Page 1 of 1

Password Recovery

PostPosted: Thu Apr 02, 2009 7:29 pm
by xzjia
I was messing around my multiple PivotX test installations when I had some trouble remembering the password for one of them.

So I went to the login screen and looked around and basically there's no way to either recover or reset my password.

I went to the forum and searched and seems another guy got his password back by somehow decipher his MD5 hash + salt.

Thankfully I remembered my password finally and the installation is only a test, but definitely a solution not involving complex math should be in order.

Did I somehow miss the option to get back lost password? If not then this is a serious issue that should be addressed.

EDIT:

I tried something, and it solved the problem partially - by deleting the ser_users.php the weblog would prompt the creation of new user (the new Superadmin) and lets you log back into the system. However this erases ALL user, something certainly not good for systems with multiple users.

Re: Password Recovery

PostPosted: Fri Apr 03, 2009 8:46 am
by hansfn
FYI: The code for the "lost password" feature is already implemented for visitors so it will be added for regular users before PivotX 2.0 is released.
... guy got his password back by somehow decipher his MD5 hash + salt.

Just for the record, what you do is to choose a new salt and password, then calculate the value you should put in ser_users.php. There is no way to decipher anything.

Re: Password Recovery

PostPosted: Fri Apr 03, 2009 12:45 pm
by xzjia
Sounds good.

Re: Password Recovery

PostPosted: Sat May 02, 2009 8:20 am
by hansfn
Just for the record: Password recovery/Lost password feature has been added - just wait for the next release (PivotX 2.0 RC 2) or grab the latest version from SVN.