Password Recover - Forgot Password at login

S

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
419
Hi All,

I have cPanel boxes and DA boxes.
In the cPanel, there is an option, much like in this forum of "Forgot Password" and you click on the link and it sends out an email for verification with a link and then you can reset your password.
I don't see why this is a security issue, as it send the email to the email on file in DA.
I have several calls every week asking for: "Oh.. I forgot my password, can you please reset my password?" and it is always when I'm of the office, night time etc when folks come home and sit by the computer.
You can have this also as an option with a Checkbox next to each user, so if the user explicitly wants /don't want this feature, it will allow to use it or not.
 
i do have request this features some times ago but no feedback.

good to see others people looking for this features.

also; once logged in, forwarded them to changed password page.
 
smtalk said:
Probably it will be included into DirectAdmin :)
Click to expand...

----- Original Message -----
From: DirectAdmin Support
To: Me :)
Sent: Friday, September 15, 2006 10:37 PM
Subject: Re: Password recovery email utility?

.....
Let me know if the user/email combo would work for you, or if you have any other suggestions.
I think such a feature would be good (assuming it's implemented correctly and securely) as lost passwords are fairly common.

Thank you,

John
Click to expand...



Include a 'forgot password' link in the login page and allow to enter "username" or "username AND email combo".
This will send an email with a 30 minutes activation random-key link.
The user must click that link within the time aloted in the email and have 'token-accepted' page, or the link will expire.
Then, a second email with a New Random password will be sent to the user's email and then he can log in and change
the password to what he wants.

Many systems (bulletin boards - even vBulletin in the forum) uses a "Forgot Password" option in that particular manner.
This way, the Real password is kept safe, users are 'allowed' to forget their password and not 'trouble' the sys-admin.


-Alon.
 
Thanks John, you've been doing a great job on DirectAdmin. I've yet to ask John a feature he doesn't add to DA or doesn't explain to me how to do. :)
 
some advice on this please.

Does the introduction of the password recovery link provide hackers with an alternative tool by which to gain access to the server?

Maybe I am just being super-paranoid!

:eek:
 
netmotiv8 said:
some advice on this please.

Does the introduction of the password recovery link provide hackers with an alternative tool by which to gain access to the server?

Maybe I am just being super-paranoid!

:eek:
Click to expand...

The system sends an email to you, to the email that is in the system with your account.
If your email is hacked,... that is a problem you have with your email provider. Nothing to do with DA.

All that the Password recovery does is send you out an email. If you click the authentication link in that email, then a new password is generated and emailed to you.

So,. if a hacker got a hold of your email account,. then you are in trouble. Chances are that at that point,. you are in much more trouble than your DA account access.
 
Don't know if anybody posted this or not but the simplest solution would be to give access to USER control panels via the Reseller and Admin panels..

Once there, you could change the password and email it to the user with no fuss and no muss...

I have a Cobalt RAQ and admins can access any site that on the server with the click of a link... Blue Quartz has that feature and then some also..

As a Newbie I am finding a lot that this software is lacking and it would be common sense that an ADMIN would have access to ALL asspects of the software that would involve users... I think that it would be of the utmost importance to allow Admin to access to ALL accounts on the server...

I just posted this directly related question on this thread...
http://www.directadmin.com/forum/showthread.php?t=18463

... before I spotted this one.. Maybe someone could answer it for me...

Cheers
 
Since admin has access to every account on the server and resellers have acess to all their accounts, I'm not sure what you're asking for.

As an old Cobalt RaQ support guy, I see a lot lacking in the RaQs and in BQ that DA has, but very little the other way around.

Jeff
 
Let's try this another way.

I created this user: http://www.i-freelancers.com/ in my Joe Resellers account for a customer.

Customer sends me an email telling me that he forgot his username and password.

Taking into account that I cannot find a way to access the http://www.i-freelancers.com control panel without knowing his username and password, how do I find out what the username is and how do I create a new password for him?

jlasman said:
Since admin has access to every account on the server and resellers have acess to all their accounts,
Jeff
Click to expand...

