Password seed update syncronization issue

[merliin]

Changing the password seed does not update existing passwords. However this results in locking out the administrator account.

You might wish to make the current administrator password part of the input so you can update the one password that really matter. Or you could provide a shell/php script that allows you to reset the password from the command line for the end users that have zero SQL knowledge.

[brieb]

Agreed. The encryption seed thing started as something you set before installing, but one it was taken out of the install process, the only place to put it was in the admin settings, and it never really was flushed out very well. What I think would be a good idea is that when you update the encryption seed, you should have to enter your admin password, and it will reencrypt this password when the seed is changed.

The problem is that this will make useless everyone' password, excluding the current admin, but including other admins. Maybe another discussion... should admins be able to replace or change other admins? Should there be an uber-admin that is usually diabled, but is enabled in the beginning, and re-enabled when the seed is changed?

Thoughts and discussion?

[brieb]

merliin,

I changed the text of ticket. By keeping the ticket text limited to the inital bug reporting and potential fix ideas (removing salutations,signatures and other comments) both the development and users can lookup the bug easier. If you have additional comments to the ticket, try to submit them in the comments section in the ticket.

BTW, welcome to the new phpbms.org, and thank you for submitting a warranted fix.