Db password encryption

Hello, I need to change my db password and saw the MD5 encryption does not work. Can you please tell me which encryption to use to change my db password? Thank you.

by “db password” you mean the password for your shop account?
create new account with the password you want and copy its oxpasswort and passsalt to your original account

Hello Vanilla Thunder. Thank you for your reply. No, I do not mean my account password. I re-installed Oxide eCommerce and used a new Db password during the install. Now I need to restore an earlier backup of my Db but when I restore it, the shop is broken. I need to change the Db password to the new one in my config.inc.php file. To do that, I need to know which encryption the Db uses for its password. Then I could change the password and restore my site. Otherwise I must delete it all and start again from scratch, sheeeesh! Thank you.

RMIGTHY1,

It seems to me there is some confusion with the DB Password.

  1. The shop dbPwd is not encrypted at all but human readable in the shop file config.inc.php:

$this->dbPwd = ‘xxxxxxxxxxxxxxxxxx’; // database user password

If you change it during a new shop installation then the shop cannot access the DB if you did not change it in phpMyAdmin for the assigned DB as well.

  1. The MySQL Shop-DB-Table Pwd must match the shop dbPwd. Furthermore dbName, dBUser etc. must also match … If not, then change it in phpMyAdmin.

  2. Restoring an earlier backup should be no problem as long as the shop version remains the very same and DB structure remains unchanged. In any case the dbPwd is not included in the db-backup.

Hello Earlybird. Thank you for your reply. Yes, the un-encrypted password in config.inc.php is what I want to install in the oxuser table via phpadmin. If you compare the two, you will see that the config.inc.php password is encrypted in the oxuser table of the database. Most other programs I use have the MD5 hash for encryption and it works quite well. But in oxide it does not work so I concluded that oxide must use a different encryption hash. That is what I am trying to determine. When the database is exported the password in the oxuser table is exported with it. Upon importing, it is also imported with it. Since I now have a database/config.inc.php password mismatch (as I have had in other situations before) I would simply fix it by using the MD5 hash to change the Db password and be merrily on my way. But the MD5 hash does not create a match in the oxuser table to the config.inc.php password. So, knowing the correct encryption for the oxuser table password is what I am trying to ascertain. Someone has to know the answer and I am hoping they will chime in. Thank you!

RMIGTHY1,

Please note:

The shop DB table oxuser -> OXPASSWORD (md5 and salt) is NOT related to the dbPwd but only for user login to the Shop (on the backend Oxid Admin and frontend for registered customers).

The backup file contains following information in the header that you might want to change before you run the import
Host: [dbHost]
Database: [dbName]
These 2 should match or can be changed but there is no dbPwd included here.

However in your case, the dbPwd can be changed like that:
Select the shop DB in phpMyAdmin and then under the menu “Rights -> User -> Action”, copy and paste the Pwd from the Oxid file config.inc.php to MySQL input field for existing user.

Alternately you can create a brand new empty Shop-DB with the dbPwd you like and import the backup file.

Hope this helps.

Excellent Earlybird. Thank you, that is exactly what I needed. I love it. Thank you so very much!

Ooops, thought I was ok. Under “Select the shop DB in phpMyAdmin and then under the menu “Rights -> User -> Action”,” I cannot find the “Rights” menu. Must be my host config.

I liked your “Alternatively” shortcut but I am still inhibited by not having access to the “Rights” menu.

Thank you so very much Earlybird for your help!

Solution:

If Rights settings are not available in phpMyAdmin due to webhoster restrictions, then you should at least have a control panel with your webpackage, where you can enter basic settings that are required in any case for a DB like dbHost, dbName, dbUser, dbPwd - so you should be able to change the dbPwd there.

Thank you again Earlybird. You are right. I have changed the Db password in my cPanel and assigned all permissions. But when I try to import my B-U Db, phpMyAdmin tells me I must have SuperUser Rights. I do not know how to obtain such rights. So I have essentially lost my shop.

I also am having many problems getting the NA_shop to install properly. It was installed properly in the backed up DB which I cannot restore but for the life of me I cannot re-install it from scratch again like I did the first time.

[QUOTE=RMIGHTY1;124993]But when I try to import my B-U Db, phpMyAdmin tells me I must have SuperUser Rights. I do not know how to obtain such rights. [/QUOTE]

Ask your Hoster to grant you those rights (“CREATE VIEW” for example, maybe others as well needed). If he can not change this, ask him to import the backup for you.

Have a look at MySQL-Dumperfor the next time, a great and mighty, but yet simple tool for creating and restoring DB-backups.

RMIGTHY1,

I’m realy sorry about that kind of trouble you got with db access rights and agree to Ray’s suggestion to talk to your webhoster first of all. In this case they should be fair to help you along - if not, then I can give you another workaround.

Thank you Hebsacker and Earlybird. I have taken Hebsakers advice and contacted my web host. They restored my Db backup and I now have most of my website back. I must re-install the logos and product pics but I consider myself blessed just to be able to do that.

OK, I am back to my earlier problem however as I am unable to login to the backend. Again I went to phpMyAdmin oxuser to enter the password I have stored in my Roboform and used the MD5 hash but it did not work. So, I have much of the website restored (including the NA-shop module) but cannot sign in to my back end. So now my question is, which encryption do I use to be able to change my Admin password?

As I have re-installed the oxide program several times trying to get the NA shop to work, I have changed the admin password with each new install during the installation process. I have no idea what the admin password was for the old DB backup I just had restored. I know I should be able to change the admin password via phpMyAdmin in the oxuser table. In other programs I have used, the MD5 hash is used but it does not work here for me in oxide. Any help is appreciated of course! So close and yet so far.

you could use “Forgot Password” in the frontend - click on “Account” and then on the question mark behind the Password field

btw - are you using MySQL 5.5?

Hello Hebsacker. Thank you, thank you. That worked. I did not associate signing in the backend with signing in the front end. Duh! I just never did that with oxide but frequently do that with Joomla! What a relief I got my website back with your help and Earlybirds help. I am so very very happy. Thank you again.

I d/l’s MySQL Dumper, thank you! Will try it soon.

BTW, what is the DB password encryption? Is that supposed to be a secret?

MySQL is v. 5.1.68.cll

Ray

MySQL version is ok - there is a known problem with version 5.5

the password encryption is SALT with MD5

Thank you for that Hebsaker. My other host has MySQL v.5.5.xxxx.

Well, I really messed up this time. The NA Shop template did not have any settings in the back end. So I deactivated it and activated the standard Azure template. I followed directions in the readme for NA Shop, deleting the temp folder contents, activating the NA Shop in the back end, under tools renewing the Db view and re-activating the NA Shop template. Everything broke. I can no longer sign in to the backend. I cannot change the password as before because the front end only gives me the “Offline” page. I have asked my webhost to once again restore the old DB BU. Hopefully that will get me back to life again.

BTW my shop version is 4.6.5_49955_2 because v.4.6.5 is latest version that NA Shop was reported to work on.

My host is looking into why my phpMyAdmin keeps telling me I need “SUPER privileges” to import a DB.

Sounds like my “Plan B” to transfer the site to my other Host may not work as they use MySQL v 5.5.xxxx.

I love Oxide above all others because of its clean uncluttered look on the front pages. Prestashop etc, are too expensive for me. I dread the thought of having to switch to VirtueMart but that will have to be my “Plan C.”

I am on this Oxide problem like a pitbull because I wish for it so badly to work. Thank you again so much Hebsacker and Earlybird for your help.

Also, because the back end now rejects my password, I went into phpMyAdmin oxuser table and plugged in my raw password into the oxpassword row, the selected “MD5” from the drop down before clicking on "Go.’ I still cannot log into the back end.

Do I understand correctly in that the password salt is created automatically when I MD5 hash the password?

Also looking ahead, will I have problems getting PayPal, USPS, USP, and FedEx to work with this version of oxide?

Thank you guys again, I will keep you posted.

Ray

OK, my host imported my BU Db again. I did the password renewal from the front end. As long as I do not breathe heavy, this house of cards should stand.

My host is still “looking into it in more detail.” Hopefully they will discover why I cannot import. I am going to start adding images that were lost and that should keep me busy for awhile.

Will keep you posted.

Ray

about the “problem” with MySQL 5.5 - it is just a minor issue about possibly different collations for OXPASSWORD & OXPASSSALT which then ends up in an error when logging in

It can be solved easily with those codelines mentioned here:

https://gn2hosting.zendesk.com/entries/22981248-Loginprobleme-in-den-Admin-bei-Verwendung-von-MySQL-5-5

That’s interesting Hebsacker. Sounds similar to what I am experiencing with MySQL v.5.1. Thanks for the fix link.

My host is still “looking into it in more detail” before they get back to me. Perhaps they do not realize it but every time they say that to me, they never get back to me. I will bug them again tomorrow.

Today I have added photos and logo images. All went well (am knocking on wood here). Will keep you up to date.

Ray

My host looked into it in detail and provided me with the following response: As I am on a shared hosting plan, I cannot be given “Super privileges.” They suggest I get a VPS plan. So, after years of being able to restore my own database, I now have to request the host to do so. I will bet you they will start charging for that too real soon. This is a good example of how a few bad apples ruin it for the rest of us.

I checked on my other host and I also get the same error upon attempting to import my Db B-U. As long as I stay away from the NA-Shop module and do not try to save anything related to that in my Db, my store should not break. We shall see.

There goes this saga to its conclusion.

Thank you again for all your suggestions that worked to restore my shop.

Cheers,

Ray