sometimes you cant remember your password and the "recover password" is not working (mail config or something with htaccess), so here's what i did:
1) create a dummy acount with password 1234
2) go to the phpmyadmin, your_table, arfooo_users then just copy the password code (i think its md5) to the user you want to change the password, so it changes to 1234
i'm sure there are other ways but this is so simple ;P
more tips (.htaccess)
# domain.com TO www.domain.com
RewriteCond %{http_host} ^YOURDOMAIN.com [NC]
RewriteRule ^(.*)$ http://www.YOURDOMAIN.com/$1 [R=301,L]
# to avoid duplicate content (SEO) if you have multiple domains pointing to just one directory
RewriteCond %{HTTP_HOST} ^www.domain222.net$[OR]
RewriteCond %{HTTP_HOST} ^domain222.net$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
Problems to login with 1.0.9 version
Moderator: effi
4 posts
• Page 1 of 1
Re: Problems to login with 1.0.9 version
Hello,
Till this time I have not deeply analysed the problem. However, according to your suggestion that relates the problem to JavaScript's files *.js, I may suggest to try login using another web browser.
If really, the problem related to Javascript, this will mean it is a client side dependent problem, so using of another browser may mean a temporary solution.
++++++++++++++++
Again! I have just made an initial analysis for the problem and it may be due to a scurity bug!.
The lost password mechanism follows a wrong behavior. It is just requires the user email supplied to the field and then the password is automatically changed, then it will be sent to your email. In this case, if your email service provider works fine, the email sent with your new password may be got lost! This simply means that, anyone are able to partially hijack the user's account by knowing his registered email and so prevent him to log in his account.
I've done an experminet using two emails addresses one is uses gmail.com and the other uses yalla.com. Ofcourse gmail is the best and powerful than yalla.com, so I have received the email with the new password and everything go well, but the yalla.com, lost the email!.
The lost password mechanism should be changed, to be, there is no any change to the password without user's confirmation code.
At current time I have no enough background about the script or even skills to do such modification, We just need to ask Arf to cover it among the incoming version or releasing a batch for it.
Till this time I have not deeply analysed the problem. However, according to your suggestion that relates the problem to JavaScript's files *.js, I may suggest to try login using another web browser.
If really, the problem related to Javascript, this will mean it is a client side dependent problem, so using of another browser may mean a temporary solution.
++++++++++++++++
Again! I have just made an initial analysis for the problem and it may be due to a scurity bug!.
The lost password mechanism follows a wrong behavior. It is just requires the user email supplied to the field and then the password is automatically changed, then it will be sent to your email. In this case, if your email service provider works fine, the email sent with your new password may be got lost! This simply means that, anyone are able to partially hijack the user's account by knowing his registered email and so prevent him to log in his account.
I've done an experminet using two emails addresses one is uses gmail.com and the other uses yalla.com. Ofcourse gmail is the best and powerful than yalla.com, so I have received the email with the new password and everything go well, but the yalla.com, lost the email!.
The lost password mechanism should be changed, to be, there is no any change to the password without user's confirmation code.
At current time I have no enough background about the script or even skills to do such modification, We just need to ask Arf to cover it among the incoming version or releasing a batch for it.
Best Regards,
, just another customized Arfooo directory.
, just another customized Arfooo directory.
- saidbakr
- Posts: 66
- Joined: Wed Jul 23, 2008 9:09 pm
- Location: Egypt
4 posts
• Page 1 of 1
Return to Installation, support and bug reports
-
- Related topics
- Replies
- Views
- Last post
-
- Your version is not up to date
by effi » Tue Nov 23, 2010 5:59 am - 5 Replies
- 3775 Views
- Last post by umarizal
Fri Nov 26, 2010 7:23 am
- Your version is not up to date
-
- How update from 1.0.9 to 2.0.0 version?
by Mike » Thu Mar 11, 2010 9:01 am - 4 Replies
- 2090 Views
- Last post by Mike
Fri Mar 12, 2010 8:30 pm
- How update from 1.0.9 to 2.0.0 version?
-
- Administrator login?
by dlawyer » Thu Mar 25, 2010 2:29 am - 1 Replies
- 1352 Views
- Last post by effi
Thu Mar 25, 2010 7:15 am
- Administrator login?
-
- No login after update to 2.0
by jamecs » Thu Feb 25, 2010 6:44 am - 2 Replies
- 1768 Views
- Last post by Arf
Sat Feb 27, 2010 9:00 am
- No login after update to 2.0
-
- admin login
by tmash » Tue May 04, 2010 8:57 pm - 3 Replies
- 4403 Views
- Last post by eingli
Tue Sep 07, 2010 7:26 am
- admin login
Who is online
Users browsing this forum: No registered users and 0 guests