Admin password cannot be changed correctly

I am currently working in version CRE Loaded PCI B2B v6.4.1a

Here is how I changed the files to get rid of message: “Password must be a minumum of 5 characters” (or correct spelling:”Password must be a minimum of 5 characters”

First of all, the admin password requires 8 characters, not 5. I think “5” is the default number set in “Minimum Values” in configuration and shows up because of the definition “ENTRY_PASSWORD_MIN_LENGTH”. No matter, it is 8 not 5

Next:

In admin/admin_account.php
remove the entire section:

// verify password is hardened password
if (isset($_POST[‘admin_password’]) && $_POST[‘admin_password’] != null) {
if ((!preg_match(‘/[0-9]/’, $_POST[‘admin_password’]) || !preg_match(‘/[A-Z]/’, $_POST[‘admin_password’]) || !preg_match(‘/[a-z]/’, $_POST[‘admin_password’])) || ($_POST[‘admin_password’] < 8)) { tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=password')); } } Open file: admin/includes/account_check.js.php The original lines (starting around line 132) were written incorrectly: errors+=‘;
} else if (adminPass1.search(/[0-9]/) == -1) {
errors+=‘;

Change to:

errors+=’‘;
} else if (adminPass1.search(/[0-9]/) == -1) {
errors+=’‘;

END OF CODE CHANGES

If you go back to your change password in “Update Account” there are still controls in place to make sure that the password is hardened. If you do less than 8 characters, a JavaScript box will appear telling you that you need 8 characters. The same box will appear if you do not include at least on of any of the following required items: a-z, A-Z, or 0-9

You may also like...