Unable to reset passwords for authors

Are you an Editor, Author, or Journal Manager in need of help? Want to talk to us about workflow issues? This is your forum.

Moderators: jmacgreg, michael, vgabler, John

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.
Posts: 4
Joined: Mon Feb 16, 2004 7:34 pm
Location: Hong Kong

Unable to reset passwords for authors

Postby spodick » Tue Feb 17, 2004 8:20 pm

Due to an odd set of experimentation, all of the passwords for all users in our test database somehow became completely corrupted.

I was able to use the install.php to reset the main administrator to a new account, log in with that, and start resetting passwords for the various reviewers, editors, and proofreaders. But those account which were authors, without being in any other category, are now permanently locked out of the system unless I try to delete and recreate ther accounts (which might lose the link between their record and their articles?). I did try the 'forgotten password', but the e-mail password fails when copied and pasted in, as it contains mostly high-bits and coes not copy and paste well (and looks completely different on different systems or e-mail programs).

I tried to reset the passwords manually in mysql, but either there is too much security on them or I am not issueing the correct commands.

Anyway, this is not important during this test, but I think there *should* be a way for the managing editor or administrator to be able to reset the passwords of authors.



Posts: 338
Joined: Tue Oct 14, 2003 8:23 pm

Postby kevin » Tue Feb 17, 2004 8:54 pm

I suspect in rerunning the installer you overlooked this note regarding the password salt used to encrypt user passwords:

This is a random value used to encrypt user passwords. You should not need to modify this value. However, if you are using this form to modify an existing OJS installation, you must enter the same value for your current password salt here or any existing users will be unable to log in after you submit this form.

If the password salt has been changed and you do not have a backup of the database from which to retrieve the previous value, the passwords currently in the database are now essentially gibberish (and likely not ASCII, as you observed when trying to retrieve the password via the "lost password" function).

It is an oversight on our part that the passwords of authors/readers cannot be reset from the administration interface (unless they are also registered in another role).

The only way to fix this would be to manually reset the password for those users in the database. For example, like this:

Code: Select all

SELECT chPasswordSalt FROM tbljournalconfig;
(note the value returned by this query)

UPDATE tblusers SET password = encode('NEW_PASSWORD', 'THE_PASSWORD_SALT') WHERE chUsername = 'SOME_USER';

Understandably, this is a bit awkward; this will likely not be an issue in the next major version of OJS as we are using a different scheme for storing user passwords (one-way MD5 encryption).

I would advise against deleting authors, as they will become disassociated from any articles they have submitted (unless you manually make changes to the database to reestablish the links).

Posts: 4
Joined: Mon Feb 16, 2004 7:34 pm
Location: Hong Kong


Postby spodick » Tue Feb 17, 2004 9:01 pm

Thanks for the clarifications - I had missed that salt value message. Thanks especially for the correct syntax for manually updating the relevant field in the mysql table, so that I can avoid all the problems of losing associations.

Testing is crucial. :) Eventually I will be scraping everything down to bedrock and starting from scratch, if things get approved and developed.

I am looking forward to the next version, especially as i thought I saw a reference on another htread to more data import/export options...

Take care,

Return to “OJS Editorial Support and Discussion”

Who is online

Users browsing this forum: Yahoo [Bot] and 3 guests