OK, I accept

This site uses cookies. By using this site, you acknowledge and accept this.

Your basket is empty
Login not logged in

Full Knowledgebase Listing

Reset your admin password

[#40] Last update 24 Feb 2014

Like all passwords in Kartris, the admin user passwords are hashed. This means it is not possible to recover a password from the database if you forget it.

Do I actually need to reset the password?

One common issue which can result in people thinking they need to reset a password is down to the way passwords are scrambled in the database - a process known as 'hashing'. For security reasons, the passwords have two pieces of information appended to them before hashing. One is a 'salt' value which is random and unique to each record. The second is a salt value that is global to the site, and stored within the web.config. Quite often, a site will be upgraded to a new version by installing a brand new Kartris, and then replacing the database with an upgraded version of the one from the old site. In this case, it's important that you copy across the 'HashSalt' value from the old site's web.config file to the new one. This is the tag you'll find within the web.config files.

<add key="HashSalt" value="SomeValueInHere" />

By updating the HashSalt to match for both sites, passwords will be hashed to the same result, and the login should succeed. This is the preferred fix (if possible) because it will fix the issue for *all* passwords. Without it, all users (admin users and customers) will find their password no longer works, so each user will need to reset their password.

If you have confirmed that the HashSalt values match, but you have simply forgotten the admin password, there are two ways to reset it.

Reset with the data tool

The free Data Tool software provides an easy and simple way to do this. Once installed, start it up and click the Reset admin password link.

You will need access to the web.config file (or a copy of it, if resetting the password of a remote site) and the SQL database connection details, so if you have your own server it's easier to run the Data Tool on the server itself. Once you have entered the database connection, click the 'test connection' button. Assuming the connection details are correct, the 'Reset' button will activate. Clicking this will reset the admin account password and you can copy this and login.

Trigger setup routine

If your site is on shared hosting, you may not have the ability to connect the Data Tool to SQL remotely, or be able to run the Data Tool on the server itself. In this case, you can edit the web.config to trigger the setup routine to run again and generate a new admin password. You need to change two things in the web.config to make Kartris re-run the setup routine:

1. Edit the database connection so the database will not be found. For example, change the server or database name to some other value that you know does not exist:

<add name="KartrisSQLConnection" connectionString="Data Source=localhost\sqlexpress;Integrated Security=True;Initial Catalog=ThisDoesNotExist" providerName="System.Data.SqlClient" />

2. Edit the globalization tag, so Kartris does not try to get language strings from the database (which it cannot connect to now we've broken the connection), but instead uses a language file which contains the strings required for the setup routine. Search for any tags within the web.config called 'globalization'. There may be more than one, because the setup routine may add a new one each time. All such tags must be commented out or removed. Remember that commenting out tags here means HTML comment syntax:

<!-- This value is commented out -->

Once you have made these changes to the web.config, run a page and Kartris should give you the setup routine. Run through the steps. It should pick up the HashSalt value from your web.config, so this will remain the same, but double check this. When it comes to the database stage, enter the details of your existing database, and it should recognize that this is a valid Kartris database. A new Admin password will be created and displayed to you. Make sure the web.config file is updated at the end; if there are not sufficient permissions for Kartris to save it, it will give you the opportunity to download it - you must then upload this to your site manually.

You should now have a site running which you can login to with 'Admin' and the new password generated.

Powered by kartris