Admin password cannot be changed correctly

I am currently working in version CRE Loaded PCI B2B v6.4.1a

Here is how I changed the files to get rid of message: “Password must be a minumum of 5 characters” (or correct spelling:”Password must be a minimum of 5 characters”

First of all, the admin password requires 8 characters, not 5. I think “5” is the default number set in “Minimum Values” in configuration and shows up because of the definition “ENTRY_PASSWORD_MIN_LENGTH”. No matter, it is 8 not 5


In admin/admin_account.php
remove the entire section:

// verify password is hardened password
if (isset($_POST[‘admin_password’]) && $_POST[‘admin_password’] != null) {
if ((!preg_match(‘/[0-9]/’, $_POST[‘admin_password’]) || !preg_match(‘/[A-Z]/’, $_POST[‘admin_password’]) || !preg_match(‘/[a-z]/’, $_POST[‘admin_password’])) || ($_POST[‘admin_password’] < 8)) { tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=password')); } } Open file: admin/includes/account_check.js.php The original lines (starting around line 132) were written incorrectly: errors+=‘;
} else if ([0-9]/) == -1) {

Change to:

} else if ([0-9]/) == -1) {


If you go back to your change password in “Update Account” there are still controls in place to make sure that the password is hardened. If you do less than 8 characters, a JavaScript box will appear telling you that you need 8 characters. The same box will appear if you do not include at least on of any of the following required items: a-z, A-Z, or 0-9

You may also like...