Ability to Reset ROOT password to access Admin Console

5 views
Skip to first unread message

Dmitry A.

unread,
Jan 29, 2010, 1:12:18 PM1/29/10
to In-Portal Development Team
Hey guys,


I think it's time to think and implement the ability to reset ROOT
password by email or something else.

We are coming across this issue from time to time. I know can change
it by hand directly in DB, but it's not the easiest way for users so
we should come up with easy and save way of doing it.

My proposal is:

When DBG_RESET_ROOT option is enabled (new - needs to be added) we can
show additional Link right below Login form which will email the
password to website administrator (email specified as main email
address for the website).

Since password for ROOT user is not lost on a daily basis this should
do the work.


Let me know your thoughts.


DA.

Alexander Obuhovich

unread,
Jan 29, 2010, 1:18:38 PM1/29/10
to in-por...@googlegroups.com
This is forgot password functionality in administrative console? Is this even possible. Where should we navigate user to get it's confirmation about password reset for his account. The only security check we could implement is to check, that whoever is trying to reset root's password have write access to webserver (no only "/system" folder of course). Maybe we need to create file: "/tools/reset_root_password.php" with "die()" in it's beginning. When user edits file and comment's out die() then invocation of this file will lead to random root password generation. This password then will be automatically sent to administrator's email. User then must manually place "die()" back or everyone can reset root's password from time to time.


--
You received this message because you are subscribed to the Google Groups "In-Portal Development Team" group.
To post to this group, send email to in-por...@googlegroups.com.
To unsubscribe from this group, send email to in-portal-de...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/in-portal-dev?hl=en.




--
Best Regards,

http://www.in-portal.com
http://www.alex-time.com

Dmitry A.

unread,
Jan 29, 2010, 1:36:37 PM1/29/10
to In-Portal Development Team
Yes, I don't see why can't be possible. Either case will work:


1. DBG option with link below the Login to auto-generate and email new
password

2. another script under tools/ folder.


I personally like 1st one more...


Thanks.

> > in-portal-de...@googlegroups.com<in-portal-dev%2Bunsubscribe@goog legroups.com>

Phil

unread,
Jan 30, 2010, 4:21:24 AM1/30/10
to In-Portal Development Team
Hi !

I also vote for 1st option, as any file named "reset_something" is
dangerous when there's an unauthorized access to server. The more the
function is difficult to use, the better it'll be, as Dima says it's
not intended to be use daily :)

P.

Dmitry A.

unread,
Feb 6, 2010, 1:44:54 PM2/6/10
to In-Portal Development Team
Hi guys,


Let's finalize this and file a feature request in Issue Tracker so it
can be planned out.

Thanks.

Alexander Obuhovich

unread,
Mar 27, 2010, 6:14:46 PM3/27/10
to in-por...@googlegroups.com
Here is the task: http://tracker.in-portal.org/view.php?id=657

To unsubscribe from this group, send email to in-portal-de...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/in-portal-dev?hl=en.

Dmitry A.

unread,
Dec 15, 2011, 6:09:32 PM12/15/11
to in-por...@googlegroups.com
By the way this task has been completed in 5.2.0

DA

Phil -- wbtc.fr --

unread,
Dec 16, 2011, 8:08:43 AM12/16/11
to in-por...@googlegroups.com
great !

2011/12/16 Dmitry A. <dand...@gmail.com>
Reply all
Reply to author
Forward
0 new messages