admin login may have gotten changed on new install of 2.0?

Posted: August 22, 2011 at 11:24 AM Quote #46355
I created a no source 2.0 nopCommerce web using an existing SQL 2005.

During the install phase, I told it to create the sample data.

I gave it an email address and password.

When it finished, I could see all the table in SQL Server, and the site worked.

However, I can not log in using the email / pass I created, nor can I login using the [email protected] pass admin that the site said I could use after the install completed?

BTW - I found that the password I created during the install:

[email protected]

got changed to:

292kds9#23w0sdfdk23

Very strange - maybe I made an error and was tired, but I was copying and pasting from a text file documenting all this as I installed?   I didn't have this happen on a test install with full source.

But the [email protected] (the site told me after the install) never worked - and I don't see it in the sql server table. I don't see this in the config file?

Thanks!
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 22, 2011 at 1:31 PM Quote #46363
nopNeophyte wrote:
Very strange - maybe I made an error and was tired, but I was copying and pasting from a text file documenting all this as I installed?

Maybe.
And maybe your site has been hacked. But it works fine by default. You can find your login email in [Customer] table (SQL Server)
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Interested in the dedicated Premium support services provided by core developers? Please visit http://www.nopcommerce.com/supportservices.aspx

Regards,
Andrei Mazulnitsyn
Posted: August 22, 2011 at 1:39 PM Quote #46365
No, this was 10 seconds after I installed it - and I use complex passwords.

I found the correct password by looking in sql server.

What's the issue with the [email protected] user name?

Having a default like that is certainly a security hole.

1. Should [email protected] have worked?

2. Where can we disable this or change it?

Thanks!
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 22, 2011 at 2:46 PM Quote #46369
Treat [email protected] as a tempory user name.

Create a new one set to admin auth and delete the default.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 22, 2011 at 11:42 PM Quote #46403
nopNeophyte wrote:
No, this was 10 seconds after I installed it - and I use complex passwords.

So you made an error when copying and pasting from a text file documenting. Just try one more time in order to ensure that everything works fine.

nopNeophyte wrote:
What's the issue with the [email protected] user name?

Have you used [email protected] when installing the database? If no, it shouldn't work.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Interested in the dedicated Premium support services provided by core developers? Please visit http://www.nopcommerce.com/supportservices.aspx

Regards,
Andrei Mazulnitsyn
Posted: August 23, 2011 at 12:05 AM Quote #46408
No, I didn't specify the [email protected]

This was a message that nopCommerce displayed after I 'installed' the database using the 'no source' version of 2.0?

I presumed it was some kind of standard admin user that it created?

I wrote it down when I saw the message, so it came from the software.

[email protected] was not in an sql server table (with my email specified during the install).

Thanks!
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: August 23, 2011 at 12:09 AM Quote #46410
nopCommerce doesn't display any information about [email protected] I highly recommend you to reinstall nopCommerce
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Interested in the dedicated Premium support services provided by core developers? Please visit http://www.nopcommerce.com/supportservices.aspx

Regards,
Andrei Mazulnitsyn
Posted: September 04, 2011 at 8:21 PM Quote #47637
a.m. wrote:
nopCommerce doesn't display any information about [email protected] I highly recommend you to reinstall nopCommerce


When I did an installation of it on my site today, I actually noticed it as well. To quote what it shows at the default home screen upon installation, this is what it shows:

Welcome to our store
Online shopping is the process consumers go through to purchase products or services over the Internet. You can edit this in the admin site.

You can sign in using [email protected] and the password admin. If you have questions, see the Documentation, or post in the Forums at nopCommerce.com


Granted, I haven't looked at anything else yet, but that's what it showed on the default home page. If it's not built into the software itself, perhaps it's somehow pulling this default e-mail / pw from something else alongside it? I'm on a godaddy site as well (which apparently people aren't fans of?), so maybe something in the install from that side?

(and in the same boat, trying to log in with that doesn't work at all for me either...I'm sort of lost.)
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 04, 2011 at 9:12 PM Quote #47642
Yes, that's exactly what I was talking about.  

It has nothing to do with being 'hacked' unless there has been a compromise of the download source code.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: September 04, 2011 at 11:15 PM Quote #47649
No worries. This text was always displayed in 1.X versions because "[email protected]" and "admin" were default admin email and password in 1.X versions. And this text ('HomePageText' topic) was displayed. When 2.00 was released, you could enter your admin email and password during installation. But 'HomePageText' text wasn't changed (still displayed that old email and password). It was fixed in 2.10 release. So go to Admin area > Configuration > Topic and edit 'HomePageText' topic.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Interested in the dedicated Premium support services provided by core developers? Please visit http://www.nopcommerce.com/supportservices.aspx

Regards,
Andrei Mazulnitsyn
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.