This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
September 29, 2009 1:40pm
Subscribe [3]#1 / Sep 29, 2009 1:40pm
Am I correct in understanding that a SuperAdmin. needs to look into a table and unhash a password in order to have the old password to then reset a user password (to something different)
OR
Does the SuperAdmin have the ability to simply change it without knowing the old one?
#2 / Sep 29, 2009 1:47pm
Am I correct in understanding that a SuperAdmin. needs to look into a table and unhash a password in order to have the old password to then reset a user password (to something different)
No, “unhashing” a password is impossible.
Does the SuperAdmin have the ability to simply change it without knowing the old one?
Yes, exactly. He can simply do so via the control panel, leaving the “old” password blank.
#3 / Sep 29, 2009 2:13pm
Got it. Is there a way to config normal Admin access to simply change passwords?
#4 / Sep 29, 2009 3:15pm
No, this is a task confined to Superadmins. EE checks the member group id here, making sure it equals “1”.
#5 / Sep 29, 2009 3:39pm
There’s an extension here which might help with this although I would still exercise caution if you do go down this route.
Best wishes,
Mark
#6 / Feb 07, 2013 4:11pm
No, this is a task confined to Superadmins. EE checks the member group id here, making sure it equals “1”.
If you cannot change another user’s password without knowing the current password, you have essentially disabled the ability to change other people’s passwords since, in 99% of the cases, a user needs their password changed because they can’t remember it.
So, I assume EE does this for “security” purposes when in reality, it forces me to give my client Super Admin priviledges so they can change their users’ passwords when needed. Now, I’ve opened the whole backend to my client which, in my opinion, is a much worse security problem than letting them change a password.