Feature request: Administrator change user password (Features)

by danielb987, Monday, April 10, 2017, 13:37 (2567 days ago)

Hello,

A much desired feature is the ability for an administrator to change a user's password.

There are two reasons for this:

1) Sometimes a user is not able to request a new password. For example, sometimes a email server is blocked due to spam and as a result no email comes thru. I have seen examples in Sweden of a large Internet provider which had a lot of problems with it's own email servers that got blocked due to spam.

2) If a user account doesn't work, it is useful for me as a administrator to be able to set a new password to see if I am able to login to the user's account.

In the meantime, is there a solution to set the user password, for example by a SQL query in phpMyAdmin? I know the user ID.

Best regards,
Daniel

Avatar

Feature request: Administrator change user password

by Micha ⌂, Monday, April 10, 2017, 14:56 (2567 days ago) @ danielb987

Hi,

In the meantime, is there a solution to set the user password, for example by a SQL query in phpMyAdmin? I know the user ID.

Just use a MD5-Hash, see functions.inc.php line 2087ff

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Avatar

Feature request: Administrator change user password

by Auge ⌂, Tuesday, April 11, 2017, 12:06 (2566 days ago) @ Micha

Hello

Just use a MD5-Hash, see functions.inc.php line 2087ff

To use md5 nowadays would be disastrous! That said, I can't see any call for md5 in the function that you linked. MLF2 only generated sha1-hashes but sha1 itself is inappropriate especially for password hashing and in general outdated nowadays. The next function is_pw_correct makes use of md5 in case of password hashes from old versions.

Nowadays a check-password-function should enforce the users to generate a new password with an actual hashing algorithm at the next login attempt and should delete the md5-hash of the (old) password from the records. For the password hashing itself we should use the function password_hash in future versions. At that point the minimal PHP-version would raise to 5.5.hash.php]password_hash[/link] in future versions. At that point the minimal PHP-version would raise to 5.5.

Tschö, Auge

--
Trenne niemals Müll, denn er hat nur eine Silbe!

Avatar

Feature request: Administrator change user password

by Micha ⌂, Tuesday, April 11, 2017, 14:45 (2566 days ago) @ Auge

Hi,

Just use a MD5-Hash, see functions.inc.php line 2087ff

I can't see any call for md5 in the function that you linked.

I didn't link to a function itself or named a function. I linked to a line in the source code of the file functions.inc.php and "ff" means "and the next x lines". ;-)

/Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

Feature request: Administrator change user password

by danielb987, Wednesday, April 12, 2017, 04:46 (2565 days ago) @ Micha

Hi,

In the meantime, is there a solution to set the user password, for example by a SQL query in phpMyAdmin? I know the user ID.


Just use a MD5-Hash, see functions.inc.php line 2087ff

/Micha

Thanks!

Daniel

RSS Feed of thread