Admin Password Reset

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
5/7/2009 4:18:25 PM
sb5917
Gravatar
Total Posts 12
View Posts

Admin Password Reset

I'm just getting to grips with mojoPortal but the admin password to my first site isn't working. I'm not sure why but what is the easiest way to reset an admin password on a new site.  The reset password function says the address I registered isn't.

p.s. a search function in the forums would be useful.

Simon

5/7/2009 4:35:13 PM
scrailsabck
Gravatar
Total Posts 42
View Posts

Re: Admin Password Reset

Hi Simon

Here's what I've done before. In VS open the mp_Sites table in VS. Set UserEmailForLogin to True and PasswordFormat to 0. Open mp_Users table and find the admin user (should be the first record). Enter "admin@admin.com" for Email, "admin" for LoginName, and "admin" for Password. Then try logging in as admin.

 

5/7/2009 4:47:14 PM
sb5917
Gravatar
Total Posts 12
View Posts

Re: Admin Password Reset

Thanks for that - I managed to work out what the password was in the end. Turns out I was using the wrong username.

What a great first post.

D'oh

Simon

5/8/2009 7:03:33 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Admin Password Reset

Actually this thread made me realize there is a usability issue here that needs to be fixed. The problem is that recently I changed the default password format for the initial site from clear text to hashed. The problem with hashed is that it cannot really be recovered because it can't be decrypted. So when the password recovery is used with hashed passwords it generates a new random password and resets to this password then sends it in an email to the user. But in a new installation if smtp settings are not yet configured the email will not be received and now the password is unknown, or if the user did not change the admin@admin.com to a real email it will also not be received and therefore now the password is unknown and not  possible to decrypt it. In this case Steve's suggestion is the way to get back in.

The long term solution is to change the password recovery for hashed so it does not reset the password right away but instead sends a link to the email address to confirm the reset so it will reset only if the user clicks the mailed link. This will prevent the password from becoming an unknown hashed value.

For the short term solution I'm going to change the default format to encrypted for the initial site in the next release.

Thanks,

Joe

You must sign in to post in the forums. This thread is closed to new posts.