a admin, then I want the admin to be able to add users that are tied to his ID, so then I can also read all users tied to that certain admin (the id and password parameters, to be exact)
I cannot figure out the syntax for how to do this, could anyone provide some help? Maybe there is a way to just write all that data straight in the admin table somehow so I don't have to use 2 tables?
I use PHP to do everything, by the way
what should be database structure (fields in a table) for a user account. what I want when an admin create a new user account, the account should be in Inactive state until the user set the password.
When the admin create the user account it create a url and send to that user on his registered email-Id when he open that url the user see a page for setting password. when he set the password the user account should be activated.
my sample Database structure is below
CREATE TABLE user_account (
user_id INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
fst_name VARCHAR(50) NOT NULL,
lst_name VARCHAR(50) NOT NULL,
email_id VARCHAR(50) NOT NULL,
login_password VARCHAR(64) NULL DEFAULT NULL,
user_created_date DATETIME NOT NULL,
PRIMARY KEY (`user_id`),
UNIQUE INDEX `email_id` (`email_id`)
)
I want to know should I add more field's in the table or a new table for accomplishing this task.
The database structure is a result of what you require your user-related processes should be like. You can derive from the requirements you enumerated what fields you would need. This is, however, not a technical but a model-related question. The answers to this are more or less straight-forward.
If you need the time of registration, create a date field
If you need the user's IP on registration, create a varchar field
If you need to know which user has created this account (e.g. an Admin), create a field that references another User
If you need the user to have different states (DEACTIVATED, DELETED etc.), create a varchar or and int field and define in your application what values it may have.
I currently have a database which many users can access and make changes to. The is also a log database that stores all changes to tables within the database using triggers.
I would like to add the ability to approve edits before they are changed in the database.
What would be the best way to go about this?
We have something similar on one of our sites, we've added a bunch of tables:
users sites ... etc
Then we have a bunch of shadow tables:
users-shadow sites-shadow ... etc
The shadow tables have identical structures to the real tables except for an added line for the user who made the change. So first we use this query when a change is submitted by a user who needs to have his/her database actions approved:
REPLACE INTO users-shadow (user_mod,id,username,password,salt...) VALUES (16,50,'bob','stuff','salt'...);
Obviously, make sure this isn't open to injection, use prepared statements etc.
When approved, a row in the shadow table is simply removed from the shadow table, the user_mod value dropped and changes (non-null values) inserted into the real table (or updated if an id is specified, using REPLACE syntax). We do this logic in perl so sadly don't have any SQL on hand for it.
Remember that SQL REPLACE does a DELETE and an INSERT rather than an UPDATE. You will need to amend any triggers to allow for this behaviour.
Note: The reason we didn't use an 'approve' flag was that we needed the ability to amend existing records, of course we couldn't have multiple records with the same primary key.
well i have made this system once and here is my solution for DB structure and over all algorithm:
there should be a sub system of admin panel which different users can manage their products but every change should be approved by administrator before going affecting the main Product table. there is three main table:
1.Product : store products that have final approved and are used in entire system
2.Changes_versions : a table with One To Many Relation with Product Table that indicates each change version is committed by who , when ,and is approved/rejected by admin or still is in Pending state .table structure is as following :
CREATE TABLE changes_versions(
xid int(11) unsigned NOT NULL AUTO_INCREMENT,
xcreated_date datetime DEFAULT NULL,
xupdated_date timestamp NULL DEFAULT NULL,
xversion int(11) DEFAULT NULL,
xobject_id int(11) DEFAULT NULL,
xobject_type varchar(255) DEFAULT NULL,
xstate enum('PENDING','ACCEPTED','REJECTED') DEFAULT 'PENDING',
PRIMARY KEY (xid)
) ENGINE=InnoDB AUTO_INCREMENT=165 DEFAULT CHARSET=utf8
3.Changes : a table that have One To Many relation with Changes_versions table that keep every column change record of the main Table (here i mean product table) and by approving a change_version record by admin its related changes records will be placed in main table column. table structure is as following :
CREATE TABLE changes(
xid int(11) unsigned NOT NULL AUTO_INCREMENT,
xcreated_date datetime DEFAULT NULL,
xcreated_by varchar(255) DEFAULT NULL,
xupdated_date timestamp NULL DEFAULT NULL,
xupdated_by varchar(255) DEFAULT NULL,
xversion_id int(11) DEFAULT NULL,
xcolumn_name varchar(255) DEFAULT NULL,
xcolumn_value varchar(255) DEFAULT NULL,
xstate enum('PENDING','ACCEPTED','REJECTED') DEFAULT 'PENDING',
xadmin_review text,
PRIMARY KEY (xid)
) ENGINE=InnoDB AUTO_INCREMENT=764 DEFAULT CHARSET=utf8
with this system and table schema i handled to work with record changes, user fetch list of records ,if user have any Pending state change_version, system will pull its related changes records and place them in the right column in the fetched product row(temporary just for displaying) , so even if user has any pending state changes he/she can see its changes in his/her panel(not main system, only his/her panel).
