Guest Posted June 24, 2004 Posted June 24, 2004 Hi all, Where can I reset or even check teh user password? I have looked around for it for about 2 hours now, but allas I cannot find it. Who can help me out on this one. Happy
Guest Posted June 26, 2004 Posted June 26, 2004 Hi, Every user will have to choose a loginname and password to get access to order. What if a user forgets it's password. How can the admin remove the password or reset it or change it. Happy
Guest Posted June 26, 2004 Posted June 26, 2004 Well as far as i can see the users password is stored as a value that you will NOT beable to "Decrypt" or even read. I cant remember the name of this method. but the encryption only is one way so that it happens when the user adds it when registering. They can request a new password if they forget it. This will not be the same as the one they use currently. My next question is why do you need to read your users passwords? James
Guest Posted June 26, 2004 Posted June 26, 2004 The user can request a password if they forget it on the Login Page
♥ecartz Posted June 26, 2004 Posted June 26, 2004 It uses MD5 to do a one way hash. The only way to decrypt the password is to brute force encrypt passwords until you find one that matches. The Forgotten Password (www.domain.com/password_forgotten.php) link resets the password. While you can do this for the customers, it isn't necessary, as they can do it for themselves. Hth, Matt Always back up before making changes.
Guest Posted June 26, 2004 Posted June 26, 2004 Thanx you guys, That's all i needed to know. Happy (ps This topic can be locked)
Guest Posted August 5, 2004 Posted August 5, 2004 I have multiple complaints with OSC 2.2 that the passwords are failing to work, then the new ones sent fail to work. There should be an option to turn off the encryption but now I have to slog through about 7 pages of code to hack together a way to not use the encryption for newly generated accounts, all the while maintaining backward compatibility and dealing with the fallout....
Guest Posted August 5, 2004 Posted August 5, 2004 I have tested and confirmed that changing the email of the customer (even capitalization) makes the password invalid. I still can't figure out why emailed random passwords are invalid.
JOyRide Posted March 24, 2006 Posted March 24, 2006 ARGH! I'm upgarding from a 2002 version and this issue STILL exist over 4 years later?!?!? Every once in a while I get a user saying the reset pw doesn't work - usually I copy a known encrypted one into the DB and they're ok.. But, just how many moved on to another shop? I guess I wish I kept my list of bugs back then, because it looks like I may be recreating that very same list.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.