Child pages
  • Ability to Reset ROOT password to access Admin Console
Skip to end of metadata
Go to start of metadata

Imported From: http://groups.google.com/group/in-portal-dev/browse_thread/thread/09d3a9f7e8a0e070#

I think it's time to think and implement the ability to reset ROOT password by email or something else.

We are coming across this issue from time to time. I know can change it by hand directly in DB, but it's not the easiest way for users so we should come up with easy and save way of doing it.

My proposal is:

When DBG_RESET_ROOT option is enabled (new - needs to be added) we can show additional Link right below Login form which will email the password to website administrator (email specified as main email address for the website). Since password for ROOT user is not lost on a daily basis this should do the work. 

Related Tasks

INP-519 - Getting issue details... STATUS

7 Comments

  1. This is forgot password functionality in administrative console? Is this
    even possible. Where should we navigate user to get it's confirmation about
    password reset for his account. The only security check we could implement
    is to check, that whoever is trying to reset root's password have write
    access to webserver (no only "/system" folder of course). Maybe we need to
    create file: "/tools/reset_root_password.php" with "die()" in it's
    beginning. When user edits file and comment's out die() then invocation of
    this file will lead to random root password generation. This password then
    will be automatically sent to administrator's email. User then must manually
    place "die()" back or everyone can reset root's password from time to time.

  2. Yes, I don't see why can't be possible. Either case will work:

    1. DBG option with link below the Login to auto-generate and email new
    password

    2. another script under tools/ folder.

    I personally like 1st one more...

    Thanks.

  3. Hi !

    I also vote for 1st option, as any file named "reset_something" is
    dangerous when there's an unauthorized access to server. The more the
    function is difficult to use, the better it'll be, as Dima says it's
    not intended to be use daily :)

    P.

  4. Hi guys,

    Let's finalize this and file a feature request in Issue Tracker so it
    can be planned out.

    Thanks.

  5. Here is the task:

    INP-519 - Getting issue details... STATUS


  6. By the way this task has been completed in 5.2.0

    DA

  7. great !

    2011/12/16 Dmitry A. <dandre...@gmail.com>