admin login may have gotten changed on new install of 2.0?

8 years ago
I created a no source 2.0 nopCommerce web using an existing SQL 2005.

During the install phase, I told it to create the sample data.

I gave it an email address and password.

When it finished, I could see all the table in SQL Server, and the site worked.

However, I can not log in using the email / pass I created, nor can I login using the [email protected] pass admin that the site said I could use after the install completed?

BTW - I found that the password I created during the install:

[email protected]

got changed to:

292kds9#23w0sdfdk23

Very strange - maybe I made an error and was tired, but I was copying and pasting from a text file documenting all this as I installed?   I didn't have this happen on a test install with full source.

But the [email protected] (the site told me after the install) never worked - and I don't see it in the sql server table. I don't see this in the config file?

Thanks!
8 years ago
nopNeophyte wrote:
Very strange - maybe I made an error and was tired, but I was copying and pasting from a text file documenting all this as I installed?

Maybe.
And maybe your site has been hacked. But it works fine by default. You can find your login email in [Customer] table (SQL Server)
8 years ago
No, this was 10 seconds after I installed it - and I use complex passwords.

I found the correct password by looking in sql server.

What's the issue with the [email protected] user name?

Having a default like that is certainly a security hole.

1. Should [email protected] have worked?

2. Where can we disable this or change it?

Thanks!
8 years ago
Treat [email protected] as a tempory user name.

Create a new one set to admin auth and delete the default.
8 years ago
nopNeophyte wrote:
No, this was 10 seconds after I installed it - and I use complex passwords.

So you made an error when copying and pasting from a text file documenting. Just try one more time in order to ensure that everything works fine.

nopNeophyte wrote:
What's the issue with the [email protected] user name?

Have you used [email protected] when installing the database? If no, it shouldn't work.
8 years ago
No, I didn't specify the [email protected]

This was a message that nopCommerce displayed after I 'installed' the database using the 'no source' version of 2.0?

I presumed it was some kind of standard admin user that it created?

I wrote it down when I saw the message, so it came from the software.

[email protected] was not in an sql server table (with my email specified during the install).

Thanks!
8 years ago
nopCommerce doesn't display any information about [email protected] I highly recommend you to reinstall nopCommerce
8 years ago
a.m. wrote:
nopCommerce doesn't display any information about [email protected] I highly recommend you to reinstall nopCommerce


When I did an installation of it on my site today, I actually noticed it as well. To quote what it shows at the default home screen upon installation, this is what it shows:

Welcome to our store
Online shopping is the process consumers go through to purchase products or services over the Internet. You can edit this in the admin site.

You can sign in using [email protected] and the password admin. If you have questions, see the Documentation, or post in the Forums at nopCommerce.com


Granted, I haven't looked at anything else yet, but that's what it showed on the default home page. If it's not built into the software itself, perhaps it's somehow pulling this default e-mail / pw from something else alongside it? I'm on a godaddy site as well (which apparently people aren't fans of?), so maybe something in the install from that side?

(and in the same boat, trying to log in with that doesn't work at all for me either...I'm sort of lost.)
8 years ago
Yes, that's exactly what I was talking about.  

It has nothing to do with being 'hacked' unless there has been a compromise of the download source code.
8 years ago
No worries. This text was always displayed in 1.X versions because "[email protected]" and "admin" were default admin email and password in 1.X versions. And this text ('HomePageText' topic) was displayed. When 2.00 was released, you could enter your admin email and password during installation. But 'HomePageText' text wasn't changed (still displayed that old email and password). It was fixed in 2.10 release. So go to Admin area > Configuration > Topic and edit 'HomePageText' topic.