lost password and reset does not work by email address (Version 5.4.1.1)

Permalink
Hi,
Our website has been hacked a few weeks ago; I cannot access it anymore.
I tried to reset the password but I don't receive any email through the process.
No previous backup works.

I only have access in cPanel of the website.
Can I change the password directly in the database if I know the admin user?
How and where in the database?

I desperately need help; Thanks greatly in advance.

Styves
View Replies:
tallacman replied on at Permalink Reply
tallacman
this is the easiest way:https://documentation.concrete5.org/tutorials/reset-password-manuall...

you can also dig into the database with phpmyadmin to change it and the superuser to yourself if needed.
If you need help I can fix you up for free.
Styves replied on at Permalink Reply
Styves
Hi,
I don't have access by ftp.
I can have access through phpMyAdmin.
What are the fields that I need to search and change?

Thanks Tallacman
tallacman replied on at Permalink Reply
tallacman
Users

admin (superadmin) will be uID 1
try changing the email to your email first, then you should be able to just get a password reset email.

Otherwise, you'll have to replace your password hash with a KNOWN hash that will allow you to sign in.
tallacman replied on at Permalink Reply
tallacman
you can also look in your Logs table and find the reset password link that was sent but didnt reach you
Styves replied on at Permalink Reply
Styves
I change the email but it still don't work to reset the password.
Try many times; still the same.

I checked the logs; it got this error message:
does not match the expected structure for a DNS hostname, '' does not appear to be a valid local network name

This is where I am now.
ConcreteOwl replied on at Permalink Reply
ConcreteOwl
This is suggesting that the email address you used is malformed.
Styves replied on at Permalink Reply
Styves
I tried again, but no result.
I quadruple checked the address email; niet nothing.
Don't know what else I can do.

Thx guys.
hutman replied on at Permalink Reply
hutman
When you say you "checked the logs" did you actually go into phpMyAdmin and look at the Logs table for the email that would have been generated? The content of the email (which has a record in the Logs table) should have the reset password link.
ConcreteOwl replied on at Permalink Reply
ConcreteOwl
Hacked!
Are you sure the server php version hasn't been upgraded to version 7?
This would have the same effect...
Styves replied on at Permalink Reply
Styves
There was no update; thx.
mnakalay replied on at Permalink Reply
mnakalay
I'm not sure I understand. You said you had access to cpanel but then you say you have no FTP and no phpMyAdmin access. How is that possible? If you have cPanel you have access to phpMyAdmin and to the file manager.

Can you explain?
Styves replied on at Permalink Reply
Styves
At the time that I wrote this, I didn't have access to ftp. Now I have.
But phpMyAdmin I still have access. Thx.
thompsonmax replied on at Permalink Reply 1 Attachment
Hi everyone, this is my first comment here. Interesting thread, thanks for the information.
mnakalay replied on at Permalink Reply
mnakalay
So if you have access to FTP you could try this tool but it's supposed to work from version 5.5. It might still work with 5.4 though.

https://github.com/mkly/concrete5-Lockpick...
Styves replied on at Permalink Reply
Styves
Ok, I tried what you gave me, nothing happen, It don't work. Thx.