Pages: 1
Hello,
I have 1 browser tab with an admin login to my website working with a password saved by Firefox. Trying to login as admin in another tab always results in "You are not authorised to access the requested page"
"Forgotten your password?" link takes one to http://fractasia.com/password.php:
Please enter your username or email address. You will receive a link to create a new password via email.
Tried user id and email address, hit "change my password" and no email ever arrives (and I have checked spam).
Just to make sure I had the right email and user ID, I checked mysql from dreamhost:
ssh ME@fractasia.com
mysql -h zahradka.mandoline.dreamhost.com -u fractasiacom1 -pYYY fractasia_com_1
mysql> update piwigo_users set password=PASSWORD("__ZZZ__') where username='guest';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> select * from piwigo_users ;
+----+------------+-------------------------------------------+------------------------------+
| id | username | password | mail_address |
+----+------------+-------------------------------------------+------------------------------+
| 1 | brianpb007 | *xxx | __my_working_email_@gmail.com |
| 2 | guest | *xxx | NULL | [[ "*xxx" matches both users, but is NOT real password ]]
I changed the password for user=GUEST to my known password and it hashes out to the same thing verifying that my password is correct.
Now, trying to reset a password on the Piwigo php web page with either my verified password or userid gives "Invalid username or email"
If I close this browser, I will not be able to login again. I can't change the password as ADMIN as the database password does not work.
What happened?
Dreamhost says:
It may be related to the browser or an issue with the configuration.
Troubleshooting it for you is outside the scope of our support. I'm
sorry about that. I recommend to check the forum for further assistance
here: http://piwigo.org/forum/ . Thanks again, Tony
This all started when dreamhost overwrote my Piwigo site with a default, generic new version of wordpress. Their restore restored the password to one a few versions old. The password has been weird ever since.
What can I do while I still have 1 admin login to fix this password snafu?
Thx,
Brian
Offline
Hello
i don't understand at all what you did and mostly why you did it
1- check your server logs about the email (postfix etc)
2- in the DB, change the password to the md5 version of it, then login and Piwigo convert it to the hash+salt
Offline
>> i don't understand at all what you did
Asked for password reset. Hacked password via db when email never came. What is method C?
>> and mostly why you did it
Reason obvious, unable to login to 2nd piwigo admin session with the same uid and password saved by (Weird!).
Rebooted my workstation, auto-login to Piwigo/admin worked fine. Tried second window, same workstation, same browser, same boot -- you are not authorized << How is this even possible? If I copied the URL to another tab, it worked there. Would not survive a reboot (kernel update) or work on another machine.
The email in piwigo_users is valid but never got any email. Since it is a google address, it is unlikely that the error is there.
A robust design would
- check that postfix is both installed and running || Error("Tell bonehead sys admin to install/start postfix")
- check for a bounce
- implement a read receipt to verify that it is not lost in the Luminiferous Aether
- copy the sysadmin on a known good email so a person can see if dozens pile up from the same user
- have some type of feedback and error checking which differentiates a CONTROL SYSTEM from a HOPE SYSTEM
It is not the 99% of cars which don't explode which prove high quality, it is the 1% which detonate upon rear impact which illustrate the design flaw.
The MD5() hashing worked.
Thanks!
Offline
that's server administration and NOT website management. Piwigo and any cms has cannot technically do what you are asking
Offline
Pages: 1