Can't reset Admin password

Permalink
Although I have found lots of messages on the forums about how to reset the admin password when the user account does not receive emails, the solutions I found there do not work for me.

The commonly recommended soloution is to login as the DB admin and then use phpMyAdmin to check the "Logs" table for the message that should have been sent to reset the password.

I did that, and there are no password resetting messages in the Logs table. I know that sendmail is configured properly because there are other sent messages from Forms, but nothing as a password reset is in the Logs table.

Because I;m on version 5.6.3.1, resetting the password column using a known password for another user doesn't work either - I guess there was a change in the salting process. Which is great for security, but prevents me from accessing my site.

Ideas, anyone?

View Replies:
AndyJ replied on at Permalink Reply
Sounds like you have some issue with the reset password process where it is failing at some point before sending the email. Are there any clues in your logs to help you fix this?
glenulmer replied on at Permalink Reply
Which logs are you talking about? Sorry if that sounds clueless, but I'm not sure where C5 would leave traces.
AndyJ replied on at Permalink Reply
apologies - I meant your server logs. That's where I'd look first for any clues as to what is going on.
glenulmer replied on at Permalink Reply
Again - I don't know what I would look for or in what file(s), whether the logs belong to C5 or the webserver or anything else. If I did know where to look, and I knew what to look for, how would that help me?

Again, I already know that sendmail works at least for Forms, so I know that sendmail is not misconfigured. So finding out that sendmail doesn't work wouldn't seem to be a possibility.

Does C5 really have a system that makes it impossible for a db and/or web admin to reset a password?
AndyJ replied on at Permalink Reply
apologies I made an assumption from your post that you have more experience / knowledge than you do.

I'll attempt to continue without such assumptions:

Things I would do:

doublecheck the admin user in the database to make sure that the email address is actually correct and the one that you are expecting to receive the password reset email

check also in the database that the following fields in the config table are set to 1
ENABLE_LOG_EMAILS
ENABLE_LOG_ERRORS
SITE_DEBUG_LEVEL

if not, set them to 1 and then go back to your website's password reset form (normally index.php/login if you haven't changed it)

add your admin email address to the box marked 'Email Address'
Click 'Reset and Email Password'

What happens?

Do you get a message towards the top of the screen saying 'An email containing instructions has been sent to your account address'?

or do you see something else / nothing?

If you received the success message then check your mailbox, check spam etc.
If still nothing then go back to phpmyadmin and look in your logs table

Is there an entry at or towards the bottom of the table with the logType sent_emails that starts something like '**EMAILS ARE ENABLED"
If so click on the edit button and copy the password reset link from the field and put it in your browser.

If you received an error message when submitting the form or you have an entry in your logs table with the logType exception then there is something going wrong somewhere - the error message might help.
glenulmer replied on at Permalink Reply
Thanks for the very detailed answer - unfortunately in terms of solving this, everything looks correctly configured.

ENABLE_LOG_EMAIL, ENABLE_LOG_ERRORS, and SITE_DEBUG_LEVEL are all 1.

When I click 'Reset and Email Password' it tells me that a message has been sent to my account address. It never arrives at the inbox, Spam, Trash, or anywhere else. I scanned my filters to make sure nothing there would be deleting a message.

I have already checked the Logs table and as I said, there are no relevant entries there. (There are some entries from a "Forms" block I set up, and I know that those emails are going out successfully, but nothing else.) There are no error messages or anything about a logType exception.

So, no solution yet.

I think it's great that security is beefed up by removing the SALT from the public file, but it does seem to me like a good idea to outline a method to generate the correct hash for a password and to be able to insert it into the database. If the method would have to be used by a privileged user at the database level, it seems to me that there is no loss of security - if you have db admin privilege you can pretty much do anything to a C5 site anyway.
TShane replied on at Permalink Reply
Facing same issue..
Help appreciated.
ion replied on at Permalink Reply
ion
Hello,
Facing the same issue, and after losing time tring to fix it both on my hosting provider and C5 sides, the "forgot password" email was still not sending (but the Form emails did).
So I configured the SMTP emails in Concrete5 Dashboard instead of the default PHP email function.
I did not try to set it up with my initial @gmail.com adress (hmmm maybe it would have worked?), instead I created an address @mysite.com.
Now it works, and in my case, only with SSL authentification.
The new email address is only used for that, but at least, it works.

Hope it helps