zenphoto forums » General Zenphoto Discussion

Couldn't log in, now an idiotic phrase? WTF is that?

(11 posts)
  • Started 11 months ago by Sponsi
  • Latest reply from acrylian

  1. Sponsi

    Junior
    Joined: Sep '10
    Posts: 8

    Hi,

    I was using the script (newest version, of course) normally. And the second user tells me she can't access the admin panel.
    OK, so I go, change the password... the site logs out automatically.
    I try the new password for the second user - no luck. Wrong password (WTF?).

    What is more, I try with the main admin account - WRONG PASSWORD?
    How come?

    Password reminder - some idiotic Woodchuck rhyme for children.
    What is the answer for the rhyme? I haven't heard ANY answer for this rhyme. WTF?
    Look at possible answers: http://wiki.answers.com/Q/How_much_wood_would_a_woodchuck_chuck_if_a_woodchuck_could_chuck_wood

    And the question doesn't refresh into some other... so it's not really a problem for bots. WTF?

    Is it something you implemented at some point? WTF?

    Guys, you are making the script more and more pain in the ass...

    Posted 11 months ago #

  2. Zenphoto development team
    acrylian

    Developer
    Joined: Jul '07
    Posts: 13,350

    If you want our voluntary help please mind your words.

    Zenphoto has two ways to reset the password if forgotten. First, a challenge response way (introduced with 1.4.2). What you see is the standard phrase set by default. You can set your own and of course your response on your user account. Second the old way, you can request a password reset via mail. That requires of course that you set an email address on your user account.

    If all that does not help because your provider maybe changed something on the database or its encoding, you can use the third way by deleting the administrator table in the database directly. The complete procedure is found on the troubleshooting.

    Don't forget to read the Forum rules and usage resources
    Posted 11 months ago #

  3. Sponsi

    Junior
    Joined: Sep '10
    Posts: 8

    You aren't afraid of words of criticism, are you?

    So what's the correct answer for the riddle?

    Oh... I should've chosen at some point the e-mail option. OK, I believe such complexity is a must...

    Posted 11 months ago #

  4. Zenphoto development team
    acrylian

    Developer
    Joined: Jul '07
    Posts: 13,350

    We welcome any critism. It is more how than what.

    When you setup your user account, you should have filled in the details. I just looked and in 1.4.2.4 there is not even a default riddle. So if you didn't fill it in there is no correct response. And if you have no email set, you have to delete the administrators table in the database and re-upload and re-run the setup script.

    Maybe we should make all fields required with 1.4.3. I will suggest that to the team.

    Don't forget to read the Forum rules and usage resources
    Posted 11 months ago #

  5. Zenphoto development team
    sbillard

    Chief Developer
    Joined: May '07
    Posts: 9,767

    There is no correct answere to the riddle nor should there be. If you want a simple solution you can use simple easy to guess passwords. If you want security, such complexity is inevitable.

    We will not make the fields required. Some people will not wish to use them.

    Don't forget to read the Forum rules and usage resources
    Posted 11 months ago #

  6. Zenphoto translation team
    Michel Gagnon

    Translator
    Joined: Apr '10
    Posts: 147

    Could I suggest that you make the email a required field for the administrator? That way, there is at least one person in the group that is able to access all user data.

    Posted 11 months ago #

  7. Zenphoto development team
    sbillard

    Chief Developer
    Joined: May '07
    Posts: 9,767

    "The Administrator? Now who would that be? We have only the concept of users with admin rights. And a user without admin rights will aquire it if" promoted" when other administrators have been deleted. So, when does the field become required. And what if the site does not support e-mail?

    No, it is the responsibility of the user to provide a basis for password reset. You cannot legislate common sense.

    Don't forget to read the Forum rules and usage resources
    Posted 11 months ago #

  8. Zenphoto development team
    acrylian

    Developer
    Joined: Jul '07
    Posts: 13,350

    Maybe we should just show a message on user account creation that either email or challenge response should be setup for a possible password reset?

    Don't forget to read the Forum rules and usage resources
    Posted 11 months ago #

  9. fdnyfish

    Senior
    Joined: Apr '11
    Posts: 96

    Make it a required field during setup

    Posted 11 months ago #

  10. Zenphoto development team
    sbillard

    Chief Developer
    Joined: May '07
    Posts: 9,767

    ????

    Setup does not have anything to do with the admin user tab.

    Don't forget to read the Forum rules and usage resources
    Posted 11 months ago #

  11. Zenphoto development team
    acrylian

    Developer
    Joined: Jul '07
    Posts: 13,350

    He probaly meant when setting up a (first) admin user so there is always a way to reset you cannot forget to setup.

    Don't forget to read the Forum rules and usage resources
    Posted 11 months ago #

RSS feed for this topic

Reply

You must log in to post.