at the end if system administrator accept a user changes_version version and its related changes records ,system should place each changes table record in the right column of product table(for example i used product table, with this system you can versioning and admin approving any table).and change version record state to approved and its changes related records to approved to. so with this structure you can save and versioning different tables and keep log of each version changes.
WordPress 3.5.1
WP-DBManager 2.63
Database Type MYSQL
Database Version v5.1.68-cll
Trying to create new table on database for WordPress site using the WP-DBManager plugin.
I click on the Run SQL Query link in the Admin panel and paste in my query which is
CREATE TABLE mg_msl_lookup
(
device_id INT(11) NOT NULL auto_increment,
sku VARCHAR(30) NOT NULL,
manufacturer VARCHAR(30) NOT NULL,
phone VARCHAR(50) NOT NULL,
esn BIGINT(18) NOT NULL,
msl INT(6) NOT NULL
);
I click Run and I get the error message
CREATE TABLE mg_msl_lookup
0/1 Query(s) Executed Successfully
So I did a google search for "WP-Dbmanager 0/1 Query(s) Executed Successfully" and found this forum post on the plugin developer's site. It suggested to put the statement all on one line, so I did:
CREATE TABLE mg_msl_lookup (Device_Id int(11) NOT NULL AUTO_INCREMENT, SKU varchar(30) NOT NULL, Manufacturer varchar(30) NOT NULL, Phone varchar(50) NOT NULL, ESN bigint(18) NOT NULL, MSL int(6) NOT NULL);
Once again I click Run and I get the error message:
CREATE TABLE mg_msl_lookup (Device_Id int(11) NOT NULL AUTO_INCREMENT, SKU varchar(30) NOT NULL, Manufacturer varchar(30) NOT NULL, Phone varchar(50) NOT NULL, ESN bigint(18) NOT NULL, MSL int(6) NOT NULL);
0/1 Query(s) Executed Successfully
I have site wide admin permissions, I can drop/empty tables using the plugin GUI, but for some reason can't create a simple table. I have 40 tables before and after I run the statement.
The plugin developer has these set of instructions on the Run Query page
CREATE statement will return an error, which is perfectly normal due to the database class. To confirm that your table has been created check the Manage Database page.
UPDATE statement may return an error sometimes due to the newly updated value being the same as the previous value.
ALTER statement will return an error because there is no value returned.
I'm gathering that what he means in #1 is that when you run a CREATE statement it will error (so perhaps 0/1 Query(s) Executed Successfully is normal?) so I followed the directions and go back to the Manage Database page but my new table is not there.
Does anyone have any experience with the WP-DBManager that could assist with this ? This is getting rather frustrating.
I opted to use phpMyAdmin to create the tables instead of the plugin, worked like a charm.
I wrote schema:
CREATE TABLE user
(
user_id INT UNSIGNED AUTO_INCREMENT NOT NULL,
fname VARCHAR(20) NOT NULL,
lname VARCHAR(20) NOT NULL,
email VARCHAR(30) NOT NULL,
password VARCHAR(60) NOT NULL,
gender ENUM('M', 'F'),
CONSTRAINT pk_user_id PRIMARY KEY (user_id)
)
But when inserting only two values, lets say the users first name and last name, the email and password are left blank, meaning the not null is not working as expected. I do get 2 warnings when I show them, but the behavior is not as expected. Do I have to specifically make constraints to fail an insert to make sure this never happens?
Unfortunately, mysql does not support CHECK constraints.
They are "valid syntax" in mysql only for compatibility reasons, so you can code them, and the create table SQL will execute OK, but they are ignored thereafter.