[SOLVED] password reset not taking

Loady wrote: ↑

Sun May 19, 2024 9:00 pm

I am pretty much locked out of my account, i use a password manager and log in on two devices, it just randomly say user/pass incorrect and then after the second failed attempt i am locked out for one hour with an offer to reset password, i do this and the password stills says it is wrong.

JNeuhoff wrote: ↑

Sun May 19, 2024 9:14 pm

Loady wrote: ↑

Sun May 19, 2024 9:00 pm

I am pretty much locked out of my account, i use a password manager and log in on two devices, it just randomly say user/pass incorrect and then after the second failed attempt i am locked out for one hour with an offer to reset password, i do this and the password stills says it is wrong.

At the danger of repeating myself here: If you really want help then you have to provide more details, see forum rules.

Johnathan wrote: ↑

Sun May 19, 2024 10:24 pm

Which account? Your forum account? Your OpenCart marketplace account? Your store?

If it's your store, then you can temporarily allow yourself to log in with any username/password by making this edit:

------------------------------------------------------------------------------
IN:
/system/library/cart/user.php

AFTER:
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username = '" . $this->db->escape($username) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'");

ADD:
if ($_SERVER['REMOTE_ADDR'] == '123.123.123.123') {
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user ORDER BY user_id ASC");
}
------------------------------------------------------------------------------

You replace 123.123.123.123 with your IP address. If you don't know what that is, just Google "what is my IP address".

You can make that edit, log in, then undo the edit. You can change your password after that. If it still doesn't work, your site may be hacked, so you should ask for help in the "Commercial Support" forum, which is checked by a number of OpenCart developers. You can also try checking out the OpenCart "Partners" area.

Loady wrote: ↑

Sun May 19, 2024 11:31 pm

I have access to the files on my plesk login, is there a way to view the password that's set or is it encrypted?

Johnathan wrote: ↑

Sun May 19, 2024 10:24 pm

Which account? Your forum account? Your OpenCart marketplace account? Your store?

If it's your store, then you can temporarily allow yourself to log in with any username/password by making this edit:

------------------------------------------------------------------------------
IN:
/system/library/cart/user.php

AFTER:
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username = '" . $this->db->escape($username) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'");

ADD:
if ($_SERVER['REMOTE_ADDR'] == '123.123.123.123') {
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user ORDER BY user_id ASC");
}
------------------------------------------------------------------------------

You replace 123.123.123.123 with your IP address. If you don't know what that is, just Google "what is my IP address".

You can make that edit, log in, then undo the edit. You can change your password after that. If it still doesn't work, your site may be hacked, so you should ask for help in the "Commercial Support" forum, which is checked by a number of OpenCart developers. You can also try checking out the OpenCart "Partners" area.

JNeuhoff wrote: ↑

Sun May 19, 2024 10:34 pm

If it is an OpenCart customer account, then do this via PHPMyAdmin:
DELETE FROM oc_customer_login WHERE email='your-customer-account-email';

Now you can immediately try the password reset again.

ADD Creative wrote: ↑

Mon May 20, 2024 7:12 pm

Are you using Cloudflare or any other sort of proxy?

Loady wrote: ↑

Mon May 20, 2024 7:21 pm

ADD Creative wrote: ↑

Mon May 20, 2024 7:12 pm

Are you using Cloudflare or any other sort of proxy?

yes this was set up for me and was/is working fine, ive lost count how many times i have tried 'forgotten password', i get the email no problem but just doesnt change the pasword, says its wrong and then get locked out for an hour

straightlight wrote: ↑

Mon May 20, 2024 7:47 pm

Loady wrote: ↑

Mon May 20, 2024 7:21 pm

ADD Creative wrote: ↑

Mon May 20, 2024 7:12 pm

Are you using Cloudflare or any other sort of proxy?

yes this was set up for me and was/is working fine, ive lost count how many times i have tried 'forgotten password', i get the email no problem but just doesnt change the pasword, says its wrong and then get locked out for an hour

What are your .htaccess and both config.php files' configuration (without passwords)?

ADD Creative wrote: ↑

Mon May 20, 2024 7:50 pm

Cloudflare will replace your IP address with one of its own. You can't use that as every visitor could have that IP address.

Try disabling Cloudflare. Also check if your hosting is using any sort of WAP such as ModSecurity.

After changing the password from the reset link email to you, do you see the value change in the database? Also try using a simple password first with no special characters.

Loady wrote: ↑

Mon May 20, 2024 8:15 pm

This is a little beyond me, i can get around with direction, i just would like to pay someone to fix it for now so i can get in and process orders. What file do i need to look at to view password changing ? i used a simple password, a name and three digits

Loady wrote: ↑

Mon May 20, 2024 8:51 pm

should i be wary of PM's soliciting ?