Admin password... lost ..wtf

My Dolphin 7.1 admin account password was lost/or changed. but when I try to retrieve it via email it didn't work. I checked the spam email folder but the retrieve password email from my site not there. 

There's something weird going on lately. I suddenly cannot log in my Dolphin site using admin username +pass, my members in the forum which is based on another database also have trouble logging. I check the admin tasks but don't see anything changes. so it come down to sql database. Is there any database command that can be run by phpmyadmin or script that wipes out the hex password table? 

This is some serious shit because the members will think that the admins change their password to log in their account to look through PMs etc... Regular Joe users don't know jack shit about database, password table or SQL command, even if you explain to them they still don't believe anything because most of them don't understand the concepts.

Quote · 17 Sep 2013

at this link I share a fix: http://www.boonex.com/forums/topic/Cannot-retrieve-admin-password-.htm

DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price!
Quote · 17 Sep 2013

Just to note. If that method does not allow you to login, then you have a different problem that has nothing to do with the passwords stored in the database.

Damaged files such as member.php have been know to cause this problem as well.

To many people assume that if you can't login, then it has to be the password. Well unfortunately that is not always the case.



https://www.deanbassett.com
Quote · 17 Sep 2013

Passwords in Dolphin are encrypted and have some random number added to it, called a Salt. This is to make it harder to crack passwords. It also means that just removing the table is not going to solve your issue because encrypting an empty string still gives you  a value, which does not match the empty field in the database.

 

Eventhough no one can logon, it seems odd that all passwords have been changed.  This would mean someone has access to the emailaddresses in your database. I think there is something else going on. Did  you do anything to the membership levels, or changed profile fields?

 

If you really believe that this was caused by someone resetting the accounts...

Theoratically it would be possible to get the email adresses of all users, just by using a bot to enter emailadresses on the password forgot page. It gives an error if an email address doesn't exist. If the email address does exist, Dolphin changes the password immidiatly but I would expect at least some of your members to complain about it.

 

If you want to change the way passwords work, I have written a module that takes care of all the above mentioned issues and it's available for all versions of Dolphin 7

 

http://www.boonex.com/m/advanced-password-forgot

Dedicated servers for as little as $32 (28 euro) - See http://denre.com for more information
Quote · 17 Sep 2013

Thank you, I will try your suggestions this weekend.

Quote · 20 Sep 2013
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.