Skip to main content

Password reset

5 February 2018 707 views | Documentation v1, Security

You can change your password by clicking on the 'Password' link in the admin section of Tuskfish. You must be logged in to access this page.

Unlike most other systems, Tuskfish does not allow passwords to be reset via email. This is a security measure to protect your site from being compromised if someone gains control of your email account. An alternative, safer, means is provided.

To reset your password from outside of Tuskfish you must demonstrate control of the database, so you will need to be able to view and edit your database as part of this process (see the section on manually editing your SQLite database). Essentially you need to generate a hash for your new password and replace the old one in the database:

  • Download the file trust_path/extras/utilities/password-recovery.php to your local machine and open it in a text editor. Refer to the 'Configuration' section at the top of the script.
//////////////////// CONFIGURATION ////////////////////
/**
 * Enter the new password you want to use. The only requirement is that the password is more than
 * 15 characters long.
 */
$newPassword = "";
///////////////////////////////////////////////////////
  • Enter your new password. It must be at least 15 characters long in order to prevent exhaustive brute force attacks.
  • Place the script on a webserver and run it. The hash of your new password will be displayed on screen. Make a copy of it.
  • Delete the password recovery script immediately!
  • Browse the 'user' table of your database with PHPLiteAdmin or DB Browser for SQLite and edit your admin account record and update the passwordHash field with the new hash.

You should now be able to login to your site using the new password.

For security reasons, obviously you should run the password recovery script on a local webserver rather than on your website. If you run it on a public-facing webserver (bad idea), you should destroy the file immediately so that nobody can access the new password hash. If you do run it on a public webserver, please reset your password a second time in the admin section once you have logged in.

Copyright, all rights reserved.

Related

Tuskfish CMS User Manual

The user manual provides a comprehensive guide to Tuskfish CMS operations. It covers all all aspects from installation to adding and curating content, managing site security and customisation of themes. For additional information on how to customise Tuskfish please see the developer guide.