Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2007
    Location
    Vancouver, Canada
    Posts
    1,530
    Plugin Contributions
    80

    Default Admin Password Reset Password Not Accepted

    On a fresh installation of Zen Cart 1.5.7c (database was upgraded from 1.5.5, but files are vanilla) using PHP 7.4 and MySQL 8.0 if you reset your password through the admin forgotten password function, then log out of the admin, you cannot log back in with the new password that you set.

    If after resetting your password you to go ADMIN > ADMIN ACCESS MANAGEMENT > ADMIN USERS > USER > RESET PASSWORD and input the exact same password, it is saved in the database using a different encrypted string from previous. Login now works fine.

    Post values match.

    Any ideas why this would be happening? The two pathways to reset the password appear to be the same.

  2. #2
    Join Date
    Apr 2007
    Location
    Vancouver, Canada
    Posts
    1,530
    Plugin Contributions
    80

    Default Re: Admin Password Reset Password Not Accepted

    Update: The different string for the same password was a red herring as that is purposeful with the password_hash function

    The password being used is: LmlX^&431718

    When created through the Forgotten Password on admin login, it allows you to login one time, and then never again. If you use this password in ADMIN USERS password reset, it works permanently.

    If I used a different password altogether, it works in both instances.

    Very strange.

  3. #3
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    10,637
    Plugin Contributions
    78

    Default Re: Admin Password Reset Password Not Accepted

    There have been issues (due to htmlspecialchars) with admin passwords containing any of the characters controlled by that function, e.g. ' " & > <.

  4. #4
    Join Date
    Apr 2007
    Location
    Vancouver, Canada
    Posts
    1,530
    Plugin Contributions
    80

    Default Re: Admin Password Reset Password Not Accepted

    Quote Originally Posted by lat9 View Post
    There have been issues (due to htmlspecialchars) with admin passwords containing any of the characters controlled by that function, e.g. ' " & > <.
    That aligns with my conclusion. It's just a heads scratcher why the same password works in one place but not another...

 

 

Similar Threads

  1. v156 Admin Password reset emails not archived?
    By RixStix in forum General Questions
    Replies: 3
    Last Post: 16 Apr 2020, 06:41 PM
  2. Replies: 1
    Last Post: 1 Feb 2015, 03:12 PM
  3. v153 Admin password not accepted after localhost import
    By lat9 in forum General Questions
    Replies: 0
    Last Post: 9 Dec 2014, 08:31 PM
  4. v150 admin password expired, won't reset, will not send new password to email
    By baltimorestreetmods in forum General Questions
    Replies: 2
    Last Post: 6 Sep 2012, 07:16 PM
  5. Password not showing in Customer Password Reset Email
    By izuno in forum General Questions
    Replies: 2
    Last Post: 7 Oct 2008, 04:10 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR