For whatever reason the password for my admin account stopped working. I am presently developing on this server and hadn’t yet configured email (might have helped with password reset). If anyone has a theory as to why my password suddenly stopped working, please let me know. It’s possible that I was hacked, and I will continue to investigate that, but other than the password not working I do not see any other signs of unauthorized access. My site is accessible to the public but google hasn’t indexed it yet and I don’t have any customers on it. A targeted attack is very unlikely. A random script attack is possible, but if so then I have concerns with the security of CS Cart? I am running the latest copy of Ubuntu (as of July 1 2023) with a fully updated LAMP install. CS Cart 4.16.2.
Posting this here for anyone that might happen to need this in the future.
Private server - Full admin - No GUI Tools
Note: Some of these commands are for validation and can be skipped if you are comfortable with MySQL.
Step 1: Reset MySQL Root Password (only if necessary)
Check MySQL Version
$ mysql --version
Stop MySQL
$ sudo systemctl stop mysql.service
Check MySQL Status
$ sudo systemctl status mysql.service
Confirm - Active: inactive (dead)
Skipping Networking and Grant Tables
$ sudo systemctl set-environment MYSQLD_OPTS=“–skip-networking --skip-grant-tables”
Start MySQL service
$ sudo systemctl start mysql.service
Check MySQL status
$ sudo systemctl status mysql.service
Confirm - Active: active (running)
Log in to MySQL
$ sudo mysql -u root
Flush Privileges
mysql> flush privileges;
Choose MySQL database
mysql> USE mysql
Change MySQL root password
mysql> ALTER USER ‘root’@‘localhost’ IDENTIFIED BY ‘new_password’;
Note: This is a plain text password. Do not hash this one.
Exit MySQL
quit;
Reverting Database to its normal settings
$ sudo systemctl unset-environment MYSQLD_OPTS
$ sudo systemctl revert mysql
Kill MySQL process
$ sudo killall -u mysql
Restart MySQL service
$ sudo systemctl restart mysql.service
Log in to MySQL
$ sudo mysql -u root -p
Step 2: Reset CS Cart Admin Password
Go here and generate a MD5 hash for your new password: https://www.md5.cz/
If you are not already logged into MySQL then login.
$ sudo mysql -u root -p
View your databases
mysql> show databases;
You should see the CS Cart DB that you created during CS Cart install.
Attach to this DB
mysql> use your-cscart-db
If you are interested… view the cs cart users schema (i think that’s what it’s called)
mysql> DESCRIBE cscart_users
This is not necessary, but will confirm that you are in the right place. You should see a table with the following headers “Field”, “Type”, “Null”, “Key”, “Default”, “Extra”.
View the users
mysql> SELECT * FROM cscart_users;
The output is wide and difficult to read in a terminal. I suggest copying the output from this command to a text editor (or something similar) that allows for an infinite width. You can then see your starting point.
You are looking for:
user_id = 1
password = afsdqk455iuetrhsaiusgfhw984qtru9udfgd
(that’s not my password, that’s just random banging on the keyboard)
** Update your password **
mysql> UPDATE cscart_users SET password=‘insert-your-md5-hashed-pw-here’, salt = ‘’ WHERE user_id=‘1’;
Note: the syntax above uses the ’ symbol. Where it appears as ‘’ this is ‘+’ with no space between. It is not a “quote”.
That’s it. All fixed. You can log in now.
Hopefully that helps one person sometime in the future.