Admin password reset

[FeelGoodWatches]

Running 1.5.0 on a new, clean install. Need to reset the admin p.w., but am not trusting the "Forgot p.w." routine in the admin login given the number of posts about it not working properly and I have NO desire (or skill) to go mucking about in SQL. I have noticed that the TOOLS > ADMIN SETTINGS link is missing from the Admin Home>Tools menu. Is this something that can be turned on/off or would it have to be hard-coded out of the menu? We do have the 90-day reset enabled for PCI compliance. Any help is appreciated.

[DrByte]

have noticed that the TOOLS > ADMIN SETTINGS link is missing from the Admin Home>Tools menu.

That menu option was relocated in v1.5.0 to a top-level menu: "Admin Access Management", which is "beside" the Tools menu, not "under" it.

[FeelGoodWatches]

That menu option was relocated in v1.5.0 to a top-level menu: "Admin Access Management", which is "beside" the Tools menu, not "under" it.

OK. And what do I do if "Admin Access Management" isn't on the menu bar? Thanks.

[DrByte]

Then I've got to ask you what exactly is different between your site and mine, assuming I just downloaded a fresh copy of the v1.5.0 code and uploaded it to my server and ran zc_install and logged into my admin.
How do I make mine look and behave just like yours?

[FeelGoodWatches]

Then I've got to ask you what exactly is different between your site and mine, assuming I just downloaded a fresh copy of the v1.5.0 code and uploaded it to my server and ran zc_install and logged into my admin.
How do I make mine look and behave just like yours?

That I can't tell you, as I did not do the install, but will need to change the password from time-to-time. I =could= use the Forgot PW in the log-in screen, but it just doesn't seem to be that robust and can cause errors which lead to not being able to log in. I can NOT have this happen as I'm in the catalog on a daily basis.

[DrByte]

So, is this all about a fear of passwords expiring unannounced?

If your fear is about the word "expire", then maybe it should have said "must be changed" instead of "will expire".

With computers and technology, the term "password expiry" has always meant "will need to be changed". Sorry if the wording has confused you.


Zen Cart will prompt you after the 90 day window passes, and tell you that you must change your password, and prompt you to do the change before it will let you continue with your login. Until then, simply go about your day happily using your store. It will prompt you in a friendly way when you need to change your password.

[FeelGoodWatches]

If your fear is about the word "expire", then maybe it should have said "must be changed" instead of "will expire".

With computers and technology, the term "password expiry" has always meant "will need to be changed". Sorry if the wording has confused you.


Zen Cart will prompt you after the 90 day window passes, and tell you that you must change your password, and prompt you to do the change before it will let you continue with your login. Until then, simply go about your day happily using your store. It will prompt you in a friendly way when you need to change your password.

I understand how the automatic prompting works, but what if we need to change the admin password in-between times due to an employee change. Don't know about you, but there's no way I'm not changing the p.w. when an employee leaves, even on good terms. Is it really that complicated that you have to go into the SQL manager to do so?

[DrByte]

Well, first, you should be assigning each person their own username and password. That's a permission granted only to the SuperUser or other users who the superuser designates. This is all under the Admin Access Management menu.
And then when an employee leaves the company, you simply delete their admin user account.

Next, when you're logged in, you can change the password to the user you're logged in as, simply by clicking on the "Account" link in the upper right corner, beside the Logoff link.

[FeelGoodWatches]

Well, first, you should be assigning each person their own username and password. That's a permission granted only to the SuperUser or other users who the superuser designates. This is all under the Admin Access Management menu.
And then when an employee leaves the company, you simply delete their admin user account.

Next, when you're logged in, you can change the password to the user you're logged in as, simply by clicking on the "Account" link in the upper right corner, beside the Logoff link.

Hmmm. Makes me wonder if the guy that set up the account might have set this login up as a "normal" user level and not a Super User. Will have to ask. I do appreciate the info.