Results 1 to 10 of 10
  1. #1
    Join Date
    Sep 2007
    Location
    Far South Coast, NSW, Australia
    Posts
    436
    Plugin Contributions
    0

    Default forced password change not working

    I'm getting that screen that says my password needs to be changed. I've now tried four times, and each time it tells me "Sorry, your new password was rejected. Passwords must contain both letters and numbers, must be at least 7 characters long, and must not be the same as the last 4 passwords used. Passwords expire every 90 days, after which you will be prompted to choose a new password."
    I'm following the rules but it's still rejecting every new password I put in.

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: forced password change not working

    In my experience that error message appears for exactly the reasons stated. There have been dozens of times people have finally confessed that they were re-using old passwords and didn't believe they'd actually already used it. Once I even got caught using 6 characters and didn't realize it was 6 not 7. And then re-typing it got me too.


    I suppose the edge case could be that you've installed some plugin/mod that changed how passwords are handled, and it's malfunctioning.


    If you want to just reset the admin user in the database, use: http://www.zen-cart.com/content.php?...admin-password ... that'll give you a very specific admin password, and you'll have to use the Change Password option in your Admin (click the "Account" link beside the "logout" link in top right of Admin screen) to change the password. Or let it expire and change it then.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Sep 2007
    Location
    Far South Coast, NSW, Australia
    Posts
    436
    Plugin Contributions
    0

    Default Re: forced password change not working

    Nup, in the end I just made up a nonsense one and it still gave me the same message. They were all at least 7 characters, all had numbers and letters. I'll do it via the database, thanks.

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: forced password change not working

    FWIW, if your store doesn't need to be PCI Compliant, you could upgrade to v155 which allows you to turn off the forced 90-day pwd change.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Sep 2007
    Location
    Far South Coast, NSW, Australia
    Posts
    436
    Plugin Contributions
    0

    Default Re: forced password change not working

    What is PCI? That's appealing, turning that forced password reset off. :)

  6. #6
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    2,669
    Plugin Contributions
    9

    Default Re: forced password change not working

    PCI-DSS - personal cardholder information data security standard.

    a "standard" for protecting credit card data.

    see:

    https://www.pcisecuritystandards.org/pci_security/
    author of square Webpay.
    mxWorks has premium plugins. donations: venmo or paypal accepted.
    premium consistent excellent support. available for hire.

  7. #7
    Join Date
    Sep 2007
    Location
    Far South Coast, NSW, Australia
    Posts
    436
    Plugin Contributions
    0

    Default Re: forced password change not working

    We only do Paypal so I guess we're safe. Thanks.

  8. #8
    Join Date
    Jul 2017
    Location
    United States
    Posts
    10
    Plugin Contributions
    0

    Default Re: forced password change not working

    I had the exact same problem. Turned out that the issue was not with the new password, but the old password. My browser was autofilling an older password, but I didn't notice because it was shown as *******. I looked up the current password and entered that, and the new password was accepted.

    Quote Originally Posted by jenpen View Post
    I'm getting that screen that says my password needs to be changed. I've now tried four times, and each time it tells me "Sorry, your new password was rejected. Passwords must contain both letters and numbers, must be at least 7 characters long, and must not be the same as the last 4 passwords used. Passwords expire every 90 days, after which you will be prompted to choose a new password."
    I'm following the rules but it's still rejecting every new password I put in.

  9. #9
    Join Date
    Jun 2009
    Location
    Sparta, TN
    Posts
    158
    Plugin Contributions
    0

    Default Re: forced password change not working

    I have/had the same problem of login when I first built my 157c and now at first password forced change. I HAD to use the phpMyAdmin to get passwords to reset. I'm positive I had not reused the passwords based on the source I get them. 157c is the only upgrade that I've had this issue with, but thankfully the phpMyAdmin fix works.
    My store - closed 12/05/2023
    1.5.7d (upgraded from 1.5.7b), clone a template (cloned Responsive Classic Template), Sitemap XML v4.0, Square WebPay, PayPal Express Checkout, PHP Version: 7.4.29 (Zend: 3.4.0)

  10. #10
    Join Date
    Jun 2009
    Location
    Sparta, TN
    Posts
    158
    Plugin Contributions
    0

    Default Re: forced password change not working

    I'm only using PayPal right now, so if this does happen again I'll turn off the expiry in Admin->Configuration->My Store. There's a PA-DSS setting there related to admin pwd expiration.
    https://www.zen-cart.com/showthread....ghlight=90-day
    My store - closed 12/05/2023
    1.5.7d (upgraded from 1.5.7b), clone a template (cloned Responsive Classic Template), Sitemap XML v4.0, Square WebPay, PayPal Express Checkout, PHP Version: 7.4.29 (Zend: 3.4.0)

 

 

Similar Threads

  1. v154 Admin Password Forced Change
    By adb34 in forum General Questions
    Replies: 19
    Last Post: 28 Sep 2015, 04:31 PM
  2. v139h Login not working -- program not emailing password
    By cshart in forum General Questions
    Replies: 0
    Last Post: 23 Jul 2012, 04:52 PM
  3. v150 Forced Admin Password Change
    By lynbor in forum Upgrading to 1.5.x
    Replies: 2
    Last Post: 20 Feb 2012, 08:13 PM
  4. Forgotten password not working...
    By 95 Boyz in forum General Questions
    Replies: 1
    Last Post: 20 Nov 2008, 06:12 PM
  5. Password changed & Resend Password not working?
    By AccurateOptics in forum General Questions
    Replies: 2
    Last Post: 2 Sep 2006, 03:38 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR