Concrete 9.3.9 - How do I change the password for Admin?

Hey Pete, Glad it worked for you and good job using it

Good Morning from a wet and windy Cymru

I have re-run your script Nour, and it gets me to the site and the usual tools across the top of the screen as if I had logged in as Admin. However, clicking on any of the tools brings up a screen with the error message:

“An unexpected error occurred.
Invalid form token. Please reload this form and submit again.”

That message also seems to ‘Unlog’ one so to get back again I need to re-run the script. That seems a pity as we are nearly there, but there is one last barrier to overcome. I will remove the script now and hope that somebody can come up with an idea as to why it does not quite work as expected.

Thanks to everybody for your contributions.

Best wishes

Pete

You might have a discrepancy between server time and your website. Try logging in again and instead of clicking on anything navigate to /dashboard
One inside the dashboard go to where the time zone is set and see if an error is indicated. Concrete will tell you if there’s a discrepancy.

Hi Nour

Thank you for that suggestion. However, once logged in as Super User none of the buttons work so I cannot get to Dashboard. A bit frustrating…

Regards

Pete

Try just adding /dashboard to your website’s address

Good Evening Nour and Fellow Coders

This has been an interesting evening so far. I have followed your suggestion of adding ‘/dashboard’ to the URL, Nour, but unfortunately that simply throws up an Error 404 message and throws me out. I also followed up your suggestion of checking the dates and you were correct. There was a huge difference which seems a bit odd. Anyway that was soon fixed but sadly made no difference to your script’s operation.

I also went back to the Forgotten Password routine to see if it could be persuaded to send me an email. It did not. That is a strange problem to my mind. The clever folk who built Concrete have created a password reset script and when run the system generates an email which gets shown in the email log. The strange bit is the barrier that stops the mail actually being sent. I presume, probably incorrectly, that there is a checkbox somewhere which must be ‘on’ rather than ‘off’ for this to happen, but I have not been able to find it. If I am right, does anybody know how to get at it?

Fortunately my systems security training from long ago was actually used when the site was set up. I made the friend who has provided large amounts of content an administrator as a backup in case of trouble. He was not keen to post stuff on the site and usually sent it to me. It was only this morning that I remembered his access rights so a quick email yielded his login. With that I have created another administrator login for me. I was planning to delete Admin, but I can find no way to edit the existing details for Admin. If anybody can point me in the right direction for that I would appreciate it.

At one level this query is solved in that I can now log into the site. However, at a more fundamental level the query has not been resolved. The Change Password routine still does not work correctly and unfortunately Nour’s excellent script does not quite work in Version 9.3.9.

Thank you to everybody who has followed the thread and contributed suggestions. I greatly appreciate that support.

Regards

Pete

You may need to add index.php to the Dashboard URL. Try adding this to your site URL

“/index.php/dashboard/”

I’m a bit confused. You said my tool allowed you to log in as an admin, and you could see the toolbar. What aspect of my tool didn’t work in 9.3.9?

It’s only there to log you in, not to fix unrelated issues with the website.

Can you tell me more in case there’s something I need to fix?

As for the 404 when following /dashboard, @mhawke is right you might have to add index.php

The change password routine probably works. If you see the messages sent in the logs then it works. But if your website is using the default PHP mail() method instead of an SMTP server, and if your DNS wasn’t set up properly to deal with DKIM and SPF, chances are the messages sent are flagged as spam by your email and rejected.

I might be wrong but this is a very likely scenario.

The admin (or Super User) MUST have an ID of 1. That’s how we know it is the Super User. You cannot delete it from the dashboard.

You could delete it from the database but that will most likely not solve the problem.

What is more my tool lets you modify the Super User’s password to whatever you like so doing anything more to the Super User account beyond that is unlikely to solve other problems your website is experiencing.

Again, if something my tool was supposed to do didn’t work please let me know what is was so I can fix it.

Good Evening Nour and Fellow Concreters

Thanks for your posting. I have become quite good at adding your tool, but this evening I also have taken some screen shots to explain what happens. I have also checked what the systems specifications are. Concrete is Version 9.3.9, DB version 20241115093300. Embarassingly, I discovered that I am running PhP V 7.4.33. Top of my next jobs list is to update that 8.4.

Picture 1 below shows that the Tool has got into the site since the editing tools etc. are shown across the top of the screen:

Screenshot 2025-04-17 19.44.141919×428 176 KB

The next thing to do was to click on the last button to get to the dashboard. The system accepts that and begins to load it slowly (see second picture). The blue progress line creeps across the screen until it reaches the right hand edge at which point one would expect the dashboard menu to open. It does not.

Screenshot 2025-04-17 19.45.121915×442 109 KB

When logged in as Admin equivalent choosing the dashboard button causes it to be loaded (blue line) very quickly and then it drops down quickly.

Your suggestion for the Password Reset email sounds logical so I will need to do some learning about that part of the system as I have never been to investigate there. That looks like item two on the jobs list.

So, for me, now being able to edit content again it an excellent outcome. However, I would hope to fix that email issue and report it here so that others with as little knowledge as me can do the same.

Once I have updated to PhP 8.4 I will try your tool once more and report back. Thank you for all the suggestions.

Best wishes

Pete

Good Afternoon from a moist & windy Cymru

Something of a non-sequitor here: Thanks to Matthew83 for the suggestions. I have carried them out and learned yet more about how the Concrete system and underlying software works. I am not yet able to check out whether the changes made have been successful as an Error 403 is stopping me loading the site. The Server Team are on to that issue which might be because I have updated PhP this morning. (Matthew has withdrawn his comment from this discussion)

Regards

Pete

If you mean the advice to modify the password directly in the database I hope you didn’t take ot. If you did you most likely now have a non working password.

Just a little update. Things are moving in that I have updated PhP and taken advice from the Server Team about the mail problem. They kindly gave me detailed instructions about where to look to find if it was set up for SMTP. I found that it was, but the parameters down the page were not filled in. I have sought their advice about the Mail Server address, etc. and hope to get that correct very soon.

It was interesting to follow Matthew’s suggestion to find user passwords. For once this search was successful and I found the Admin password. That I copied into an online decryption app to see if it would reveal the password as readable text. The app got as far as telling me it was an MD5 encryption, but ran out of time before it yielded an answer. I then had an interesting diversion into email and encryption. Since the email problem was not yet fixed it hardly seemed worth the effort of generating a new password, encrypting it and updating the database. After all, if the system can only cope with (say) MD5, doing an SHA-3 encryption might screw the system.

So small progress and much new stuff learned.

Regards

Pete

That message was moderated as ai generated spam, largely a verbose and pushy rewrite of previous advice with some wrong suggestions.

There were a few spams in similar style on other threads.

Always check the date joined.

Good Morning Folks

Thanks for the warning John. I find it hard to understand why anybody would want to spam a site such as this.

For those of you who like to follow ongoing sagas, here is the latest update. With help from the Server Team the email properties are now all entered, with the exception of a password. I am not sure if one is needed and if so which one. With the other necessry parameters entered the test button was clicked and no email was received by the addressee. I have logged in on the other administrator account and had a look at the logs. The test email is not shown in the list.

Out of curiosity I have tried running the Forgotten Password routine again. It goes through the motions but this time spits out a new error message:

“cannot connect to host; error = stream_socket_client(): unable to connect to tcp://cp164176.hpdns.net:1 (Connection refused) (errno = 0 )”

Does that ring any bells for those of you who are experts at what goes on ‘under the bonnet’?

Regards

Pete