Password recovery

[eon]

You have does days that everything goes wrong. For some reasons you can't log in you Pixelpost-admin and the email-recovery isn't working. Live sucks

Place this file (password_recovery.php) in the root of your site and run it. Fill in all questions and you will have a totally new and fresh password!

Note: After testing your password don't forget to delete password_recovery.php.

http://www.pixelpost.org/v1/devfiles/?id=150

================================================== =========================
Update

password_recovery.php works perfect for PP1.4.3 and PP1.5beta.
For people who don't know how to use this tool, here a howto

password_recovery.php works like this:
1) put password_recovery.php next to index.php
2) run password_recovery.php (go to www.my_site_name.com/password_recovery.php or something)
3) Fill in all the require information.
TIP: all the information you need, you will find it in /admin/pixelpost.php

• Host, your hostname, mostly is this localhost;
• Database-user, fill in you database user (see tip);
• Database-password, fill in the password (see tip);
• Database-name, fill in the database name (see tip);
• Database-prefix, fill in the database prefix, mostly this is pixelpost_ (see tip);
• Name of admin, you need to know your admin name. This is your login name in the admin-section of Pixelpost. Don't fill in a new admin-name!
• New password of admin, this one is easy, put here you new password.
• Confirm new password, put here (again) your new password.

4) Press "Recover".
If you use the wrong database information you will see this:

Quote:

Connect DB Error: Access denied for user 'pixelpost_user'@'localhost' (using password: YES)Select DB Error: Access denied for user ''@'localhost' to database 'pixelpost'Database error: No database selected
Updating the new password failed.

If you use 2 different passwords you will see this:

Quote:

Passwords are different!

If you fill in everything correctly you will see this:

Quote:

Password changed
NOTE: After testing your password don't forget to delete this file!

5) Now test is you can login with your new password.
6) If the password is oke:
DELETE password_recovery.php!!!

[blinking8s+]

i havent tested this, but if users post back with a thumbs up, this will get sticked over at pixelpost 101

[se.nsuo.us]

Indeed! but the warning for deletion should in 1 mile high letters

[blinking8s+]

what about if it broke the use of the system, so that you cant view the front end until the file is deleted, even a warning generated warning in the admin or above the front end of the template to remove the file wouldbe a solid solution. We've tried 1 mile high letters before on things, people dont like to read, but if it's existence renders viewing the blog useless then it might work better.

[Dkozikowski+]

I was going to suggest that earlier blinging8s. PHPBB does the same thing. If PHPBB finds a few specific folders, it will not run until those folders are deleted.

[eon]

Quote:

Originally Posted by blinking8s

what about if it broke the use of the system, so that you cant view the front end until the file is deleted, even a warning generated warning in the admin or above the front end of the template to remove the file wouldbe a solid solution. We've tried 1 mile high letters before on things, people dont like to read, but if it's existence renders viewing the blog useless then it might work better.

That's oke The dev team is going to make that?

[blinking8s+]

we'll, it's not on our current checklist, but a better password system should be available for sure.

in the future though, i would personally like to see the login set to email and password rather than username and password, so it is 100% set to somethign legit for password recovery.

[eon]

The program is quite save. You need also to fill in the databasename, username and password of the database.

[se.nsuo.us]

Quote:

Originally Posted by eon

The program is quite save. You need also to fill in the databasename, username and password of the database.

I dont expect the person who lost his password to have that information handy... One usually uses the admin section more than the database itself

[eon]

Quote:

Originally Posted by se.nsuo.us

I dont expect the person who lost his password to have that information handy... One usually uses the admin section more than the database itself

They can find that information in /include/pixelpost.php. Of course it will be a problem when you don't know your ftp-accountinformation anymore.