I have a problem with the access of my admin user to the backoffice of the prestashop store.
The sequence I use is to enter user and password and it does not enter in the admin side.
The weird thing is that when I enter the right user and password does not return me any message. I have entered a wrong password on purpose and it returns me an error message (that is what I expect).
I have changed the password using the “forgot password” method and I have also do a process of updating it manually through this process:
https://www.prestashop.com/forums/topic/4843-lost-password-the-solution-is-in-the-forum-but-in-french/
and it has not worked either.
I have checked the whole environment and I was not able to find anything strange. I have looked for other similar situations and I was not able to find other reasons.
What could be happening?
What else should I check?
Best regards
Check your ps_employee table.
Manually reset password for your admin user.
Edit record,
set password 'MD5' type. enter new password in value input type and just after your newpassword put your _COOKIE_KEY_ which you can get from config/settings.inc.php.
Then check.
Your issue will be solved.
Related
The steps mentioned at Reset User Password seems a bit confusing to me.
For example, A user normally reset his password because he cannot remember existing one.
Now, the above link mentions that
The refresh token can be retrieved by calling user.token after logging in via Realm.Sync.User
But, as user does not know his current password, how can the app get the refresh token?
I seem to be missing something here, not sure what..
Would be nice if someone could explain the complete steps for password reset by user.
"Password reset" is a bit of a misnomer. The functionality in question is intended for a logged-in user to change their own password (for example, from a "Settings" or "Profile" screen), or for a user with administrative privileges to change an arbitrary user's password.
There is another common use case in which a user who is logged out and does not remember their password wishes to reset it. In many cases this process involves sending them an email with a link which, upon being visited, will allow them to specify a new password. The Realm Object Server doesn't support this sort of password reset out of the box; you may want to file an issue at its issue tracker to request it (since it seems quite important).
Just a quick question. I have setup a backend using Firebase and I am using swift. I have the create a user, login a user and forgot a password all working correctly. But does anyone know how to check when a user logs in if they are using the reset password from the email which was sent out.
What I want to do is check upon login if they are using the email reset password and if so I can then enforce a password change upon them. I cannot seem to find out how to do this.
Thanks
Once a user requests a forgot password email, they will receive an email with a temporary (24 hour) token that they must log-in with and then change their password from there.
Check the documentation for more information regarding password and email changes within your application. https://www.firebase.com/docs/ios/guide/login/password.html
The way I handled this was slightly differently than what you described, but it gets to the same place. After the user gets a temporary password they are prompted to enter in the temporary password sent to their email. Immediately after they enter it they are then asked to change their password to something new before they can proceed. I figured those temporary passwords are so complex no one is going to remember or hold onto them for long, so it's best to get them using their own password ASAP.
https://firebase.google.com/docs/reference/ios/firebaseauth/api/reference/Classes/FIRAuth
In Swift 3.x and Firebase 3.x
FIRAuth.auth()?.sendPasswordReset(withEmail: email) { error in
// Your code here
}
Firebase 4 Version
Auth.auth().sendPasswordReset(withEmail: email) { error in
// Your code here
}
I m admin of a Umbraco CMS, we don't have access to code.
A user changed his password and forget. I tried to log in as admin and resetting passwrod but I just discovered that link is not working.
Can you please guide how I reset password for that user ? Even there is no link if forget password. Is there a way to reset in DB without modifying configuration files ?
EDIT
attaching screen short. In admin panel under Users section Change Your Password link is not working. Please see its highlighted areas.
In the admin interface go to the user section select the user in the user navigation tree and click the change password link(is it this link that is not working?), which should show two new text boxes "change password and confirm password" remember to hit save when done.
It can be done using the database as well change the hashed password in the umbracoUser table to a hash of a password that you know. This forum have some ideas of hashed passwords.
http://our.umbraco.org/forum/using/ui-questions/4790-ouch-forgot-admin-password-how-to-reset?p=2
I'm trying to create a new user in MODX REVOLUTION 2.3.0 but for some reason, the user cannot access the manager area. I tried to clear every bit of cache as well as to made sure the password is created by the system (email has been sent) and the user belongs to the Users Group.
Strangely, when looking at the user settings, it says that the user has made some 10 logins, but in reality, he has not.
When I type a wrong password, I get the wrong password error message, when I type a correct password, the input field gets cleared and nothing else happens.
Any idea how to solve this?
Thanks.
It seems that user don't have access to mgr context. Any user needs «frames» permission to get access to the manager.
Try to update user's data and make him a sudoer. It'll help to understand if wrong permissions cause the problem.
Exactly. Like #proxyfabio said, he needs access to the manager. To at least asses if the user login works, give him temporary SUDO rights. If that works, work your way from the ground up.
Make sure an Access Policy Template and Access Policy is created. Make sure the policy contains "frames" and is checked at the Policy Template edit screen. Next, PLEASE, make a separate Role, like "Customer". Go into the Aministrator group (or again, PLEASE, create a Customer group) and head on over to the Users tab. Add the User to the group with the Role Customer - "your level" (I usually use increments of 500 or 1000).
Under Context Access, add the user to the mgr context with the specified role and your Customer policy. Do the same for web if you with to avoid any in depth issues.
Finally, save your settings, flush your permissions, clear your cache and optionally flush your sessions table (you can also delete cookies for the browser you're using). When you've done all that, create an Incognito tab in Chrome or Firefox to avoid issues and try the login again.
I have somewhat the same issue if I try login a duplicate manager user from an android phone, the login count goes up, wrong password gives error and correct password just refresh the login page.
However logging in from a computer works. Initially it didn't...
Here are my steps:
Duplicate manager user
Set new password
Login fails
Click forget login for e-mail
Login successfully (computer) with the new generated password
Change original password to original password!? :D
Login works everywhere except my phone
I'm trying to do the following: I have a page with a form for login and password.
Is it possible to use this form for both registration and authorization. For example i'm visiting the page for the first time and enter my email and password. Then if such email already exists i get an error, otherwise an account is created for me. Searching for the way of implementing this gave no results.
Does anyone know hot to make it possible?
This approach has one drawback: If user mistyped password then he would probably never login again. Solution - to use email for password recovery.
Other approach is to let user input email and while user will type password check if email is already in database. If it's not available then add password confirmation field to the form.
How to make it possible? Just program the necessary logic on server-side and client-side.