View Issue Details

IDProjectCategoryView StatusLast Update
0017027phpList 3 applicationSecuritypublic15-02-14 13:10
Reporteralpha1 Assigned To 
Status resolvedResolutionfixed 
Product Version3.0.5 
Target Version3.0.6Fixed in Version3.0.6 
Summary0017027: Creating new Admin, leaves admin without password
Creating a new admin, does not allow a password to be imputed.
This allows the new user (which can be a super admin) to log in with no password.

Password cannot be reset by editing admin or requesting a fogotten password email. Both result in this error "Error sending password change token"

Steps To ReproduceInstall 3.0.5
Config->Manage Administrators->Add New Admin->
Add a username and email
if you want make them a super admin. Give it privileges if you want, i gave them all 4 checkboxed.

Login with the user's name and no password. You now have full access
Additional Informationin extended_config:
$require_login = 1;
TagsNo tags attached.



21-01-14 00:58

administrator   ~0052588

The idea is that on creation of an admin the change password email is sent. But if that fails, then yes, it should not be possible to login.

Will be good to verify that.


21-01-14 14:26

reporter   ~0052591

Yep that's exactly it, i had a typo in my smtp server which prevented it from sending.


15-02-14 13:10

administrator   ~0053040

rev 4329