poMMo icon indicating copy to clipboard operation
poMMo copied to clipboard

Published 20 hours ago verified publisher icon soonick

No longer change Admin Password.

Open DolphinTechs opened this issue 11 years ago • 6 comments

Not sure how long ago this option was removed but you can no longer edit the admin or any other users password.

setup_configure.php / users tab used to display:

Administrator Username Administrator Password Verify Password

Am i missing some fields or an edit link next New and Delete on this page ? Have a quick fix to add those fields back above Administrator Email ?

Thanks, Jason

DolphinTechs avatar Jan 25 '14 17:01 DolphinTechs

Hey Jason,

Sorry about that. I didn't notice that I broke the change password functionality. As a walk around you can go to setup > configure, and in the users tab you can create a new user, then delete admin and then create admin again.

soonick avatar Jan 26 '14 00:01 soonick

Thanks that's what i was thinking as well...

In themes/default/admin/setup/config/users.php

I added:

Above Admin email then added below admin email:

Then in ajax/users.php i added:

'admin_password', 'admin_password2',

Under:

$dbVals = Pommo_Api::configGet(array( 'admin_username',

Now i have all the fields back in place and they return the right values for username, email, and password from the database.... Problem is when i click update the password gets saved as plain text in the database so i have to find a way to call the sha1 routine for the password field...

I still think the better way to go here is to add an edit link next to "new" and "delete" links.

DolphinTechs avatar Jan 26 '14 17:01 DolphinTechs

Not sure if you get to see the extra code in the post or not... if not let me know.

DolphinTechs avatar Jan 26 '14 17:01 DolphinTechs

You can call sha1() from php or mysql, they both have a sha1 function.

And you are right, we definitely need to add an edit button. This ticket will remain open until we do.

soonick avatar Jan 28 '14 05:01 soonick

Any developments on the admin password? I have just reinstalled Pommo using your modified version for a very happy user. But we set it up with their old and very insecure password (you can probably guess what it is!) and now can't change it. I tried creating alternative admin users (with decent passwords) to see if we could then remove and recreate an 'admin' but Pommo doesn't seem to let me delete any users once created. Can we delve into the database and hack this or should we leave well alone? Having just got it set up for them I am reluctant to trash the whole installation and start again but am concerned about admin password security. Any thoughts? PS Greatly appreciate having this nice simple mailing tool back with us... congrats on doing that!

johnwallett avatar Aug 17 '14 12:08 johnwallett

Hello @johnwallett,

You should be able to add a new admin user and delete the old one. If that doesn't work you can go directly to the database and modify the password, just make sure to run SHA1 against whatever password you want.

soonick avatar Aug 21 '14 21:08 soonick