If there is, Can you walk me through the steps as I cannot find a way to change a user password in his account because I cannot find a way into his account as a reseller...

jlasman said:
As an old Cobalt RaQ support guy, I see a lot lacking in the RaQs and in BQ that DA has, but very little the other way around.
Click to expand...

Ahhhhhh but I beg to differ... DA definitely cannot beat the simplicity in operating that admin panel as it has now been 5 days since I have purchased this software and am still beating my head against a wall looking for clear directions in the operation of this software. Believe when I tell you that the currrent instructions that are available for a newbie TOTALLY SUCK

I'm beginning to think that a mistake was made in purchasing this software and those that should own should be completely knowledgeable in the use of SSH and programming, bot of which I am not interested in taking up...

Cheers...
 
Last edited:
RadMan said:
Let's try this another way.

I created this user: http://www.i-freelancers.com/ in my Joe Resellers account for a customer.

Customer sends me an email telling me that he forgot his username and password.

Taking into account that I cannot find a way to access the http://www.i-freelancers.com control panel without knowing his username and password, how do I find out what the username is and how do I create a new password for him?



If there is, Can you walk me through the steps as I cannot find a way to change a user password in his account because I cannot find a way into his account as a reseller...

Cheers...
Click to expand...

At the reseller level, click on "list users". On this list you may find his domain and username. Now click on the username, check the "new random password" and click "send".

Is that what you want? :)

Though this way of changing password sucks, glad John added the lost password feature. Imagine several clients asking you by email to reset their password. Now they can reset their password without contacting the admin/reseller.
 
Last edited:
Nope... That don't work neither.... Let's try this with pictures..

First image (Snap1.gif ) is me logged in as admin..
Second image (Snap2.gif ) is me in the Reseller panel
Third image (Snap3.gif ) is Reseller viewing the list of Users of which there is only one and that user has 3 domains.

Never mind... I think I finally understand the structure and how it works...
It only took 5 friggin days..

Please correct me if I'm wrong..

Admin sells larger space to resellers...
Resellers in turn sell smaller packages to users.
Users can add as many domains as allowed in package created by reseller...:)

Now here comes another issue for the prefix on database creations...

Will start another posting on this one... ;)

Cheers
 

Attachments

  • Snap1.gif
    Snap1.gif
    63.3 KB · Views: 468
  • Snap2.gif
    Snap2.gif
    65.7 KB · Views: 437
  • Snap3.gif
    Snap3.gif
    53.3 KB · Views: 359
SupermanInNY said:
Hi All,
In the cPanel, there is an option, much like in this forum of "Forgot Password" and you click on the link and it sends out an email for verification with a link and then you can reset your password.
I don't see why this is a security issue, as it send the email to the email on file in DA.
Click to expand...

This option is already available in the current DA version (1.294)
So, user can reset their password via email.
Login as admin and enabled it in the Admin settings section.
 
RadMan said:
DA definitely cannot beat the simplicity in operating that admin panel as it has now been 5 days since I have purchased this software and am still beating my head against a wall looking for clear directions in the operation of this software. Believe when I tell you that the currrent instructions that are available for a newbie TOTALLY SUCK
Click to expand...
All of us were beginners on DirectAdmin at one time. Have you looked at the Site Helper site? There are links at the bottom for admin and reseller help as well.
I'm beginning to think that a mistake was made in purchasing this software and those that should own should be completely knowledgeable in the use of SSH and programming, bot of which I am not interested in taking up...
Click to expand...
DirectAdmin is not an appliance. It's a control panel designed to be used by knowledgeable administrators to help them administer a webhosting server, and to give those administrators a control panel they can give their users and resellers.

If you read these forums you'll see that yes, you do have to be a knowledgeable administrator to get the most out of DirectAdmin.

That said, there are a bunch of us here who do contract administration.

Or perhaps you should look at BlueQuartz again.

Jeff
 
You must log in or register to reply here.
Back
Top