Re: Lost password - cant receive reset email
Reply #1 –
Do you have access to the database? If so, register a second account. In the database make it a member of group 1. This gives it admin privileges. Then use that account to reset your other account. Finally, do whatever you like with the second account. Keep it as an admin, delete it, or whatever. I like having a second account on my forums for testing purposes. It can assigned to various membergroups so you can see precisely what they see. Great for troubleshooting permissions issues, etc.
Re: Lost password - cant receive reset email
Reply #2 –
Thanks badmonkey. May try that as a last resort. I do have full access to cPanel and DB. Thought there was a place in phpMyAdmin where I could go in and reset it. Or a config file.
Re: Lost password - cant receive reset email
Reply #4 –
OK, maybe I'll give that a try.
Re: Lost password - cant receive reset email
Reply #5 –
Hi and welcome.
Another way is to go to the members table in phpmyadmin, find your nick, edit the password_salt field, remove the value (leave it empty), in the same way change the field passwd to whatever password you want, and then login with it.
Thinking about it, this is (still) a potential surface of attack, I feel we should consider removing this "goodie".
Re: Lost password - cant receive reset email
Reply #7 –
That's not the whole picture.
Re: Lost password - cant receive reset email
Reply #8 –
You could also edit other people's passwords? You can do it anyway... :/
Tell me that "whole picture" then, if it's not what you mean.
Re: Lost password - cant receive reset email
Reply #9 –
For the moment it's enough that I and a handful of people with good eye for security know the whole picture.
It's not particularly wise to publicly disclose surfaces of attack even if are rather narrow and require quite a bit of things to happen at once.
Re: Lost password - cant receive reset email
Reply #10 –
Thanks everyone for the suggestions. Since its a brand new forum I made, (no members yet) and I really don't know phpMyAdmin enough to be fooling around there, I just deleted the DB and install and recreated the forum. I sure don't want to give hackers any help on attacking ElkArte, so DO feel free to delete this thread if you think its a good idea to do so Emanuele, or if I can delete my own thread, I will if you want me to. Will leave it up to you all...