Not signed in (Sign In)

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

    • CommentAuthoryashars
    • CommentTimeMay 11th 2009
     
    hi again,
    i saw a field in the db, named "activation_key", so what is this activation_key ?
    •  
      CommentAuthorsidtheduck
    • CommentTimeMay 11th 2009
     
    yashars,

    It is if you forget your password and ask to reset it. An activation key is sent to the admin email address. If you click the activation key link in the email, the password will be reset with a random password that is sent to the admin email so you can login again. If someone attempts to reset the password without your approval, you just need to ignore the email link and sign in again, which will clear out the activation key.
    • CommentAuthoryashars
    • CommentTimeMay 12th 2009
     
    tanx for your answer, but doesnt it make any seccurity issues? connecting the database directly to some one else ?
    •  
      CommentAuthorsidtheduck
    • CommentTimeMay 12th 2009 edited
     
    what do you mean "connecting the database directly to somone else"?

    If you are attempting to reset your password, you need to enter either the correct admin username or the correct admin email address (which are included in the database already during install) to get anything to work. If those are correct, an email is automatically generated and sent to the admin email address with the activation key and a link back to your Plogger installation for the activation.

    Nowhere in that process is a database query available to a user who has stumbled across your admin section. They submit a form, the script grabs the username data from the database (hard-coded query), and compares it to the submitted form data.

    This is not a security issue.
    • CommentAuthoryashars
    • CommentTimeMay 12th 2009
     
    i got it :)
    thanks