Password Reset not functioning

Permalink 4 users found helpful
I have lost my log in info for my C5 site. I choose, "Reset my password" and enter in my email... I know it's the correct email because it is the only one that the form will accept and I don't have another email that I would use for this purpose (one email to rule all my different websites' needs).

I get no response my email account. It's a gmail account... and I have checked the spam folder multiple times.

Any ideas? I am not a coder... so layman's terms please. Seems like the reset pass automated response is not functioning.

Cheers!

Althea999
View Replies:
pvernaglia replied on at Permalink Reply
pvernaglia
If you look at the Logs table of your database with PhpMyAdmin you can read the message and get the link to reset your password and get back into your site. Once you get back in you should check your Mail/SMTP settings on the site to be sure your are sending mail OK.
jshannon replied on at Permalink Reply
jshannon
Alternatively, you can use this script:

https://gist.github.com/2993547...

James
mhawke replied on at Permalink Reply
mhawke
Interesting and helpful script James but if some other user hits your site before you do, they will now know your username and password, (albeit a temporary password). Is there a way to use your script by hitting a specific URL such aswww.www.yoursite.com/reset_password.php... where reset_password.php contains your script?

Come to think of it, why not just put this in the script so the site acts normally but your password is reset until you remove site_post.php:

<?php
/**
 * This script will reset your admin password to "password"
 * It should be named site_post.php and placed at [your web root]/config/site_post.php
 * After it's been copied, load your website, and your admin password will be reset
 * **** REMEMBER TO DELETE THIS FILE AFTERWARDS, OR YOUR PASSWORD WILL BE CONSTANTLY RESET *****
 * Enjoy. [email protected]
 */
$ui = UserInfo::getByID(USER_SUPER_ID);
$ui->changePassword('password');
?>
jshannon replied on at Permalink Reply
jshannon
Yes, you're right. I usually have to use this for my dev sites or sites that I'm just setting up and haven't hit full-production stride, so haven't really been concerned about that. Also, nobody can log in until it's removed, so that affords a bit more protection.

Your suggestion would be possible as a tool. Otherwise it wouldn't get run as part of the c5 environment.

Probably easier would be to keep it as-is, but force it to require a querystring (if (isset$_GET['reset'])) { } else { die;}) -- or just not show the password.

James
mhawke replied on at Permalink Reply
mhawke
I was editing my response above while you were crafting your reply. I have tried cutting out the password echo and it works great. I think I might use it sometime. So simple. Thanks!
jshannon replied on at Permalink Reply
jshannon
Also, just for the sake of getting in the last word ( ;) ), I wanted to "force" the person to remove it (with the die;), because I think a lot of people will otherwise "forget", until they change they get around to updating their password later and can't figure out why it keeps changing back.
jasteele12 replied on at Permalink Reply
jasteele12
Or, you could just put this in config/site.php:

/*
  // uncomment this section to change the 'password' below:
$ui = UserInfo::getByID(USER_SUPER_ID);
$ui->changePassword('U-want-2-guess-this?');
die('You must edit config/site.php to continue!')
*/


No additional file to create or remember to cleanup.

Sorry about the last word thing :)

John
AccountDisabled replied on at Permalink Reply
Ooh this is really good because there are certain things only the super admin can do that regular admins can't. Great info!
hereNT replied on at Permalink Reply
hereNT
I just saw this the other day as another way to do it:

http://concrete5tricks.com/index.php?cID=170...
hereNT replied on at Permalink Reply
hereNT
And another thing - sometimes the email just doesn't send. If you check the logs table in the database, it might have the text of the email that it tried to send, so you can get the reset url.
jasteele12 replied on at Permalink Reply
jasteele12
Very true. If you have access to the MySQL server it can be the fastest way to fix some things. I dig http://www.heidisql.com/ for Windows, or MySQL Workbench for other platforms

I would change the MySQL UPDATE though, to:

UPDATE Users SET uPassword = md5('newpassword:PASSWORD_SALT') WHERE uID=1;
  # uName = 'admin';


I don't think it's a Good Idea(tm) to keep the default 'admin' as the super user name :)
hereNT replied on at Permalink Reply
hereNT
_Technically_ the user ID of one doesn't have to be the superadmin user. There's a USER_SUPER_ID constant that you can set to change it to another user...

Don't think I know of anyone that's done that, but you _could_ if you wanted...
jasteele12 replied on at Permalink Reply
jasteele12
Yeah, but I bet there's still code out there that uses 1 :-P

The snipped above in config/site.php will work in any case, and probably easier for most...
AccountDisabled replied on at Permalink Reply
Another good option for this situation is Concrete5 Instant Admin athttp://forestmist.org/2012/07/concrete5-instant-admin/...

Creates a new admin account without revealing a password. You simply set your password ahead of time in one file, upload it to your server and then then view the Concrete5 Instant Admin page in your browser.

Obviously it would be a good idea to remove said file once you can login as an admin again. No worries though since it never reveals your password. :)
jshannon replied on at Permalink Reply
jshannon
Cool solution.

Note, though, that there seems to be a c5 bug where access is removed from the dashboard for all users. (Somebody told me about this, and I just found a customer that this happened to without them (purposefully) doing anything. )

This means that even someone in the admin group won't be able to access any dashboard pages. The only reason the actual admin can is because c5 treats userid 1 specially.

Something to keep in mind if you try this an it doesn't work....

Best,
James SHANNON

Sent from my phone
AccountDisabled replied on at Permalink Reply
Ahh, good to know. Thanks James!
Sjonnies1256 replied on at Permalink Reply
wow, after a day of searching somebody told me this link.
and it works great.

thank you very much
gocabraless replied on at Permalink Reply
gocabraless
The script site_post.php works! Thank you very much!
This is just a copy of the script(put site_post.php at {home}/config):

<?php
/**
* This script will reset your admin password to "password"
* It should be named site_post.php and placed at [your web root]/config/site_post.php
* After it's been copied, load your website, and your admin password will be reset
* **** REMEMBER TO DELETE THIS FILE AFTERWARDS, OR YOUR PASSWORD WILL BE CONSTANTLY RESET *****
* Enjoy. [email protected]
*/

$ui = UserInfo::getByID(USER_SUPER_ID);
$ui->changePassword('password');

echo "Your admin password was updated. Remove the file located at config/site_post.php and log in with the following credentials:<br />";
if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
echo "Email Address: " . $ui->getUserEmail();
} else {
echo "Username: " . $ui->getUserName();
}

echo "<br />Password: password";
die;
miguelares replied on at Permalink Reply
well, its may 2014 and I have the exact same problem than u did 2 years ago. also with gmail (spam?)
no emails coming with the password reset, and NO, Im not a coder...
NB: I actually DO remembe the password but the systme wont accept it. so wht can I do? unsitall concrete and go for joomla?
Arequal replied on at Permalink Reply
Arequal
Click on 'forget my password' button again and write your email. Then go to the Logs table via phpmyadmin, and then copy the http URL in the last record. Paste that URL in your browser and you got it

Now you have time to find out why emails are not working