Password Reset not functioning
Permalink 4 users found helpful
I have lost my log in info for my C5 site. I choose, "Reset my password" and enter in my email... I know it's the correct email because it is the only one that the form will accept and I don't have another email that I would use for this purpose (one email to rule all my different websites' needs).
I get no response my email account. It's a gmail account... and I have checked the spam folder multiple times.
Any ideas? I am not a coder... so layman's terms please. Seems like the reset pass automated response is not functioning.
Cheers!
I get no response my email account. It's a gmail account... and I have checked the spam folder multiple times.
Any ideas? I am not a coder... so layman's terms please. Seems like the reset pass automated response is not functioning.
Cheers!
If you look at the Logs table of your database with PhpMyAdmin you can read the message and get the link to reset your password and get back into your site. Once you get back in you should check your Mail/SMTP settings on the site to be sure your are sending mail OK.
Interesting and helpful script James but if some other user hits your site before you do, they will now know your username and password, (albeit a temporary password). Is there a way to use your script by hitting a specific URL such aswww.www.yoursite.com/reset_password.php... where reset_password.php contains your script?
Come to think of it, why not just put this in the script so the site acts normally but your password is reset until you remove site_post.php:
Come to think of it, why not just put this in the script so the site acts normally but your password is reset until you remove site_post.php:
<?php /** * This script will reset your admin password to "password" * It should be named site_post.php and placed at [your web root]/config/site_post.php * After it's been copied, load your website, and your admin password will be reset * **** REMEMBER TO DELETE THIS FILE AFTERWARDS, OR YOUR PASSWORD WILL BE CONSTANTLY RESET ***** * Enjoy. james@jamesshannon.com */ $ui = UserInfo::getByID(USER_SUPER_ID); $ui->changePassword('password'); ?>
Yes, you're right. I usually have to use this for my dev sites or sites that I'm just setting up and haven't hit full-production stride, so haven't really been concerned about that. Also, nobody can log in until it's removed, so that affords a bit more protection.
Your suggestion would be possible as a tool. Otherwise it wouldn't get run as part of the c5 environment.
Probably easier would be to keep it as-is, but force it to require a querystring (if (isset$_GET['reset'])) { } else { die;}) -- or just not show the password.
James
Your suggestion would be possible as a tool. Otherwise it wouldn't get run as part of the c5 environment.
Probably easier would be to keep it as-is, but force it to require a querystring (if (isset$_GET['reset'])) { } else { die;}) -- or just not show the password.
James
I was editing my response above while you were crafting your reply. I have tried cutting out the password echo and it works great. I think I might use it sometime. So simple. Thanks!
Also, just for the sake of getting in the last word ( ;) ), I wanted to "force" the person to remove it (with the die;), because I think a lot of people will otherwise "forget", until they change they get around to updating their password later and can't figure out why it keeps changing back.
Or, you could just put this in config/site.php:
No additional file to create or remember to cleanup.
Sorry about the last word thing :)
John
/*
// uncomment this section to change the 'password' below:
$ui = UserInfo::getByID(USER_SUPER_ID);
$ui->changePassword('U-want-2-guess-this?');
die('You must edit config/site.php to continue!')
*/No additional file to create or remember to cleanup.
Sorry about the last word thing :)
John
Ooh this is really good because there are certain things only the super admin can do that regular admins can't. Great info!
I just saw this the other day as another way to do it:
http://concrete5tricks.com/index.php?cID=170...
http://concrete5tricks.com/index.php?cID=170...
And another thing - sometimes the email just doesn't send. If you check the logs table in the database, it might have the text of the email that it tried to send, so you can get the reset url.
Very true. If you have access to the MySQL server it can be the fastest way to fix some things. I dig http://www.heidisql.com/ for Windows, or MySQL Workbench for other platforms
I would change the MySQL UPDATE though, to:
I don't think it's a Good Idea(tm) to keep the default 'admin' as the super user name :)
I would change the MySQL UPDATE though, to:
UPDATE Users SET uPassword = md5('newpassword:PASSWORD_SALT') WHERE uID=1; # uName = 'admin';
I don't think it's a Good Idea(tm) to keep the default 'admin' as the super user name :)
_Technically_ the user ID of one doesn't have to be the superadmin user. There's a USER_SUPER_ID constant that you can set to change it to another user...
