OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Unable to reset passwords for authors

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
This forum is meant for general questions about the usability of OJS from an everyday user's perspective: journal managers, authors, and editors are welcome to post questions here, as are librarians and other support staff. We welcome general questions about the role of OJS and how the workflow works, as well as specific function- or user-related questions.

What to do if you have general, workflow or usability questions about OJS:

1. Read the documentation. We've written documentation to cover from OJS basics to system administration and code development, and we encourage you to read it.

2. take a look at the tutorials. We will continue to add tutorials covering OJS basics as time goes on.

3. Post a question. Questions are always welcome here, but if it's a technical question you should probably post to the OJS Technical Support subforum; if you have a development question, try the OJS Development subforum.

Unable to reset passwords for authors

Postby spodick » Tue Feb 17, 2004 8:20 pm

Due to an odd set of experimentation, all of the passwords for all users in our test database somehow became completely corrupted.

I was able to use the install.php to reset the main administrator to a new account, log in with that, and start resetting passwords for the various reviewers, editors, and proofreaders. But those account which were authors, without being in any other category, are now permanently locked out of the system unless I try to delete and recreate ther accounts (which might lose the link between their record and their articles?). I did try the 'forgotten password', but the e-mail password fails when copied and pasted in, as it contains mostly high-bits and coes not copy and paste well (and looks completely different on different systems or e-mail programs).

I tried to reset the passwords manually in mysql, but either there is too much security on them or I am not issueing the correct commands.

Anyway, this is not important during this test, but I think there *should* be a way for the managing editor or administrator to be able to reset the passwords of authors.

:(

-Edward
spodick
 
Posts: 4
Joined: Mon Feb 16, 2004 7:34 pm
Location: Hong Kong

Postby kevin » Tue Feb 17, 2004 8:54 pm

I suspect in rerunning the installer you overlooked this note regarding the password salt used to encrypt user passwords:

This is a random value used to encrypt user passwords. You should not need to modify this value. However, if you are using this form to modify an existing OJS installation, you must enter the same value for your current password salt here or any existing users will be unable to log in after you submit this form.


If the password salt has been changed and you do not have a backup of the database from which to retrieve the previous value, the passwords currently in the database are now essentially gibberish (and likely not ASCII, as you observed when trying to retrieve the password via the "lost password" function).

It is an oversight on our part that the passwords of authors/readers cannot be reset from the administration interface (unless they are also registered in another role).

The only way to fix this would be to manually reset the password for those users in the database. For example, like this:

Code: Select all
SELECT chPasswordSalt FROM tbljournalconfig;
(note the value returned by this query)

UPDATE tblusers SET password = encode('NEW_PASSWORD', 'THE_PASSWORD_SALT') WHERE chUsername = 'SOME_USER';


Understandably, this is a bit awkward; this will likely not be an issue in the next major version of OJS as we are using a different scheme for storing user passwords (one-way MD5 encryption).

I would advise against deleting authors, as they will become disassociated from any articles they have submitted (unless you manually make changes to the database to reestablish the links).
kevin
 
Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

thanks!

Postby spodick » Tue Feb 17, 2004 9:01 pm

Thanks for the clarifications - I had missed that salt value message. Thanks especially for the correct syntax for manually updating the relevant field in the mysql table, so that I can avoid all the problems of losing associations.

Testing is crucial. :) Eventually I will be scraping everything down to bedrock and starting from scratch, if things get approved and developed.

I am looking forward to the next version, especially as i thought I saw a reference on another htread to more data import/export options...

Take care,
spodick
 
Posts: 4
Joined: Mon Feb 16, 2004 7:34 pm
Location: Hong Kong


Return to OJS Editorial Support and Discussion

Who is online

Users browsing this forum: No registered users and 1 guest

cron