Problem changing admin password

[elvisstuff]

Can someone let me know the file that manages the password change for the admin page? My site automatically notifies me when I need to change the password but every combination I try is rejected. The work round is to click on the lost password link and have a new password emailed to myself. Once I have the new password I can change it to one of my own choosing without any problem. I'm guessing I've got a corrupt file somewhere. If someone can let me know what that file is I'm hoping to restore it to an non- corrupted version. Thanks in advance.
I'm currently on version 1.5.1 but looking to update to 1.5.4 within the next day or two.

[DrByte]

I'm not sure I'm understanding what the problem is. You titled the post saying "problem changing admin password, but then said "I can change it to one of my own choosing without any problem".
What is the exact order of operations that consistently triggers the problem?
When did the problem first start?

[elvisstuff]

Thanks for responding, DrByte. Part of the problem is that I don't know exactly when it started. I know that I've had to use the workaround for the last three or four password changes.

What is happening is: The admin logon page notifies me that it's time to change my password. Nothing I enter into the new password boxes is accepted. I get the message telling me that the password is rejected.

So I click on the "Forgot Password" link and enter my email address. A new password is then created and sent to my email box. I can use the new site generated password to then create my own password which is then accepted and stored by the site. I can then continue as normal.

It seems like when I get the notification to change my password my current password is causing the site to reject my new one - as though my original password is wrong. However it is only wrong for this page - I have normal access to my site otherwise (until I get the message to change passwords and then access ceases as I go into the loop of having to change my password.) Like I said in my original query, I can work round it but I wondered if I could fix the problem instead. If I knew what I was looking for I could go back to my backup files and find an uncorrupted version and load that back into my site.

[DrByte]

While I understand the idea of "give me a list of files I can replace in case they're damaged", that's a weak bandage. Consider this: if someone HAS changed files related to authentication, then merely replacing them doesn't expose the actual damage done, and thus you don't know whether a malicious intruder has gained unauthorized access to your site and will simply bypass your temporary fix again, and continue doing other stuff you don't know about.

So, while replacing damaged files with good ones is indeed one step in recovering from a problem, it's not the first step. The first step should be to inspect all files on your site for unauthorized changes/deletions/removals and added files. Then with that list, decide on a proper course of action.

Further, that comparison should be done by using original Zen Cart distribution files as the base, and not merely "an old backup", especially since you said it's been going on for years.
Here's a basic guide: http://www.zen-cart.com/wiki/index.p...ing_From_Hacks

(One of the links in that guide is to: http://www.zen-cart.com/wiki/index.p...Obscure_Issues which explains the comparison process, and is the first thing I do when inspecting odd or unexplained behavior on any site I'm looking at.)

Here's a saving grace that you may find makes the whole "compare every file" idea more palatable: you want to do the same kind of comparison as part of an upgrade anyway, because you want to identify all your customizations in the current site so you can re-make them on the new version.
http://www.zen-cart.com/entry.php?3-...d-of-upgrading

[elvisstuff]

Thanks for your help, DrByte. It's appreciated.