Don't think I know of anyone that's done that, but you _could_ if you wanted...
Don't think I know of anyone that's done that, but you _could_ if you wanted...
Yeah, but I bet there's still code out there that uses 1 :-P
The snipped above in config/site.php will work in any case, and probably easier for most...
The snipped above in config/site.php will work in any case, and probably easier for most...
Another good option for this situation is Concrete5 Instant Admin athttp://forestmist.org/2012/07/concrete5-instant-admin/...
Creates a new admin account without revealing a password. You simply set your password ahead of time in one file, upload it to your server and then then view the Concrete5 Instant Admin page in your browser.
Obviously it would be a good idea to remove said file once you can login as an admin again. No worries though since it never reveals your password. :)
Creates a new admin account without revealing a password. You simply set your password ahead of time in one file, upload it to your server and then then view the Concrete5 Instant Admin page in your browser.
Obviously it would be a good idea to remove said file once you can login as an admin again. No worries though since it never reveals your password. :)
Cool solution.
Note, though, that there seems to be a c5 bug where access is removed from the dashboard for all users. (Somebody told me about this, and I just found a customer that this happened to without them (purposefully) doing anything. )
This means that even someone in the admin group won't be able to access any dashboard pages. The only reason the actual admin can is because c5 treats userid 1 specially.
Something to keep in mind if you try this an it doesn't work....
Best,
James SHANNON
Sent from my phone
Note, though, that there seems to be a c5 bug where access is removed from the dashboard for all users. (Somebody told me about this, and I just found a customer that this happened to without them (purposefully) doing anything. )
This means that even someone in the admin group won't be able to access any dashboard pages. The only reason the actual admin can is because c5 treats userid 1 specially.
Something to keep in mind if you try this an it doesn't work....
Best,
James SHANNON
Sent from my phone
Ahh, good to know. Thanks James!
wow, after a day of searching somebody told me this link.
and it works great.
thank you very much
and it works great.
thank you very much
The script site_post.php works! Thank you very much!
This is just a copy of the script(put site_post.php at {home}/config):
<?php
/**
* This script will reset your admin password to "password"
* It should be named site_post.php and placed at [your web root]/config/site_post.php
* After it's been copied, load your website, and your admin password will be reset
* **** REMEMBER TO DELETE THIS FILE AFTERWARDS, OR YOUR PASSWORD WILL BE CONSTANTLY RESET *****
* Enjoy. james@jamesshannon.com
*/
$ui = UserInfo::getByID(USER_SUPER_ID);
$ui->changePassword('password');
echo "Your admin password was updated. Remove the file located at config/site_post.php and log in with the following credentials:<br />";
if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
echo "Email Address: " . $ui->getUserEmail();
} else {
echo "Username: " . $ui->getUserName();
}
echo "<br />Password: password";
die;
This is just a copy of the script(put site_post.php at {home}/config):
<?php
/**
* This script will reset your admin password to "password"
* It should be named site_post.php and placed at [your web root]/config/site_post.php
* After it's been copied, load your website, and your admin password will be reset
* **** REMEMBER TO DELETE THIS FILE AFTERWARDS, OR YOUR PASSWORD WILL BE CONSTANTLY RESET *****
* Enjoy. james@jamesshannon.com
*/
$ui = UserInfo::getByID(USER_SUPER_ID);
$ui->changePassword('password');
echo "Your admin password was updated. Remove the file located at config/site_post.php and log in with the following credentials:<br />";
if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
echo "Email Address: " . $ui->getUserEmail();
} else {
echo "Username: " . $ui->getUserName();
}
echo "<br />Password: password";
die;
well, its may 2014 and I have the exact same problem than u did 2 years ago. also with gmail (spam?)
no emails coming with the password reset, and NO, Im not a coder...
NB: I actually DO remembe the password but the systme wont accept it. so wht can I do? unsitall concrete and go for joomla?
no emails coming with the password reset, and NO, Im not a coder...
NB: I actually DO remembe the password but the systme wont accept it. so wht can I do? unsitall concrete and go for joomla?
Click on 'forget my password' button again and write your email. Then go to the Logs table via phpmyadmin, and then copy the http URL in the last record. Paste that URL in your browser and you got it
Now you have time to find out why emails are not working
Now you have time to find out why emails are not working
