I'm trying to change an admin password but get the following error message


"Password must be a minumum of 5 characters, contain upper and lowercase characters and at least one number."

The password I'm attempting has 6 characters, both upper and lowercase letters and numbers but it won't accept it.

Also "minumum" in the above error message is not a word but "minimum" is

I get the same error....

Me too.

For PCI Standards the admin must follow some rules for password hardening

I'll have the developers look into testing the function, because it's working on some hosts and not others

MAKE A BACKUP OF THE ORIGINAL FILE

admin/admin_account.php

on line 36



change it to

We actually have a support ticket open on this, but I can vouch that the above suggestion is not working on our site.

Still get the same error message after making the above change so I changed it back.

Same problem here, and intuitively before coming here looking for a solution I tried a numeral first...no go.

Not only that, if you reset your password by typing only in the confirmation field (leaving the first one of the two blank), the system looks like it finally accepts it, but the password goes into limbo, the old one is changed and the new one is NOT what I typed.

This problem is occurring not with the admin account but my client's catalog maintainer account that I set up (a limited account to add products to the back end).

On top of that, it looks like the admin has to give the "limited" account full access to the admin portion to let them change their password. I could not change my catalog maintainer's password via the admin account, only mine. Also simply just checking admin_account.php in file permissions does not enable the limited account to change their password. Checking all administrator checkboxes does allow them to attempt to change their password...if the system was working. It also would allow them to mess up in other ways :-p

My advice...do not change the admin password, or make sure you keep the email address valid if you mess up and need to have it reset and emailed to you.

I am currently working in version CRE Loaded PCI B2B v6.4.1a

Here is how I changed the files to get rid of message: "Password must be a minumum of 5 characters" (or correct spelling:"Password must be a minimum of 5 characters"

First of all, the admin password requires 8 characters, not 5. I think "5" is the default number set in "Minimum Values" in configuration and shows up because of the definition "ENTRY_PASSWORD_MIN_LENGTH". No matter, it is 8 not 5

Next:

In admin/admin_account.php
remove the entire section:

// verify password is hardened password
if (isset($_POST['admin_password']) && $_POST['admin_password'] != null) {
if ((!preg_match('/[0-9]/', $_POST['admin_password']) || !preg_match('/[A-Z]/', $_POST['admin_password']) || !preg_match('/[a-z]/', $_POST['admin_password'])) || ($_POST['admin_password'] < 8)) {
tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process&error=password'));
}
}

Open file: admin/includes/account_check.js.php

The original lines (starting around line 132) were written incorrectly:

errors+=<?php echo JS_ALERT_PASSWORD_NOT_HARDENED; ?>';
} else if (adminPass1.search(/[0-9]/) == -1) {
errors+=<?php echo JS_ALERT_PASSWORD_NOT_HARDENED; ?>';

Change to:

errors+='<?php echo JS_ALERT_PASSWORD_NOT_HARDENED; ?>';
} else if (adminPass1.search(/[0-9]/) == -1) {
errors+='<?php echo JS_ALERT_PASSWORD_NOT_HARDENED; ?>';

END OF CODE CHANGES


If you go back to your change password in "Update Account" there are still controls in place to make sure that the password is hardened. If you do less than 8 characters, a JavaScript box will appear telling you that you need 8 characters. The same box will appear if you do not include at least on of any of the following required items: a-z, A-Z, or 0-9

so buggy:
http://creloaded.org/forum/browse-forum ... ge#p126128

We have created a bug tracker and after a ton of back-and-forth, the issue is finally resolved. Please see the finalized solution(s) here:
Tracker [#4409] Admin password cannot be changed correctly
http://creforge.com/tracker/index.php?f ... 9&atid=543

If these edits do not resolve the issue, please contact support.

OK Its not clear what to do and what not do do. I edited admin_account.php only wit the provided code:


But still the issue, do I have to make any other edits in other files?

I am running CRE Loaded PCI B2B v6.4.1a at revision:2486

I was having this same issue. I am an expert PHP programmer, so I addressed the issue myself.

I opened /catalog/admin/admin_account.php

Line 36 had the following code:



I noticed the "$_POST['admin_password'] < 8" part would always fail because $_POST['admin_password'] will return 1 if set and 0 if not set, thus it will always be less than 8. I believe the CRE programmers intended on putting a function such as string length in that location. Thus, I rewrote line 36 to become:



And everything works fine now!

Jason

Worked for me, too. Thanks for posting the fix.