Home General support

Lost Admin Password

rtwingfield Member
in General support
I cannot find any concise instruction or guide to upgrade from zenphoto-1.4.0.2 to zenphoto-1.4.0.4.

What I have done is download zenphoto-1.4.0.4.tar.gz and run gunzip followed by "tar -xvf zenphoto" after first moving the zenphoto directory to "zenphoto.1.4.0.2" (as a backup).

I have not deleted the MySQL database associated with the 1.4.0.2 installation.

The reason for this "upgrade" is because I've lost the ZenPhoto administration password. The eMail interface to email a password reset has never worked. Apparently, you cannot simply change the password in the MySQL table/element (field) because ZenPhoto uses some obscure encryption . . .whatever to obfuscate the actual value as stored in the MySQL database . . .I've already tried to change the password via phpMyAdmin and essentially learned that I've screwed myself.

Now, when trying to reinstall the ZenPhoto application, the setup.php script goes into "upgrade" mode and apparently is prompting for the password . . .which I don't know . . .and the CAPTCHA thingy (as I've previously mentioned) doesn't work, i.e., the eMail module is not/does not work.

Should I save 1) ".htaccess" and 2) "zp-config.php", (for reuse as currently configured) and whack the entire MySQL data base and start over.

That's my inclination -- there needs to be a better solution to overriding or replacing lost passwords. This does not need DOD security clearance.

Comments

  • sbillard Member
    I presume that this link was too hard to find? http://www.zenphoto.org/news/installation-and-upgrading. It is just sitting right under the download buttons on the main page of the website.

    But of course, upgrading is pretty much independent of how you deal with lost passwords. That is described in the troubleshooting entry: http://www.zenphoto.org/news/i-forgot-my-admin-password-now-what-do-i-do-

    As with most problems, it is always better to use an ounce of prevention. For instance, it would have been best to get the mail module working BEFORE you needed it.

    It is of course, also best to resolve password problems BEFORE making any other changes.

    Sorry that you think that DOD (which Zenphoto is far from) security is not needed on passwords. I suspect that others would not agree to a lax security.

    Anyway, follow the final option of the troubleshooting guide and you will be back and running.
  • rtwingfield Member
    As a mater of fact, I COULD NOT search and find the suggested URL. I'm going to whack the admin. table and try again.

    Thanks,
    RW
  • rtwingfield Member
    BTW, I do run ZenPhoto under SSL. Additionally, we use a preliminary userid/passwd that is required to even access the ZenPhoto application, that is implemented using unix .htaccess and .htpasswd technology. Additionally, access to the MySQL data base interface is also password protected.

    Finally, I have looked at the php code regarding the ZenPhoto password generation process, and it seems to me that a simple utility could be written to regenerate the password without having to whack the entire "zp-administrators" table, followed by rerunning the "setup.php" procedure. If I can find the time, then I may write the same. After all, the crucial "thing" is the value in the "pass" element in the "zp-administrators" table. Just make it easy to replace the value. The function could be a restricted application.
  • sbillard Member
    There is just such a utility--the password reset function, but for that to work you do have to have the e-mail working. How would you like the utility controlled? Anyone can run it? Not likely to be a good choice. Maybe we should require a password to run the utility....

    We really can't make things idiot proof--for sure some idiot will prove it not so.
Sign In or Register to comment.