When you’re locked out of Heaven (I mean Umbraco)

I wanted to write this down as I’ve used it a few times and when I’ve been on the way to destination fucked, and I’ve bought tickets for all my dev team, this has helped me out. So if you’ve bought a family class ticket to destination fucked, and you want to get off, you may want to read this.

I went on an Umbraco course some time ago, the only thing I can remember is Umbraco is ‘Danish’ for Allen key, or as I like to call it, a FUCKING TOOL.

I’ve recently seen a situation whereby a bunch of users have become locked out of an Umbraco installation. The problem with users is after fudging their passwords several times, Umbraco locks the account without being particularly verbose about telling you so.

So if you find yourself in this situation, the following can help, which I’ve seen work and played around with myself on various sandbox installs. (I fckn hate Umbraco by the way, give me Kentico for Enterprise CMS’s, heck even Craft or WordPress for almost 90% of people)

Method 1 – you have to know what you’re doing here & be comfortable modifying the database.

  • In the config file of the Umbraco application do a search for ‘hashed’. This will yield a couple of hits usually, one for users and one for members.
  • Change the value ‘hashed’ to ‘clear’ to force Umbraco to store subsequent passwords in clear text.
  • Now open the user table in the database & in the password column you’ll see the users current password albeit in a hashed format.
  • Change this value to something you’ll remember in clear text.
  • Login to Umbraco using these details, and stay logged in whilst doing the step below
  • Change the web.config file back to ‘hashed’ instead of ‘clear’ – you do this because storing clear passwords is a security concern.
  • When the config is changed back to storing passwords in a hashed format, you can go to Users in Umbraco & change the password again to something which will then be suitably hashed.

The other way of doing this is manipulating the SQL database in a different way, inserting a default password in.

  • Find the users table in the database, in the password column you can change it to bnWxWyFdCueCcKrqniYK9iAS+7E= and if you’re wondering, this is the hashed value for the word ‘default’
  • You can then easily log in using this password & change it in the Users area of Umbraco in the normal way.

If you want to be fly, you could use a SQL command, saved as a script to get you out the shit in future destination fucked events. It’d look something like;

UPDATE umbracoUser set userdisabled=0, userLogin='admin', userPassword='bnWxWyFdCueCcKrqniYK9iAS+7E=' where id=0;

Do remember to change the userLogin if yours is not admin, if you choose to run this SQL script.

Tips

You can use any online hash calculator to generate a hash, https://www.pelock.com/products/hash-calculator is a good one. Also a good one http://www.fileformat.info/tool/hash.htm

There’s a pretty good article here on how Umbraco hashes and salts passwords here http://blog.reneorban.com/2014/10/hash-and-salt-umbraco-passwords.html and you can’t go wrong visiting the Umbraco forum. There’s also a better step by step guide here

http://dejanstojanovic.net/umbraco-cms/2014/april/i-lost-my-umbraco-admin-password-now-what/

Credits

Umbraco.org

http://www.codeshare.co.uk/blog/how-to-reset-the-umbraco-admin-account-password/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.